Jump to content
Invision Community


  • Content count

  • Joined

  • Last visited

  1. Thanks ehren. I didn't think to use the control panel. I usually find files using ftp and edit them directly. Will give that a try cheers.
  2. Thanks ehren. I just had a look in the forums folder but couldn't see a stylesheet.
  3. Thanks. When my first user emailed me saying they couldn't post I checked my site, it seemed OK. So I replied back asking for more details but they didn't respond. I couldn't see any issue with my forums so I left it at that. It was only after another user emailed me a week later that I decided to contact support. That's when I saw the notice. If I'd have been notified about the identified issue I would have been able to deal with it before another user had the frustration of not being able to post. Presumably someone has to make judgement calls about these things but I don't think it would do any harm to keep us more informed - especially on the dashboard. As with my original point about the security issues it feels to me as a customer of IPS that the system is aware of issues but leaving me to discover them myself instead of letting me know asap. It's puzzling to me that software I am using identifies known bugs and serious security issues but doesn't proactively notify users about them. What possible harm could it do to put newly found security warnings on the dashboard so as soon as an admin logs in they can see them?
  4. Thanks, although the issue is about being notified of warnings rather than how to deal with these specific ones. I've sadly just found another example of this issue. Two people have recently complained that they are receiving a server error when trying to post. So I logged into my Dashboard and clicked "support/Something isn't working correctly". I was then shown another warning - "You are running the latest version, but there are known issues: An issue has been identified with PHP7.1 when using the Zend Opcache extension that may cause features on your site, such as member posting, not to work correctly. To resolve this issue, please disable the Zend Opcache PHP extension. The underlying issue is related to a third party library used by the Community Suite which has been updated in our upcoming 4.2 release, at which point the Opcache extension may be re-enabled" I apologise if I'm not using the control panel properly or misunderstanding something, but again I find this quite astounding, and to be honest unacceptable as a paying customer. Here's how it feels to me - I was advised a new version of IPS was available. I updated and was advised that upgrading to PHP 7 was recommended. I upgraded to PHP 7 After upgrading to PHP 7, IPS ran tests and discovered 3 security issues related to PHP 7 - 1 of them "serious". It didn't tell me, or in anyway flag up that there were new security warnings found. Then (presumably some time later) IPS discovered the above issue with the Zend Opcache extension that can cause some users to be unable to post. But again IPS or my Control panel didn't tell me. I only discovered it after trying to contact support. How is it possible that these things are found but not notified? They deserve to be flagged on the Dashboard with far more priority than the current relatively benign notifications about members waiting for approval, how many people have registered recently and the percentage of users by app. I appreciate there might be an argument that anyone running and administrating forums should maybe constantly roam around in the control panel. But I can't be the only person that uses the control panel like I do. I open control panel to carry out specific tasks like deal with a member issue or maybe edit an advert etc. So when I go to control panel it opens up on my dashboard. I look at the information in the dashboard before moving directly to the area I came to deal with and then log out. I thought dashboards were the place where an admin can quickly get a look at how things are going. Anything important should be there surely? How can there be known security or php issues that are not there for admins to see? Why is the information essentially hidden and left for us to chance across? I don't think it's fair to say that these particular issues are related to the server and not IPS because it was IPS that advised me to update the PHP. Basically if IPS has looked for and found any security or functional issues related directly or indirectly to the forums they should be flagged up to admins - ideally on the dashboard please
  5. Thanks Charles. Like many other people I run my own server supplied by a big hosting company so I have to do everything myself. It's beyond me why even the most up to date PHP comes with all these "dangerous" features switched on. If you are only checking and advising as a good will gesture (which we greatly appreciate) it seems a little disingenuous to then say but we won't actually proactively tell you. It's up to you to discover the warning yourself. I fully appreciate that these issues are technically not part of the forums, but someone at IPS thinks it's important to check these things. It's built into the control panel to display these warnings. So why after doing that would you just leave it up to us to discover them when you could so easily display them in the dashboard? Either IPS think it's nothing to do with them how our servers are configured or they don't. As they clearly do think it's important to check some things and warn us it feels a little like a friend noticing my house has a serious potential security vulnerability and if I ask him he'll tell me about it but otherwise he'd leave me to discover it myself
  6. Hi. I recently updated my forums. I took the advice of the pre-upgrade checker to get PHP 7 installed on my server. Anyway, several weeks later I happened to click on the "security" link in the control panel and found 3 warnings. One of them in red and flagged as serious. The warnings are related to the new PHP and included disabling several commands in PHP. I had done this already in the past, but updating to PHP 7 had re-enabled these apparently dangerous commands. I'm disappointed that if IPS finds serious security issues it doesn't actually tell me. Why aren't those warnings on the dashboard with the other warnings about admins logging in and failed login attempts? I appreciate someone might say I should have realised installing a new version of PHP would override previous amendments or that I should regularly click the security link to check for new warnings. But the dashboard is already designated as a place to display important information and stats and is where I'm always taken when I log in. From there I navigate to the place I came to do work on. I haven't felt I needed to regularly check the security tab. I appreciate from now on if I change anything or upgrade IPS I will check the link but surely admins should be proactively warned about security issues as soon as they log onto the control panel? Ideally in the dashboard widgets? Andy
  7. Thanks. Does anyone know why sigs should be completely banished by the developers? As I say I understand how it might be desirable to have them not display in restricted space especially as many of them are just rubbish - no offence meant but I don't understand why so many things are decided by IPS with no option to override by admins. Some signatures used by admins contain useful, pertinent and even essential information.
  8. Invision Power has decided no one wants to show signatures on the mobile platform. I'm sure there's a logical reason why this might be a good idea for many forums. But I need my signature to show on my forums in the mobile version. Can it not be made an administrators choice? I give a lot of advice on my forums and need a disclaimer in my signature. This plays a very important role. I can't be the only admin with important information in their signature? Please give us more choices of how we run our forums. I need people to see my safety warnings and disclaimer. I don't care about any other signatures but it would be great to be able to switch them on for admins.
  9. Please filter guest reporting for spam

