Jump to content

Randy Calvert

Clients
  • Posts

    3,735
  • Joined

  • Last visited

  • Days Won

    75

 Content Type 

Downloads

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Development Blog

Deprecation Tracker

Providers Directory

Forums

Events

Store

Gallery

Everything posted by Randy Calvert

  1. IPS has literally thousands of customers ranging from international brands to small hobby sites. If this was a big hole in the software that happened in the March update, there would be a huge flood of customers suddenly posting about it. Let me turn that back around on you… Why do you think it’s a problem with the software suddenly when there has not been a change in others having a similar issue? And in looking at the change notes, nothing in it would impact what you are reporting. You are blaming the software update because this happened afterwards but that can simply be causality. Just because something happened around that time does not mean it is what caused the situation. Also let’s think about this for a moment… if a spammer could just take over any account on your site, why would they not target important accounts? Why not target admin or moderators? They could mass change content and do significantly more “damage” that way. They would also be able to bypass any sort of restrictions such as post approval or content moderation. They dont have access to specific or exact members. They’ve either gotten a credential from somewhere else or they registered the account themselves a while back and working back to using it now.
  2. This would require some sort of native app which IPS is not supporting. So don’t expect this sort of functionality anytime soon given they abandoned the idea of developing a native app in favor of PWA.
  3. Ummm I hope you realize IPS does this already as part of its software release process. This includes dynamic and static code scanning. IPS also has its software reviewed on a regular basis by 3rd party security companies. In addition the software is used by MANY large corporate customers who do their own independent testing in order to use it in their environment. So sitting here stomping your feet and simply saying it’s some random problem “somewhere” in the software is simply shows that you are uninformed. There have been recommendations provided on how to improve blocking spam including using hCaptcha (where you can also increase its difficulty), requiring your users to use 2FA, and others. Spam is a problem EVERYWHERE on the internet and is a cat/mouse game. If someone has an account somewhere else compromised and uses the same credentials on your site, that is NOT a problem in the software. It’s a user problem for being stupid and using a credential in multiple places. That’s why it’s important to use things like 2FA to prevent a malicious actor from getting a password from somewhere else. By the way… did you know most large banks despite having FANTASTIC cyber security have on average over 3000 compromised accounts a month? Thats despite spending hundreds of millions of dollars a month on security tools that small site owners can only dream about. If this is a challenge for them with literally dozens to hundreds of dedicated cyber security experts and budgets in the millions of dollars… how realistic is it for “the rest of us”?
  4. Yes, you want to make a completely separate installation. This means uploading a copy of the software files again and also using a different MySQL database so that you don’t risk impacting your live installation. I personally would suggest using a separate hostname like test.mydomain.com as well. That way if you need to delete/reinstall your test instance you won’t have issues with the license key saying it is already in use.
  5. So you asked someone who literally knows nothing about the software, its security or configuration and you expect them to know what they’re talking about? That would be like going up to a random police officer and asking them who committed a crime in your country without them knowing anything about the circumstances. Based on my personal experience… I have seen numerous circumstances where accounts have been created by spammers that instead make a few “innocent” posts and several months later come back and start spamming. In researching the account IP that posted the “innocent” content was posted from a VPN where the spammer would attempt to mask their real IP. They would switch to a different VPN IP for spamming. If this was truly a situation where it was a software level exploit it would not happen with just a few accounts. A majority of the accounts would be used including admin/moderator accounts. It would also be impacting EVERY single board.
  6. You don’t for a VPN. IPS would not control the Cloudflare site they are visiting to adjust the settings. They would have to tell their customers to turn off cloudflare for their site while troubleshooting. For what can you do as the site owner? Turn off all bot related protections. That will help you confirm it is a bot issue. Once confirmed, you could whitelist your server’s IP. If other third party servers are also accessing the IP, you might have to whitelist those IPs as well.
  7. It will work itself out. I’ve seen this issue and while it may seem stuck it will eventually finish after a day or so.
