Pescao6
-
Posts
170 -
Joined
-
Last visited
-
Days Won
1
Content Type
Downloads
Release Notes
IPS4 Guides
IPS4 Developer Documentation
Invision Community Blog
Development Blog
Deprecation Tracker
Providers Directory
Forums
Events
Store
Gallery
Posts posted by Pescao6
-
-
@Sheffielder The share image is an og:image if you look at your page source. 🙄
🤓 Invision has some pretty naming conventions for things.
-
Has anyone done a major upgrade like this before?
I'm a bit confused on how this is done: What do you upgrade first? The plugins or the board?
-
7 hours ago, pequeno said:
I need to add "og:image" to all posts. How can I do it?
@pequeno You don't need to use the og:image meta tag to add an image to all posts.
You can upload a share image on AdminCP > Customization > Icons & Logos > Default share images.
Note: You will need to clear your site's cache by going to the AdminCP > System > Support > Something isn't working correctly.
And if you're using a CDN, which you should because CloudFlare is free if you don't want to pay for one like SiteLock or Sucuri, you will also need to clear the CDN cache.
You will need to wait at least 2 minutes for the site's cache to get fully cleared before testing if the changes were applied.
You can test the share image by using the Facebook Sharing Debugger or Discord.
You can also check how your site will get displayed on Twitter with the Twitter Card Validator, but I didn't need to add any Twitter tags.
Don't freak out if it's been 5 minutes and it still isn't showing. I've seen cases where I know I did everything correctly and because I had recently tested on Discord, apparently Discord cached my last shared URL so I had to wait like 15 minutes. Obviously if it's been 1 hour and it still hasn't shown, you've done something wrong like you might be missing other meta tags.
To add your other meta tags, go to the AdminCP > System > Site Promotion > Search Engine Optimization > Meta Tags.
Here is a screenshot of the ones I'm currently using:
Same as with changing any Icons & Logos, you will need to clear the site's and CDN cache for the changes to get applied.
6 hours ago, pequeno said:The company that inserts advertising on my site told me that I need to put og:image in every post.
You could technically create an og:image tag for every post under your Meta Tags using the Live Meta Tag Editor, but that's a lot of manual work so I'd use the plugin @opentype recommended if that's what you wanted.
-
All forums are high targets for attacks.
I can comment on several CMS I've used where I know I did in fact get DDOS attacks, SQL injections, Cross Scripting attacks, etc.
And the only way I know to deal with those is by having a CDN and WAF.
1 hour ago, bfarber said:I wouldn't put any credence whatsoever into random "oh your site can be hacked you should scan it" type reports like that.
Technically, no site is 100% safe. If someone really wanted to hack you, I'm sure they could find a way.
If you wanted to scan your site to see what you could do to enhance your security, these free tools are useful:
1 hour ago, bfarber said:The one link you provided is for legacy 1.x/2.x/3.x versions (none of which are even supported anymore). That would be like someone telling you your computer running Windows 10 is insecure because they managed to find an exploit for Windows 95 posted somewhere on the internet.
I strongly agree with this. The latest release of IPS has more security features than previous ones so I feel more safe with using it.
These internet heroes are some trusted companies that can help you secure your site even more:
- CloudFlare
- SiteLock
- Sucuri
CloudFlare's CDN is free and it is the most popular CDN on the internet. I've never used their WAF, but from what I've read it seems good.
I've used SiteLock's WAF and it was great at blocking and removing stuff automatically. I can't comment on their CDN, but it should be good as well.
Sucuri was acquired by GoDaddy, so it's cheaper to buy it as GoDaddy Web Security which includes both a CDN a WAF making it easier to manage all of your site's security from one place. The things I like the most about Sucuri include that they remove things by having a security expert manually scan your site, their exceptional customer service, their easy to understand documentation, and the fact their Dashboard makes it really easy for you to add additional security features.
Other than that...
-
YOU are the biggest risk to your own site.
Try your best to follow internet safety guidelines like using different emails and passwords
on different websites and keeping your phone and computer clean. - Secure your emails, IPS Board, cPanel, etc. with Two Factor Authentication.
-
Read EVERYTHING on your AdminCP and lock down your permissions.
Do it like the military; if someone doesn't NEED access to something, don't give it to them. - Backup backup backup! If a file doesn't exist in at least 3 places, it doesn't exist.
-
Try to stay informed. These are some security blogs I follow:
https://threatpost.com/
https://www.schneier.com/
https://krebsonsecurity.com/
You might also enjoy this thread:
I'll probably be adding more to that as I continue developing my site. 🙂
-
We currently have these Social Profiles available to add to the bottom of our IPS4.4:
- Youtube
- Tumblr
- DevianArt
- Etsy
- Flickr
- Foursquare
- Github
- Slack
- VKontkte
I'd like to add a few others like:
- Soundcloud
- Twitch
- Mixer
It'd be nice to have an option to add costume one letting us upload our own images. 🙂
-
-
🤔 I'm going to contact my host and see what they say. I'm using LiteSpeed and I rather have them restart it if needed in case it breaks.