    I take your point about whether it's 100% necessary for me to have on if but I'm puzzled as to why guest reporting is actually part of the IPS forums. If it's crazy to allow it, and IPS's only response to complaints of it being used for spam is to turn it off why is it there? If it's such a crazy idea they need to remove it as an option. What's it for? Surely IPS thought it would be useful for some administrators to let guests report things? I would turn it off but what if someone posted something that seemed legit and was allowed? Then returned weeks or months later and edited their legit posts to spammy links or put porn photos up? I would not get notified. Nor would I ever know unless I stumbled across it. Someone (a "guest") visiting my forums from Google might see it and want to notify the owner? That would be very decent of them. So I wouldn't want to force them to register first. So if the feature of letting guests report content is a valid and potentially useful feature IPS would hopefully agree that filtering reports for spam would be helpful?
  10. Hello I'm getting repeated spam through the report something system. I must have had 50 over the last few months. I get an email saying "Guest has reported something" and the email (and the report on my forums) is just a list of blatant spam links. I've been on the IPS forums, and a lot of people have the same issue, but it seems the only response is to tell them to turn off access to guests reporting. I can't be alone in having forums that are read mostly by "guests". I would say 98% of all my readers are not members. Therefore I need them to be able to report something. My forums do not have any members actively using them. People join up mostly to ask for my help with a problem. Once they have that help they don't come back unless they have another question. So the only people "watching over" my forums are guests. I shouldn't have to ban them from reporting something nasty on my forums because some robot is filling the form in with spam links and not being detected by IPS. Is it possible to get these reports checked by the spam system?
  11. Report form need a captcha to stop spambots

    I've had another one yesterday. Just to give an example of the thing I'm getting I'm pasting it here with the links disabled of course - Guest (IP: Report submitted 16 hours ago wh0cd71184 inderal 10 mg azithromycin online viagra buy baclofen online laxis pills buy furosemide abilify provera I'm just surprised that this isn't being picked up as 100% pure spam I do appreciate that disabling guest reporting is a total fix for many people but guests being able to report something dodgy - or possibly very offensive is a very useful thing to have on forums that are mostly used by guests rather than a tight community.There must be many forums like mine that are a help resource visited by hundreds of thousands of people after searching in Google that never become members and are therefore "guests"
  12. Report form need a captcha to stop spambots

    Thanks, but did you read my post? I want guests to be able to report. Guests make up 90% of my users. I need the spam to be blocked properly. A report that is just a list of spam links should be easy to identify and block but they are not being blocked.
  13. Report form need a captcha to stop spambots

    I'm having issues with "guests" reporting content which turns out to be just full of ridiculous spam links. It's frustrating to find this old thread and lack of a proper solution in 2017. A lot of people seem to assume everyone uses their forums the same way as they do and can't understand why their solution isn't ideal. If you run your forums in a certain way the solutions is simple. Ban guests from reporting. Problem solved. This solution is no good for many of us though because our forums are run in a different way, and this isn't being taken into account. My forums are used mostly by guests. It's a resource for helping people with white goods appliance problems. The only people that register are people who can't find a solution and want to ask a question. I have posts that have been read 10,000 times and only a fraction would be by members. The vast majority of people reading my forums are guests. Therefore, banning guests from reporting something makes no sense. I would not expect someone to go to the trouble of registering just to help me out reporting something. Having said that, adding Captcha (which can notoriously hinder some people) may also discourage them. So could the solution not be to ensure that such reports are properly spam checked? The ones I get are simply lists of up to a dozen spam links. How can they possibly be getting through the built in spam protection? So, allowing guests to report content is only silly if your forums are set up so that only members can use them. That's clearly appropriate for many, but not all. Many forums don't treat guests as suspicious characters. To me they are my users. I don't want to ban them from reporting content, so I would like a better solution to this problem Are content reports properly spam checked? If so how can a content report get through that contains no communication, no sentences - just a list of spam links?
  14. Pleased with support

    I'd just like to say that as a long time user I find support to be excellent and thanks.
  15. Hi. On IPS Board I've just noticed a less than ideal behaviour, which might be nice to adjust if practical? By default the Contact Us link opens the built in contact form. In settings - System/Contact us, there is an option to send users to a URL instead. I have selected this option and entered a contact me link from a totally different domain of mine. This link works OK. But when a user hovers over the "Contact Us" link they are shown that the link goes to MyDomain/Forums/contact - but the link is directed to the link I have specified instead which is A_totallydifferentDomain/contact.php. Although everything works. Would you agree it's not ideal to tell users a link will go to one place but send them somewhere else when clicked? I appreciate a lot of links can be redirected on the internet, but could the code not check to see if the built in form has been redirected in settings, and display the proper destination instead? It's probably not a vital issue, but what if some hacker redirected the contact us link to some reallynastysounding domain? At least people hovering over the link would be able to see and decide it sounds not right before clicking? Also, it's more courteous and good practice to show them the real destination when we can see from settings it is different? Many thanks Andy