Jump to content

Mark H

Invision Community Team
  • Posts

    3,141
  • Joined

  • Last visited

Reputation Activity

  1. Like
    Mark H reacted to Jordan Miller for an entry, Proud to Present: An interview with Invision Community President Charles Warner   
    Nearly two decades ago, Invision Community President, @Charles , set out to make a leading online community platform. 
    Around that time, Charles also met his now-husband of 18-years and hasn't looked back since. Until now. 
    Behind the code, product updates and newsletters are a group of people who share a passion for community building. Considering how volatile and toxic the Internet can be, we want to become more visible, transparent and vulnerable.  To help you familiarize yourself with the masterminds behind Invision Community, starting with Charles, we're kicking off a new series that'll highlight our team.
    I interviewed Charles for the first installment. In it, he commented on the state of the Internet: "I do think some times, for or better or for worse, people forget there are real people on the other end," he said.
    Mr. Warner also touched on Invision Community's evolution over the years. 
    "People don't like change. No one likes change," Charles said, adding "sometimes you say, 'we really need to change something' either in the software, or how you do things, and people push back. It might be we change a feature or maybe internally we change the way we do something. Sometimes you have to move forward. Sometimes it's irritating at first. 'Why did you change that?!' And also you have to recognize that sometimes you're wrong. Sometimes you might change something [and think], 'no, it's not better...' I really find that that's a big thing – to constantly be looking at all those other options and try stuff out. It doesn't harm [anything] to try things."
    And in the spirit of Pride Month, Charles opened up about being part of the LGBTQ community and also President of a successful company. He hopes it'll inspire others.
     

    The full interview is available to watch up top. 
    After watching, please drop us a line in the comments and let us know your thoughts! 🌈 
  2. Like
    Mark H reacted to Matt for an entry, How to keep your community secure   
    Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
    All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
    Taking some time now to check and improve the security of your community and server will pay dividends.
    In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
    1. Set up Two Factor Authentication
    Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
    2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
    You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
    Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
    You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
    Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
    2. Configure password requirements
    The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
    While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
    Recommendation: Require users to choose at least a 'Strong' password.

    3. Be selective when adding administrators
    Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
    Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
    4. Utilize Admin Restrictions
    In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
    Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
    This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
    Recommendation: Review the restrictions your admins currently have. 
    5. Choose good passwords
    This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
    We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
    Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
    Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

    6. Stay up to date
    It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
    But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
    When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
    Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
    Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
    7. Restrict your AdminCP to an IP range where possible
    If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
    This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
    Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
    8. Properly secure your PHP installation
    Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
    disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
    Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
    Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
    So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
    As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
    If you have any tips related to security, be sure to share them in the comments!
     
  3. Like
    Mark H reacted to Matt for an entry, 4.3: Automatic Community Moderation   
    One huge benefit of running your own Invision Community is the moderation tools.
    Out of the box, Invision Community allows you to turn members into moderators. Better still, you can define what these moderators have permission to do.
    Part of this moderation suite is the report system. The report system allows your members to flag posts that need a moderator's attention.
    There comes a time when your community is so successful that it can be a little tough to keep up with all the content and reports.
    Community Moderation
    This new feature leverages your member reports to automatically remove objectionable content from public view.
    You as the admin will define thresholds for the content. For example, you may say that to hide content, a post needs 5 reports.
    This reduces the workload for your moderators and enables you to crowd source moderation.
    Let's take a look at this feature in a little more detail.
    Reporting Content
    When a member reports a piece of content, they now have the option to set a type, such as "Spam" or "Offensive". These options can count towards the threshold. Once the threshold has been passed the item is hidden.

    The threshold can be set up by creating rules in the Admin CP.
    Admin Set Up
    At its heart of the system are the rules. You can create custom rules in the Admin CP to determine the thresholds.

    For example, you may decide that:
    A member with less than 10 posts only needs 5 reports to hide the content.
    But you may want to give more experienced members a higher threshold as there is more trust.
    You simply add a new rule:
    A member who joined over a year ago with over 500 posts needs 10 reports to hide content.
    You can do that easily with the rules system as it will scan them all and pick the one most suitable for this member.

    It's as simple as that.
    Notifications
    Once an item has received enough reports to match the threshold, it is automatically hidden from view.

    A notification is sent to all moderators who opt in for notifications. This notification shows inline in the notifications center.

    It can also optionally be sent via email for those who want to know without checking the site.

    Restoring the content
    Of course, a moderator may decide that the content is fine and un-hide it. Once a piece of content has been un-hidden, automatic moderation will not hide it again.
    Report Types
    Depending on your community, the default types may not be suitable or relevant. You may also want to set up other report types.

    You can do this via the Admin CP.
    Preventing Abuse
    Your first thought may be that a single member can report a single item multiple times to force content to be hidden. 
    The system will only count a unique member as one point towards the threshold. This means a single member can report an item 5 times, but they are only counted once towards the threshold.

     
    You can also set a time limit between reporting the same item. This will prevent a member reporting a single item multiple times in succession.

    Of course, the member can delete their report if it was in error.

    Report Center
    The Report Center is the hub for all reported content. Invision Community 4.3 adds a filter to view a specific report type. The reports themselves also show the type of report.

