Randy Calvert

An upgrade does not revert you back to the default language. If a new version introduces new strings you might need to update your translation.

Are you using some sort of cloud WAF or proxy?

I guess I’m lost as to what could be done here… If someone forgets their email, what is there that could be automated for recovery in a safe/secure fashion? When someone creates an account, there is a display name, an email address and a password that is collected. If someone does not remember their email address, what good is it to send an email to that address for them to verify? It’s most likely an old address they don’t remember using or would know to check or even potentially have access to. They would have already tried the address they know and most commonly used in the original attempts. And if you create a system to say my display name is X and here’s the email address we have for it…you negate the entire reason for having the display name be different than the login method. (It would also potentially be able to be exploited to extract email addresses for attackers or spammers.) And if you have them create a new account, how do you prevent someone from abusing it to steal another account. I create a new account and claim that I’m really the long term member! Now you have an unhappy user who has lost control of their account and someone else using it. There is nothing that is automated that could stop someone from stealing an account if they can’t verify the info provided at registration. They might be able to prove it to a human based on looking at things like past IP/location info, writing style, etc… but IP and geo are not good tools to use in an automated fashion. But regardless… my guess is this would be most likely better in the feedback forum as there is not any sort of functionality to automate the process today.

That would seem to be what Contact Us link would be good for. 🙂 If they don’t remember or have access to email, that would be a problem regardless of display name vs email. In general, because a user would be using it more often to login… they would be less like to forget or.

DNSSEC basically is used to prevent someone from putting up a DNS server with fake records pointing users that use that resolver to a server different than yours. This matters for banks and major sites that handle high volumes of commerce… but in practical/real life terms, it’s super unlikely to happen. It would be isolated (say a hotel network compromised and routing traffic to fake sites) and in most cases would be targeting sites that are more commonly used. It does not protect the domain itself and does not prevent things like DNS highjacking or someone trying to port your domain without permission. I don’t say this to minimize implementation of a security feature, but instead to help folks realize that should it not be available that there is not a huge hole out there putting you at risk. I have a better chance at winning the Powerball than seeing my site attacked successfully in this manner. But yes, it’s technically possible for it to occur!

You can change the wording yourself by updating the language strings.

This is a hosting issue… however a recommendation would be to use NTP to compare the local time to the server it’s synced with. https://askubuntu.com/questions/1272104/how-to-find-time-difference-between-two-computers#:~:text=The command ntpdate -q <address,of just outputting the difference.

Your core sessions table in your MySQL database is crashed. You need to repair it. You can attempt to fix it by using a program like phpMyAdmin to do it or if you are not comfortable doing so, you would need to contact your hosting provider for assistance.

Copyright © <script>document.write(new Date().getFullYear())</script> YOURNAME

They are going to complain about SOMETHING! You’re damned if you do and even more damned if you don’t.

You noted above you were more comfortable with centos. I would go Alma for that reason. Otherwise you’re going to have to learn differences between the two OS.

If you are running the latest version of the IPB software, it’s either going to be a hosting issue or something else installed on your site doing this. If there was a mass software issue, it would be impacting literally everyone else. As noted earlier, showthread.php is not part of the default IPB software. You might want to remove ANYTHING not part of the default software.

You can’t use your normal iCloud password. You need to use an app specific password. https://support.apple.com/en-us/102654

When I saw this happen, Cloudflare was blocking the API return calls. I had to whitelist Strip IP addresses.

Remember Google does not crawl your full site every day. It may not even crawl you at all daily. Even once it does it may take time for results to reflect. This is something that will just take time for them to fix. You can submit requests via webmaster console to get them to remove certain pages/directories more quickly but that’s for you to do at Google not within IPB.

In the latest v5 theme preview thread, the video talks about how you won’t need two separate themes in order to support dark mode. It shows the if you change a button from blue to say yellow, it automatically will change the text in the button to something with more contrast if needed. (Instead of a yellow button with white text, it would automatically change it to black for example.) We don’t have full details yet, but it leaves hope the move to a single theme with full dark mode support will handle this better especially since it appears “auto” (match OS) is the default setting. I would keep an eye on the preview blogs as this MAY already be addressed!

This is hot hot hot! I assume there will be a process to save and import/export themes still?

Have you checked the member groups to make sure they are allowed to switch views? If the group does not have permission, they would get assigned the default view and not be able to select another. Also on this site there is an attachment limit of 50MB. Thats of ALL attachments ever uploaded. So each time you upload a file, your total quota of available space drops. You can manage your attachments in your account settings. https://invisioncommunity.com/attachments/

Personally I dont do anything. I don’t have time to track millions of old topics. I would leave it be.

It’s a big upgrade, I’m not denying that fact at all. However if/when something goes wrong, are you prepared to deal with it by yourself? Are you able to not just troubleshoot the problem but also recover? If not, you should be. With the situation you are in now, it’s not if something goes wrong but instead when.

And are you using a WAF like cloudflare? If so try disabling it temporarily.

That would be a host issue then. 🙂 As you only have a reseller account, they control what options you have access to.

Also just putting this out there…3.x has many known security issues. The version of PHP it’s able to run also has known issues. Basically anything associated with it is end of life. This means if you run into any sort of problem, you won’t be able to get support. I would highly recommend having good backups that are tested frequently. I would also highly recommend upgrading as well. Otherwise when stuff hits the fan, you’re going to be stuck in the boat by yourself without the ability to get any sort of help.

Take a look at the CleanTalk plugin. It's done a good job in reducing spam on our site. It's not perfect (nothing is honestly), but it's certainly been a help in the fight! https://cleantalk.org/help/install-ipboard4

You might want to re-read earlier in this thread... as per Marc earlier: Given that IPS never did vulnerability scanning, you are not actually losing anything on that front other than the perception that it was being done when it was not. 🙂