-
It seems like it was on there already. Any idea of why the error might be still showing on the ACP?
-
9 minutes ago, Makoto said:
You need to add these functions to the disable_functions setting in your php.ini configuration to disable the message.
I don't fully understand the steps on how to do that, otherwise I'd try it myself.
Where do I go to edit my php.ini configuration? I would think these functions would show on "Select PHP Version" in cPanel where I see others, but these aren't listed there.
-
Does anyone have any experience getting rid of this message? I tried contacting my host and I can't remember whether they had fixed it or not. I switched to PHP 7.4 on cPanel, but it's not currently supporting ioncube and I noticed this warning again after switching back to PHP 7.3
-
On 4/15/2015 at 7:09 AM, Methodology said:
Which is better for a forum attached to a news website?
www.mysite.com/forum
forum.mysite.com
Why?
Thanks.
I prefer www.mysite.com/forums because the first part of the URL wouldn't change and this makes it look like it's part of the same website.
A subdomain might be preferable if you're trying to distinguish a separation like for example if you want to make it look like the news on your website are from the official website and everything else on the forum is community led content.
-
On 3/8/2013 at 1:04 AM, Christopher Stanley said:
I would like this feature as well. I am getting around 1000 failed crawls a day from google.
This explains so much. 😲 Support for this feature to be added. 👍
On 12/17/2015 at 3:04 AM, Markus Jung said:Can you tell me the settings for IPS 4?
I tried:
- Site URL: http://www.site.de/
- Login URL: http://www.site.de/login/
- Method: POST
-
Parameter
- auth = username I created for the AdSense bot
- password = password I created for the AdSense bot
But this is not working.
IPS 4 currently does not support any authenticated methods for Google to use to login. ☹️
How to secure forum?
in Classic self-hosted technical help
Posted
Neither Sucuri nor Invision have proper documentation at this time, so hopefully this thread will answer some questions. 🦉
0. Yes, that needs to get enabled on AdminCP > System > Advanced Configuration > Trust IP addressess provided by proxies?
Sucuri's Firewall blocks third parties to prevent cross scripting attacks and unfortunately they don't have a way to whitelist third party URLs at this time.
Twitter Style emojis are not hosted locally on your site.
is it originates from:
If you look at the source of a twemoji image like
https://twemoji.maxcdn.com/2/72x72/1f64a.pngStandard emojis like 🙊 shouldn't give you this problem and load faster on your site if you care about performance, but I prefer the twemojis because they look better.
This can be changed on AdminCP > Customization > Emoji
I found members were being blocked when:
Using a forum without third party images would be horrible. And I've had cases in the past where spammers posted links to phishing sites and images containing viruses, so this is something you'll need to consider really carefully. I don't know how much I'm exposing my site and everyone using Sucuri for their Invision Community by posting this here, but I will do it only because I don't want you to spend a month trying to figure this out like I had to. I simply whitelisted if a string ended with do=edit$ on Sucuri's Firewall > Settings > Access Control > Whitelist URL Paths After doing so, I went into the my site's AdminCP > System > Posting > Links > Allow only the links specified and whitelisted a bunch of URLs.
I chose not to resolve this because the solution Sucuri suggested would expose my AdminCP and my Admins only seemed to get blocked when attempting to edit forums. I don't know what else you've been trying to do that you refer to as "normal admin stuff," but if you have any mods they may be causing the problem.
Another dumb setting I found on Invision by default is AdminCP > System > Posting > Posting > Post Before Registering
I strongly recommend changing that to Disabled.
You should whitelist yourself before doing any updates, but other than that you shouldn't need to stay whitelisted.
Also keep in mind that you will need to:
And you will need to do so after every change your apply on your AdminCP or Sucuri.
I keep my Sucuri Caching Level on "Site caching (using your site headers)"
The "Enabled (Recommended)" caching option is too aggressive for forums.
You might also find this mod useful:
But I would wait until you resolve your Sucuri issues before implementing it. And while it does improve performance by leveraging browser caching, a change like that to your .htaccess could result in your members needing to clear their web browser's cookies and cache if you implement any major changes to your AdminCP or Sucuri.
Sucuri's Firewall has A LOT of features.
The latest thing I added as an idiot that caused my members to get blocked was switching my Referrer-Policy to origin
I then learned that caused some issues and I currently have it set to same-origin on Sucuri's Firewall > Settings > Security > Additional Headers > Referrer-Policy
I don't know if that's the "best" option for an Invision Community Refer Policy and if someone suggests something better let me know, but it seems to be working fine.
I think it's a beneficial thing to have. I like the weekly reports which you can enable on your Overview > Email Reports
Everything seems stable for me so far. I haven't had any members blocked this month. 🧙♂️