G17 Media

We would only provide recommendations for PHP 8.1, MySQL 8 and only provide support for Apache. We would not provide any further recommendations to OS, etc..

I feel you misread what I wrote there. I said you should be employing someone to assist 'if' you are unsure

I have transitioned to using mostly the PWA on my iPhone to keep track of v5 progress. But the PWA doesn’t give feedback to me when I tap on a link like the browser does. So, the PWA has been especially frustrating to use when clicking on a link takes 3 to 15 seconds to load the page. Last night I got a few page loads that timed out after 30 seconds or so  
I’m hoping that v5 will make the PWA on iOS much more reactive and responsive so at least I do not feel the need to keep tapping a link multiple times due to zero UI feedback. The PWA should feel more like a native app, but right now, it feels more like using a poor browser. 

I have users hammering me over the same thing. They say the temporarily unavailable message happens regularly for them.

We run a site that is NFL related and I have so many people telling me they couldn't access it yesterday during the NFL draft. This is our biggest day(s) of the year. I noticed the forums were offline this morning. I saw another thread and cleared my cache. But I had people reaching out saying they couldn't get in.

Two questions:
1. Is whatever issue it was, fixed?
2. Can everyone get on now without clearing cache? 

Our posts counts were much lower than expected yesterday, this is very disappointing. We didn't have problems like this when we were self hosted.

@Svetozar Angelov - Sorry to see you are having issues with spam here. I just wanted to pick up on where we are here, as there appears to be a lot of confusion, and I want to clear up where we are.
We understand you have an issue with spam, and I feel you believe we are in some manner ignoring this. Let me assure you this is certainly not the case. 
You have stated there is a "Hole" here, without any evidence of this in any way. Just an assumption. While I understand the frustration, this isn't going to help your issue. We have no known security issues on the platform, and from what my colleague has seen so far, it seems the users are logging in and posting as normal, and they are standard users, who have logged in with a password.

A few things to note on that. If they have logged in with the password, then they have the password. There is no way in which to get a users password on the software. To make this very clear. If I have access to your database directly, with your database credentials, and have full FTP access, I still could not obtain what a users password is on your system, due to the way the passwords are encypted. And they are encrypted with PHP methods useds throughout the internet (not only our software). Quite simply, nobody has gained the password of a user through your software. 
  My colleague has also shown you there where to check if a user has had their details compromised on another site. Most users will use the same passwords across multiple sites. So if a site elsewhere has been hacked where their password can be identified, they have an email/password combination that may work on the site. Therefore they would simply be able to log in with those details. I'm sure you understand, thats not something we have any control over
  You can use 2 factor authentication for all users. There is unfortunately an issue with the google one at present that we are looking into, but you can use question and answers. This would force users to at least have another action to log in, meaning if someone does know the password, they may stumble at the question/answer stage  
We are more than happy to look at your settings to see what we can advise. But you do appear to be quite hostile toward people who are trying to help you. Both staff and other customers. I can only assume that is out of frustration. A frustration I can fully understand. But please do help us to help you. We are on your side, and do not like spam any more than you do 🙂 

At a basic level, we are not seeing any direct logs, errors, brute force attempts, etc... The user in question logged straight in which can only be done with having the credentials. The email on the most recent user which you banned also has had passwords exposed from different other, non-IPS websites. Which is why we're asking for further examples of why you believe it to be an issue with the software. It isn't pointing that way but of course, if you have further information, we're happy to explore it.
Also, what Randy is stating here, they would not just attack normal members hold no importance significance  to the community who can be deleted/banned/etc.... They would want to do more damage, gain more exposure, etc...

We have taken enough measures, I ask that you now take measures and look very carefully at the code from the beginning of March, because we have not had such problems before. It is clear that precisely from this period the problems with spammers on the IPS platform started massively. I can't sit all day and clean the forum of spammers after the version is paid for and obviously the problem is yours.

Odds are their username is also in that breach.

simply his password was guessed by the bots.

Looks like the email notification for an anonymous post shows the name of the OP. In the event someone posts something genuinely deserving of anonymity and wouldn’t want their name disclosed.

