Jump to content

Thomas P

Clients
  • Posts

    415
  • Joined

  • Last visited

5 Followers

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Thomas P's Achievements

  1. This is uncommon as this sounds like your member use weak passwords and those accounts got compromised - at least you should consider this possibility imo. Good luck
  2. Hi mates, I am observing from the sytem log that we are experiencing attacks on single attachment URLs. As it seems someone is hammering the attachment engine/URLs with random IDs: The URLs itself look like this: https://www.mcseboard.de/index.php?app=core&module=system&controller=ajax&do=attachmentInfo&attachIDs[14365]=true Now what is bugging me is: Why are they hammering those attachment URLs and why do they do that as a guest user. Case A: As guest an error is being thrown ("Sorry, there is a problem. Something went wrong. Please try again. Error code: EX0") in the frontend - thus the system log entry. Case B: If a logged in user tries to reach such an URL the output of the a.m. one is: Not that isn't really exciting as a result or desirable output. So I am wondering: why is this type of attachment URL being hammered? is there a known vulnerability or was there one in the past? what is the use of that URL, i.e. for what reason is the output presented to logged in users? and last not least: How to address it? Can those request be denied altogether? Or should I even bother as a valid error is presented to a guest user? I ignored such pointless requests showing in the system log, but there are plenty of it. Thanks, Thomas
  3. Hi mates, just a moderate bump to my feedback or request: Please consider it to be included in one of the next releases. It is more of a gap or improvement than a new feature imo. Thank you, Thomas
  4. Thank you, we're going to think about it 👍
  5. That's a bummer, as it affects the automated mass emails to our +70K users and the very different use case of a human generated newsletter. So thanks. I wasn't blind, there is just no way 😞
  6. That would affect all emails outgoing, not just bulk mails...
  7. Hi mates, I am pretty sure I am blind here, but how to remove the default salutation when using the Bulk Email feature? Thanks, Thomas
  8. Hi, an update from my side - got to know this Add-On to hide a spammer's profile with possibly stuffed "about me" or other spammy profile info: Block Banned Member Profiles - Applications - IC Essentials (ic-essentials.com) Works well and does what it should, I like and recommend it. BR
  9. Thank you guys, checked as you suggested and yes: It was there. And verified via support ticket, as well - so we are good. 🙂 Thanks again, appreciated. Thomas
  10. Hi, no issues identified. Apart of the a.m. error message all sections are clear without issues... BR
  11. Hi mates, after upgrading to latest and greatest 4.7.14 I see one error in our log: Error (1054) Unknown column 'chart_timescale' in 'ipb_core_saved_charts': changeColumn ["core_saved_charts","chart_timescale",{"name":"chart_timescale","type":"ENUM","length":null,"decimals":null,"values":["hourly","daily","weekly","monthly","none"],"allow_null":true,"default":null,"comment":"","unsigned":false,"auto_increment":false}] The error was thrown at this step of the upgrade: .../admin/upgrade/?controller=upgrade&key=abcdef&mr=16&_=1704058060594 Any ideas on why we got this error? Apart of that the forum looks fine after upgrade. Happy New Year btw. 🥳 Thanks, Thomas
  12. Awesome changes as usual, very well made. Looking forward to them
  13. Hi all, we had and have spammers who try to abuse the homepage link ("Website URL") or the "About me" section, i.e. profile fields, for link stuffing and unsolicited advertisement - which is spam. Marking the spammer using the built-in function hides the posts and threads but not the profile fields or the member profile itself. Suggestion is to hide the entire content of a spammer after being marked so. Regarding the profile fields specifically: Either the profile field content should be removed (A) or the entire profile should be set to hidden except for the Mods & Admins (B). This is just to give you an idea how it can be done, but in those details I trust your judgement as you are more into the details. This is the follow-up to this q&a topic: Thanks, Thomas
×
×
  • Create New...