TracyIsland

Yes, opening invisioncommunity.com took about 7 seconds and then the same for opening unread activity, and still more when I clicked on this topic. 

oh wait, after I typed the reply and hit save, it took 21 seconds to process.

1 hour ago, Svetozar Angelov said:

It's good that you're taking a stand in the conversation without knowing what it's about at all. It is good that before you write things that do not concern me about banking spam, you should carefully read what the problem is, which I will describe again for the slow under-stander. The problem is from the month of March, affecting many forums and colleagues, and before that we did not have such a problem before the last update. The breach is on existing accounts that actively participate in the forum. If it's spam/bot it will come in and spam the whole forum in minutes. How to prevent users who are active from changing their passwords. That, of course, didn't help. Now I have logged out all users at once and request all of them to reset their PW. How coincidental that many colleagues who are customers of IPS have had this problem since March. Probably the spam/bots have agreed to do this since March. What we suspect, along with a lot of people, is that the IPS are telling us generalities without really understanding the issue, which is a breach with the March security update, and they're probably buying time to figure out exactly what's going on.

you're right. I don't know what I'm talking about.  I hope you can find a resolution.

On 4/18/2024 at 11:31 AM, Jim M said:

Keep in mind that a spammer can reset a password to an account if they have access to the email address tied to the account.

 

Our community was hit with a huge number of spam registrations in March.  See the Tsunami topic. Some of the registrations got through while most were in a pending status (we use aMember for our current 3.3.4 board - register externally and then SSO).  Whether the registration got through or sat in the pending status (awaiting email validation), we had to evaluate the domain name of each registration.  If it was xx@buildingsupplies.com, we banned that domain because we want our community to have personal email addresses.  But many of the registrations had domain extensions like me.com, gmail.com, outlook.com, hotmail.com, aol.com with real names attached.  We couldn't ban those domains so we checked the registration to see if the username and the first name and last name were all the same.  If yes, then we deleted the registration.  All this to say it was an eye opener to see just how many real personal email accounts had been obtained on the dark web.

Maybe start compiling a list of the email addresses from accounts that you are deleting, and perhaps see if they compare to the IPS banned list?  Also, notate the date of registration? These suggestions are along the lines of what the IPS staff is suggesting, that these bad apples snuck in months ago.

One thing we do that helps to verify a registration is include a few additional registration fields: Country, State, City ... so we look at that information in the real registration or the pending registration and if the fields don't agree, that's a first flag, and if needed, we check the IP address of the origin and if that IP address location doesn't agree with the Country, that's another red flag.  

If these spammers have the login access to the actual email accounts which I think is what Jim M is inferring in the quote, then there doesn't seem to be anything you can do other than to ban that specific email address.  

In this morning's Wall Street Journal there is an article about the damage incurred by the cyberattack to United Health Group.  Certainly, this is a US issue but cyberattacks can happen to everyone.  

What can we do, as both self-hosted licensees and what can Invision Community do for cloud customers to protect our databases?  I realize Invision Community cannot be responsible for the safety and security of self-hosted licensees but perhaps the staff might offer a list of 'you should be doing' settings' or best practices.

Has anyone been the receiver of a cyberattack?  What hapapened?  How did you recover?  Were you forced to pay up?

I checked two of the clubs we created on the dev site, as opposed to those migrated from Social Groups.  I see no signs of enabling an RSS feed. I clicked on the 'Manage Group' button and all I see is this:

What am I missing? 

Thanks for the information.  I checked our Clubs page and then clicked on an individual Club and scrolled down to see if the RSS block was visible. It isn't. Then I had the idea that I should log in and perhaps then I could see the RSS feed. Nope.

I checked the ACP and went to Community - Clubs - Settings and found no setting for enabling or disable an RSS feed.

Should I be looking elsewhere?

On the devsite, I tried creating an RSS Feed under System - Content Discover - RSS Feeds.  

In the new RSS Feed create section, under Content, there is a list to enable but nothing for Clubs.  Is there a way to add Clubs to that Content list? Maybe that's too broad but Club topics, club events, and new club images?

Thanks for any explanation of how to expand RSS Feed. 

On our live site, we use RSS feeds to send updates through Dlvr.it to our social media profiles.  

The help guide doesn't indicate how long each of the items in the Our Picks remains on display.  Is it related to when the tasks run? Is the per item promotion time dependent?

Thanks.

Follow up - all tasks show as never run. I ran the task for promote and sure enough, the our picks populated.

I would guess that the developer disabled the tasks so that the members weren't notified with any testing.

I don't know if they are.  It is a test site so we don't have any registrations and I only login as the super admin and then as a couple of test members.

As I continue to use the development site to test 4.7 features, I started to learn about Our Picks.  Yes, I know, I am so late to the party, everyone has left but ... if anyone can enlighten me on how to make the content appear.

Steps so far:

1. In the ACP, went to System -> Site Promotion -> Social Media Promotion -> Our Picks tab: confirm switch is showing green/enable and saved.

2. In the same promotion section, clicked on Auto Schedule. Added to auto schedule times and selected Los Angeles as the scheduled timezone and saved.

