LemonGrenade

Thanks @Marc Stridgen I've removed some 3rd party apps already and kept the ones that are only really needed!

Indeed, but it wasn't him.

Yep understood, but it was new content, plus the post itself was a very 'hacked' type message.

The user had no account previously and posted as a guest in a member post protected forum.

Thanks, @Marc Stridgen There isn't any guest posting anywhere, there never has been, which is why I was so concerned. It did move forum, because I moved it to a moderating forum, and then moved it back for you to check. I did slightly doubt that it was the board, as you guys would know about it way before, and obviously, others would be saying the same thing. I would agree and suspect it may be a third-party app, but without the marketplace hooked up in admin now and no notifications of updates, I wouldn't know where it could be from. Plus all devs are spread on sites around the internet now, which makes it so much harder when things like this occur and looking for updates. Thanks for looking into it anyway.

Changed. Thanks.

I sent the link via PM @Marc Stridgen If the site is open security-wise, I'd rather not add the site to a public post.

This morning I found a new random post in a forum that is locked to member-only posting, there is no genuine way a guest could post in there. Any other reports of this happening to anyone? It hadn't happened before today.

Tested, both Giphy and Tenor embed if just copying and pasting image link. It's probably worth deactivating completely then in admin and letting users go fetch them if needed! The next move would be them maybe blacklisting the forum if using too many but there we go!

Seems like a lot of work and not sure if possible. The easiest way going forward is just deactivate the function so it isn't using the API and just tell users to embed via Giphy. I tried Tenor but that doesn't seem to embed. In fact, maybe Giphy won't embed if deactivated.

Am just coming back to update this topic. As I thought, our forum has been contacted because we have hit some kind of limit on GIF bandwidth with Giphy and now we can either pay a fortune for a premium account or run an SDK via Giphy with adverts. I am very surprised others haven't been contacted yet. Remember, all gifs on older posts will still be using Giphy bandwidth, and over time as more get added, that will build up; before you know it, you will either have to pay or try and work out how to add the SDK to Invision and have the pleasure of running Giphy ads. I'm still in talks with them but looks like am going to have to deactivate it. This is something to keep in mind if you have it running on your forum, and also something for Invision to bear in mind with IPB 5 down the line. If it is something forum owners are going to have to deactivate later on, it might not be worth even having it running in the first place.

It's legit! Wondering now if the SDK will be easy to build in and what sort of display the ads will show. It may have to be deactivated completely depending on the ad frequency. @Marc Stridgen @Jim M It may be possible that I have received this as our forum has hit some kind of limit on the number of gifs being shown (it gets used a lot) so will reply and confirm that with them if I can.

I thought that but can't see anything dodgy in the header. I'll ask Giphy if I can and report back.

It's strange too cause it's actually coming from the @giphy.com email address.

I've been looking into this more. Indeed Lydia is head at Giphy and the links go to the website. But, using a Google form and the daylight robbery amount of $120 a month to add gifs, makes me think this is probably some sort of scam message. Plus, using an email reply to confirm the option? Imagine all the replies and the man-hours to process this.

Thanks @Jim M It was sent via email, and although I haven't clicked the Google form link (I'll remove it from the post) all the other links match up to their website.

I'm sure once we didn't have to create a Giphy account and it was a case of just switching it active in admin? Either way, it looks like they are going the SDK route with ads now (I haven't looked yet if this will code into the theme, etc) OR going premium via the usual API billed annually at an amazing price of just $120 per month! Will these end the whole Giphy integration with IPB?

It seems after changing the code on an advert, the formatting on the desktop version is completely broken. I cleared system cache which seemed to make it worse and now displays an older version (The forums title shows at the top which I removed in CSS) Any ideas to get it working? It seems ok on mobile but again, looks like an older cached version.

Thanks Nathan, I'll give that another go! I looked at the details and was still using the username so have set it up again! All the best!

Understood as mentioned on the last post. But, is there a way to display 'a' page with that url to a bot group somehow? It's not that it needs to show to guests, there is already /discover/ but a way to show /discover/unread/?id=1 page to Googlebot.

Yep understood @Jim M The activity stream for members shows the new streams for them individually, but how to get at least that page displayed for Google in some capacity? There must be some sort of workaround so they can crawl that page and in turn, display ads easier. The media company displaying ads did appeal to Google (somehow) and now ads get displayed, but it still shows 'unknown crawl error' with restricted ads.

Google can crawl 'logged-in' pages and display ads, just not /discover/unread/?id=1

I've been trying to fix crawling on that /discover/unread/?id=1 for literally years! Obviously, it's a very popular page so would be losing a big part of the revenue without ad serving on that. Remember to edit your robots.txt in admin as it is listed not to crawl. So Google has no problem with /discover/ as it's displayed for guests but how to workaround /discover/unread/?id=1 I've added a Google login as mentioned above but still get the warnings and a 'Must Fix'. If someone could create a Bot Group Plugin (like the phpBB Bot Group), they would be sitting on a goldmine.

Perfect thanks @Randy Calvert It all had push ticked but had to click the bottom 'Push' to enable in browser! Thanks buddy!