  8. There is no way to "undo" an account delete. You would need to restore from a backup. If this is important, you need to do it sooner than before so you don't keep losing data since your last backup. Regarding changing email, I just changed my email on this site and my personal forum and don't have that behavior occurring. Do you use some kind of 3rd party app or login system?
  9. One suggestion if this is really bothering you is to change the language string for "Last Visited" to something like "Last Signed In".
  10. In that case, if you have a dedicated IPB database and database user, just give it full permission and call it a day. It is no more/less secure and will avoid problems later down the road.
  11. My suggestion would be to give it full permission. If IPB is kept in its own database with nothing else in it, there is no risk to it having full permission. It should not be interfering with other applications. Restricting permissions only can lead to problems later when it potentially can't do something it needs later and you think the software itself is broken when it's instead just a platform configuration on your side. A few months down the road, you're never going to remember this and it will be a big mess and waste of time figuring out how to fix the issue when it could be avoided in the first place. You're not really increasing the security of anything as long as you keep IPB in its own DB without other applications installed in it.
  12. No. There is no “other admin confirmation”. They are either an admin or they’re not. If you want to review actions they’ve taken, there is both moderator and admin logs available to show what actions have been performed by others.
  13. This is highly dependent on how exactly it was installed. You would want to delete any Wordpress files. If those files are in a specific folder, it would be a simple as deleting that folder. If you mixed it in with IPB files, you would have to sort out what is which and only delete the Wordpress files. If you don't know which is which, you can download a set of IPB files from your client area and look at what directories, files, etc are associated with IPB. If your Wordpress is installed in a separate database, you could simply delete that database. If it's shared with your IPB install, you would need to manually separate those as well. If you had any 3rd party integrations to tie your Wordpress to your IPB, you would want to remove those as well.
  14. Reach out to the account team. 🙂 https://invisioncommunity.com/contact-us
  15. You need to remove the image from the bottom thumbnails in the attachment section at the bottom. If the image is still attached but not “placed” it will just show up at the end.
  16. It’s a non-issue. Safari did this years ago already. Google is a long time late to the party.
  17. You are looking at the wrong space. The error message tells you where is out of space: Disk full (/tmp/#sql-temptable-70e-3aef8-cea.MAI); waiting for someone to free some space... (errno: 28 "No space left on device") (1021) The /tmp/ partition is basically like a separate drive on a Linux server. It’s used for as you might expect from the name… TEMPORARY files. Restarting the server might temporarily clear some of those temp files but it does not necessarily solve why it’s filling up. This is a servet issue you would need to discuss with your hosting provider. Invision can’t help troubleshoot server/hosting issues.
  18. That is until the AI decides to change things!
  19. You might think about using the commerce feature. Create a product such as "VIP Customer". Give it a price (say $1000) and make it good for a year and set its renewal for a year. Each year, create a new coupon code to the company and let the employee "buy" the package again with that company's coupon code when their current annual subscription expires. So you might have COMPANY1-100% COMPANY2-100%, etc. Next year make it COMPANY1-DISCOUNT2, etc. You would want to use the product feature instead of the subscriptions in order to be able to provide a coupon code for it.
  20. No. It's not a ticket. This is not a situation where a developer is needed to debug and understand your specific enviornment. This is something you will want to keep an eye on future version release notes to see if/when the change is implemented.
  21. Some info might also be updated via tasks that may had not have had a chance to run between the time it occurred and when the update task ran as well.
  22. ACP > Customization > Localization > Languages Find the language you want to translate, and click the "Translate" button. You can search the phrases you want and replace them. For example, the "Forgot Password" blurb is "lost_password".
  23. If they are using an IP address you previously banned, then yes... they would receive that error anytime they happen to be on that address. You should be able to look up the member in the ACP and see the IP address they used and then compare it to what is in your banned IP list. If the IP address is there (including as part of a bigger subnet block), you would need to remove it.
  24. Ok… does your site work? Can you login and say for example post a topic?
×
×
  • Create New...