3. In the gallery, clicked on an image, and clicked on an album and clicked re-promote (after the original promotion did nothing and I deleted it in the moderated Managed Promoted Items section).  

4. After clicking on re-promote, I used the drop down of schedule next batch to ensure it says schedule now, and then clicked Promote.

5. Waiting ... nothing, nothing, nothing.  How long do I have to wait?

6. Clearly I am very confused.

7. Checked Menu Manager to ensure Our Picks is added. It is.  It shows in the second row navigation for Home. Click on it. Nothing Nothing Nothing.

8. I am even more confused. 

Ah, I see. Found it.  Thank you!

Okay, well if the guide is accurate, why can't I see the feature in events or gallery images or pages databases?  

Specifically, where would I find the application of add message to a calendar event?

Where would I find the application of add message to a gallery image?

Quote

Any app that you extend \IPS\Content\MetaData.

Does my dev site installation need this extension to see this feature?  In other words, is it only found, by default, in the forums and an administrator has to add this metadata thing separately?

Thanks!

I stumbled upon the staff notes feature while searching for announcements.  Looking at the help guide, the explanation does say "when moderating content..."

Would it be more accurate to say "when moderating forums or topics...?"  I tried adding staff notes with other content, on pages, on events, and no luck.  

Just trying to understand.  Thanks.

@Jim M Thanks for the explanation.  I will also conclude that the user in an open system that tags a topic with yellow and orange does not mean that those tags will appear in the Closed System.  I thought they would.  Instead, you are saying that the administrator must define all tags, including say yellow and orange - they don't carry over.

Wait, you and Marc aren't the same person?

So in an open system, any tags that are added to any type of content, those tags aren't added to a master list of tags? In other words, those tags are just identified only with whatever content at the moment?  

Is this like two separate systems?  But let's say I have tags added in pages, gallery, commerce, and posts, all with the tag Vienna.  Shouldn't the search find those tags?  

I am just not clear on the concept.  From my perspective, there is a big tag bucket. Every time someone adds a tag to a piece of content, that tag is added to the bucket.  If you close the system, I would think I would see the entire list of tags in the bucket, and I could add to that list or delete from that list. 

Quote

Keep in mind that if you set a closed tag system for the software in ACP -> System -> Posting -> Tags, that is set for all applications. Items inserted in that menu are not specific to Forums.

Okay, but in your earlier post, you said that any tags already present will stay.  So how come all those other tags I had present in the open system are not present?

Thanks for the topic discussion.  I'm still confused about this open vs. closed tag system. 

Quote

No. If you switch, any tags already present will stay, but no new ones can be added unless they are the ones you specify

On our 4.7 development site, we have lots of tags in different applications, and for some of our pages.  But in the closed system setup, there is only one tag displayed.  I just tried uploading an image with the closed tag system enabled and sure enough, the only tag offered is the one tag.  

Is the forum system the overarching determining factor for tags?  In other words, if you only have one tag defined in posting, then that applies to gallery, commerce, pages, etc?

1 hour ago, Jim M said:

Please contact your hosting provider if you are unsure how to obtain this information for us.

I have updated the access information.  The admin cp login information is for 3.14.  The cp login information for 4.7 is different but there is no form to provide that access information but maybe you don't need it. 

The stored access information section has been updated.  I just connected with Filezilla and I don't know how you will be able to find the files for the test server.  It doesn't appear to be in the files that the stored access provides.

Oh this is so frustrating. 

Sure.  

Development platform is https://headstand.glrf.info/

If you search for the San Diego Crew Classic in the general search bar, the results will yield a number of items. One of them is the event taking place from 01 Apr 2016 to 03 Apr 2016.

Here is the event:

https://headstand.glrf.info/event/160-glrf-at-the-2016-san-diego-crew-classic/

Now, if you go to the main events page and enter a wider search, say from 3/01/2016 to 4/15/2016, there are no results.

I'm wondering if the 4.7 platform needed to have the dd mm yyyy format in place before the events were upgraded? 

Uploaded is probably a misnomer. Just the standard upgrade since the events are part of the standard IPS platform.  

Still working on the upgrade to 4.7.  All of the old events from the 3.x installation have been uploaded.  The date format for the old events was dd mm yyyy. The setting in the 4.7 acp is set the same.  But ... go to the front end, on the events page, and use the 'Search Events' form yields no results for any period between 2009 and 2022.  The front end does have the date format set as mm/dd/yyyy.

1. Is there a way to change that date format setting for the front end for the search form?

2. Would the default mm/dd/yyyy be the cause of the no search results?  

If I search using the search field for a keyword for one of the events, it shows right up.  

Thanks.

5 minutes ago, Adriano Faria said:

For the option selected, should appear Guest_JoeJonasBF.

Thanks for the comment. Do you think this is a bug?

I'm testing the delete member and leave content option for a topic reply.  Attached is the screen capture showing my choices.  My assumption is that the member, JoeJonasBF, would be assigned to the group 'Guest' but the member display name would remain.  

Not so.  Here is the screen capture after the member was deleted.  Shouldn't the display name continue to show as JoeJonasBF?