    We hope that this new feature will be a huge help and time saver for you and your moderators.
    We'd love to hear your thoughts, please let us know what you think and if you have any questions.
  4. Haha
    Mark H reacted to Matt for an entry, Team Talk: If you could only keep five possessions, what would they be?   
    This month we ask a very simple question that got our team thinking hard.
    “If you could only keep five possessions, what would they be?”
    Now, this doesn't assume that there is a disaster, so you don't need to think about things like food and water. It also doesn't need to include humans or pets. This is also not a "Desert Island" question so survival tools are not required.
    This got us really thinking about what material possessions are important to us. It also made us realise how much technology has made a lot of things redundant. We might have said "CD collection and my favourite books" ten years ago, but with a phone, that's no longer the case as so much is handled on the device.
    Ryan (Developer & Guitar showroom owner)
    In terms of just packing up and moving on, I actually don't own a lot that I would consider critical / prized / irreplaceable. My dad's 50 year old acoustic guitar is all I would take with me, as it's the only thing that *isn't* directly replaceable. Maybe include iMac and iPhone to have some sort of connection to the outside world at all times, but I really don't need anything else I own.

     
    Brandon (Developer & Jet ski owner)
    I guess if I were to pick five things I couldn't live without I'd have to narrow down the list to my phone, my wallet, my TV (I unwind by zoning out on movies or home repair shows), my car (I can't walk to anything but the ICW here which wouldn't do me much good), and coffee (with International Delights Cold Stone Creamery creamer).

    Brandon neglected to mention that he owns a Jet Ski
    Marc S (Support technician & cycle injury enthusiast)
    Top 5 is hard, and makes you realise that despite living in a world of material possession, we actually rely on very few things. Albeit tending to be expensive things. So here goes.
    Mobile Phone - Despite the calls (which I could do without), and facebook (which I probably should do without), I have a problem with sleeping. For years now I have been using the audible app on my phone to listen to audiobooks. Usually factual stuff, so it doesnt really matter if I lose position. It helps me with my sleep, and therefore my sanity.
    Computer - This isn't just because I work on one. I tend to spend a lot of hours at it, even when I am not working. Whilst I do support here at IPS, I do a lot of development in my spare time, on my own projects, and quiet enjoy it. Currently working on an app for my brother which tracks horse racing points for a game that he runs, which is just something a bit different to do of an evening.
    Kettlebells - I'm trying to get a little fitter than I am at the moment. I spent a long time being a very unfit person, and sitting at a computer 24/7. Never a good thing to do, and it eventually starts to catch up with your wasteline (honestly. You in your 20s reading this, it does!). I joined a gym before I moved house, and got quite into working out with kettlebells, so when I moved, I bought some to use myself. I now have a PT who creates sessions for me each week.

    We're unsure who took the photo
    Bike - Whilst I havent used it half as much as I would like lately, I trained for, and completed, a 100 mile bike ride earlier this year, along with a few friends, including Andy Milne. This made be realise just how much I enjoy riding a bike. To the degree we're now planning our next bike challenge.
    Kettle - I'm pretty sure I would die without coffee. There is little else to say about that!
    Andy  (Developer and Support technician)
    I realise I have far too much clutter in my life answering this question but I managed to come up with 4 things;
    Running Shoes
    Bike
    Watch
    Laptop

    Andy finishing the Reykjavik marathon, 19 August 2017
    I’m going to make a conscious effort to be a bit more minimalist now and switch to a standing desk and a Paleo diet or go barefoot or whatever other healthy lifestyle choice @Matt recommends this week.
    Mark W (The Senior Developer)
    To answer this question I opened up my travel checklist - having taken off the things you said are excluded like clothes and toiletries, the only thing I have is my meditation stool, my laptop, my iPad, my phone, and my watch... so I guess that's my 5!
    Matt (Developer and object of ridicule)
    It's a hard one to answer. Years ago, before the internet, I could have listed many things but digital devices and "The Cloud" replaces so much. Here's my five.
    Macbook Pro. This is my daily work machine and uses iCloud to sync up my work and personal items like photos, etc. I'd have this packed first.
    iPhone. It's never far from my hands and with Netflix, Amazon, Audible, iTunes and Kindle contains books, music, favourite TV shows and more. I use Audible most nights to help me switch off and get to sleep.
    Sleepphones. I like to look really cool while sleeping, so a grey fleece headband is a must. Fortunately, they also double as bluetooth headphones designed to not dig into your ears while you sleep. I couldn't be without these.

     
    Air Pods. Yes, another pair of headphones. But these little beauties fit in my pocket and I use them when out and about. The lack of cable is a real plus although they're easy to lose.
    Concept 2 Rower: Ok, so it's not really going to fit in my hand luggage but I thought about which bit of fitness equipment I'd keep. It's a tough one between kettlebells, weights, the treadmill and the rower but I think the rower wins as it can be used many ways for a good workout.
     
    Mark H (Support Technician and part-time Phil)
    Macbook, iPhone, E-cig, suspenders, and my .357 Magnum.
    (Editors note: I'm genuinely not sure if this is a joke answer or not but didn't like to ask. Either way it's the best list of things I've ever seen.)

     
    Daniel (Support Technician and Developer)
    My five are: Phone, watch, laptop and 1000kg of headache medicine. That's it, i don't need a fifth item since it's only about "stuff" and not family.
    (Editors note: I'm hoping that 1000kg is just a guess. I'm starting to regret asking this question.)
    Jennifer (Designer)
    Computer - This is my work, play, entertainment, and more device. Plus it's a beast.
    Mobile Phone - When I'm not on my PC I'm on my phone. It keeps me connected to my communities when I'm out. Plus Zombies, Run is on it.
    High heels - If I had to choose a specific pair it would one of these two.

     
    Bed - It is wonderful and has all of my blankets. I couldn't live without my blankets.
    Dix It - Because I really couldn't think of another thing and this game is hilarious and fun.
    This really got us thinking about what is important to us and how much "stuff" we have. What would your five things be?
×
×
  • Create New...