Repairing a database is not done within the IPB software.  It's a server level activity.  
You may need to contact your hosting provider for assistance.  A search of Google for repairing mySQL databases on Windows servers turned up the following which might help you:
https://community.spiceworks.com/t/how-to-repair-mysql-database-using-windows-command-line/1014346
If you are unable to repair the database at all, you may need to restore it from a backup.  

Same story, again. This is getting beyond frustrating. 


 

Whatever you are uploading using, it appears to be the device. I have just uploaded the same images you sent me over onto that same post, with no issues

As noted in your ticket: 
 
I can appreciate you've done some research on this, but you are referencing deprecated extensions in MySQL. Invision Community utilizes mysqli and the process (ssl_set()) is different than simply appending a flag. In addition to changes to the database handler, you would need to generate a certificate, bind that certificate to your installation, etc. It's certainly not as simple as setting a flag and while Azure may provide a mechanism to somewhat simplify this by generating a certificate (though it doesn't work with mysqli without additional setup), it's unfortunately not something we presently support on an application level or have roadmapped to support in a self-hosted capacity. 
The proper method, with SSL DB or not, is to secure transmission between your web nodes and the database on a network level. There should never be an opportunity to "sniff" a connection from other nodes on a network to database, because only your web nodes should be able to access the DB. A virtual network, vlan, virtual private cloud and appropriate security rules should be utilized so that only web nodes are able to communicate with your database. In the case of off-premise access to the database, network rules to only allow specific IPs should be created and enforced. 
I apologize for any frustration and inconvenience. This is rather environment specific and not generally an out-of-the-box offering. 
I'm sorry I couldn't be of more assistance, but we appreciate the feedback. 
 

Isn’t this the way the web works? 
HEAD requests are an optimization so no need to refetch the page/file if it hasn’t changed. 
You wouldn’t want Google or some other search engine re-downloading something that hasn’t changed. This would waste tremendous amounts of bandwidth. 

I don't believe this is something which we provide and if one is not provided, typically the email service would cover that. Like in an example I just sent through Amazon SES, SES provided the Message-ID header for me as I did not supply it. I have tagged this to a developer to confirm.

I understand that, but when I login to the account, and view the support page, I see the attached message, which implies that I AM authorized to submit a support ticket. Otherwise why would it be there? The owner is unavailable on vacation for a month, so it is unlikely he will make any changes during that time.

I manage a community for the owner, and I am listed on the account as an Alternative Contact. When I log into the site, and go to support, it says the support email must come from the following email and lists my correct email. HOWEVER every time I attempt to open a support request, I get the email stating:
Your support email was not received.

Thank you for contacting Invision Community!

Unfortunately, we could not find an active customer account or an alternative account with this email address.
- i can see the community under my account
- my email is listed as the alternate contact
- my email is listed as the email that the support request comes from

Can you guys fix this process? It would be great if you had a ticketing system like most companies, where I could submit a form, get a ticket number I can track, and see my past tickets.  As of now I have to email someone on the sales side, they forward it to a support person and THEN, days later, I get some response. Also - all your support people seem to have the same email, so I can't even email a support person who previously handled an issue for me.
It would be great if you could get this aspect sorted out.
Thanks
 

The core of the issue I uncovered during testing was a failure in IPS' URL encoding and had nothing to do with Minio/Wasabi (although I am happy to be wrong -- works fine in our environment with a one line fix). The "scariest" feature IPS really uses is multipart file uploads, which work on pretty much any S3 compatible service I've used.

What’s the question? What are you trying to achieve/what’s the issue you’ve run into? 
 
what’s happening when you try to show the table?
without any further code i would guess:
- your passed url is wrong
- You‘re missing the table templates 

Did you specify the $table->rowsTemplate value? 🙂
It's required for a front DB Helpers if I'm not wrong.

I'm confused. 🤨
 
You're adding data to $_SESSION, but then you're dumping \IPS\Member::loggedIn() which doesn't contain/read $_SESSION in the other file.
 
What exactly are you trying to do?

Unless Im misunderstanding something (quite possible lol), wouldn't that be for the author of that theme to do?