Makoto

This has been addressed in the next update which is now just pending marketplace approval!

I'll have an update to address this released soon!

Just a quick confirmation that an update has been posted now and is just waiting for approval. Thank you again for your business and your patience!

I'll have this updated by tomorrow! It may take a few additional days for IPS to review and approve the update on the marketplace however.

Has a tags widget if you're interested. The widget isn't sold separately however.

Hey! Which forum are you testing this in? I created a test forum and set the minimum number of tags to one and it seems to be working as intended on my end,

Cloudflare, for example, makes this very easy to do. Just go Security, then WAF, and from there you can set up a rule to block an entire country code from accessing your server. Just be sure you've carefully considered the implications, and you are certain you really want to do this. (You can also block TOR exit relays via the country code firewall rule)

Thank you for confirming @DSystem! I've addressed the language string issue now, though I'm having trouble reproducing the error with the fURL link not working. Can you verify which version of IPS you are running? Does the issue persist even with other third-party applications and plugins disabled? Lastly, what kind of server environment is this? Nginx, Apache?

I'm not sure how that furl went missing on your install, I'll definitely make sure it didn't get missed in the build on the marketplace! I'll also make those strings translatable, though are you just the "Sign Out" string isn't just the default IPS "Sign Out" string? I'll need to review to be sure, but I'll get back to you shortly!

This is something I've been meaning to look into. I have a release pending approval in the marketplace right now that adds in support for UTF8 filenames with mod_zip and addresses some other issues with Nginx mod_zip on IPS 4.6, but I'll have this added in the release after that. Doing this will likely mean adding a database entry for every file, which is probably exactly what you want, but just something to keep in mind if you're wanting to enforce download limits on uses with bulk download permissions.

If it's possible, I'll see if I can make a simple third-party plugin for this.

I definitely consider this not working as intended too and it's something I frequently deal with. It frustrates my customers and me personally. I can't see why anyone would want it to work this way. You have subscription options available monthly and annually, and once someone has opted for a monthly subscription, they can never let that subscription expire and opt for an annual one instead? That makes absolutely zero sense whatsoever. I can't think of a single platform anywhere on the internet that operates this way. IPS, I've said this many times before, I like you guys and all, but sometimes you are way too hardheaded when it comes to addressing things none of your customers actually want.

Unfortunately I do not believe there is at the moment, but an option to batch re-send failed e-mails would be something I'd find useful as well.

Thanks Mark, Yeah absolutely no issue with links expiring, I think that's a good security feature. A custom error being displayed to tell people the links expired could be a good UX improvement though! It took me a bit to identify the issue myself when a user reported it because the error kept just implying their reset request didn't exist.

A maintenance release will be available shortly to address the "null" tags issue. I've also added a tool to clear these broken tag entries out of the database without needing to run manual sql queries.

In the latest release of IPS, password reset e-mails seem to expire after 1-hour. If a user submits a password reset request and does not respond to the request within that hour, the first problem is the error they receive when clicking on the reset password link, It would be much better for this error to tell them that their password reset link has expired, and provide a link to submit a new password reset request. However, that brings us to the real problem. When users submit another password reset request, nothing actually happens. It sends the same password reset request link to the user. It does not regenerate the password reset request in the database. The user gets sent an expired password reset link every time they try and generate a new one. This means that if the user does not reset their password correctly on the first attempt, it becomes impossible for them to do it until an administrator goes in and manually clears the entry out from the core_validating table.

I've pushed an update addressing this and a few more CSRF issues now! It should be up live as soon as IPS is able to review and approve it. Thanks as well for your patience!

Thanks for the report and sorry for the trouble! I'll have this fixed in the next release, but if you need logging disabled immediately, just send me a message here and I'll have it patched for you in the meantime!

Hey there! I'll absolutely look into this for you. Looking at the error message, there's a possibility this might be an isolated issue, so I might need you to PM me here and see if you can set me up with a temporary AdminCP account, but I'll review this either way and see if I can reproduce it locally tonight. I'll take a look and see if this is something I can reproduce. I believe this was an error with Advanced Tags and Prefixes if you just recently upgraded from that, but I'll make sure Radical Tags is not causing any issues with RSS feeds!

Hey! If the tags aren't displaying as configured, would you be able to PM me here and set me up with a temporary AdminCP account so I can take a look?

Awesome! I'm glad you were able to get it taken care of!

Hey there! Can you send me a DM with more information on this? Do you get this when trying to add tags to content items after installing the application?

It's hard to say without looking at the traffic myself, trying to analyze what exactly they're doing specifically. Are they just trying to scrape your website, or trying to run malicious scripts? Things like that can give you a bit to go on. In the latter case, enabling WAF rules could help, but you have to take a bit of care with those to ensure you don't cause false-positive triggers. Blocking ASN's of entire web hosts where the malicious traffic is coming from is probably not a bad idea. Even if it seems like a hopeless endeavor, it may just take some time, monitoring, and persistence. To some extent, though, you do have to account for this kind of traffic occurring and be able to scale with it as your website grows.

Yeah, bots can become a huge pain. Usually malicious robots or scripts that are constantly scanning your website for vulnerabilities. I've been there trying to play the whack-a-mole game with them.

Use Cloudflare if you aren't already, that's my number one recommendation. It can do a tremendous job in reducing the number of malicious bots and scrapers that visit your website.