Jump to content

Thomas P

Clients
  • Posts

    415
  • Joined

  • Last visited

 Content Type 

Downloads

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Development Blog

Deprecation Tracker

Providers Directory

Forums

Events

Store

Gallery

Posts posted by Thomas P

  1. 57 minutes ago, Ihia said:

    It appears that these spammers are utilizing our members' accounts to submit posts

    This is uncommon as this sounds like your member use weak passwords and those accounts got compromised - at least you should consider this possibility imo.
    Good luck 

  2. Hi mates,

    I am observing from the sytem log that we are experiencing attacks on single attachment URLs.
    As it seems someone is hammering the attachment engine/URLs with random IDs:

    Could contain: File, Page, Text, Webpage

    Could contain: Text

    The URLs itself look like this:

    https://www.mcseboard.de/index.php?app=core&module=system&controller=ajax&do=attachmentInfo&attachIDs[14365]=true

    Now what is bugging me is: Why are they hammering those attachment URLs and why do they do that as a guest user.
    Case A: As guest an error is being thrown ("Sorry, there is a problem. Something went wrong. Please try again. Error code: EX0") in the frontend - thus the system log entry.

    Case B: If a logged in user tries to reach such an URL the output of the a.m. one is:

    Quote

    {"14365":{"rotate":""}}

    Could contain: File, Text, Computer Hardware, Electronics, Hardware, Computer, Pc, Monitor, Screen, Page

    Not that isn't really exciting as a result or desirable output.

    So I am wondering:

    • why is this type of attachment URL being hammered?
      is there a known vulnerability or was there one in the past?
    • what is the use of that URL, i.e. for what reason is the output presented to logged in users?
    • and last not least:
      How to address it? Can those request be denied altogether?
      Or should I even bother as a valid error is presented to a guest user?

    I ignored such pointless requests showing in the system log, but there are plenty of it.

    Thanks,
    Thomas

     

  3. 12 hours ago, Randy Calvert said:

    There is not a separate one for just bulk mails. So it’s that or nothing. 

    That's a bummer, as it affects the automated mass emails to our +70K users and the very different use case of a human generated newsletter.

    So thanks.

    I wasn't blind, there is just no way 😞

     

  4. 1 hour ago, Thomas P said:

    I am pretty sure I am blind here, but how to remove the default salutation when using the Bulk Email feature?

     

    1 hour ago, teraßyte said:

    You need to edit the email wrapper template and remove it from there:


    That would affect all emails outgoing, not just bulk mails...

  5. Hi mates,

    I am pretty sure I am blind here, but how to remove the default salutation when using the Bulk Email feature?

    Quote

    The default email template will contain 'Hi {member_name},' at the start of the email automatically. This will be shown on the preview.

    Thanks,
    Thomas

  6. Hi mates,

    after upgrading to latest and greatest 4.7.14 I see one error in our log:

    Error (1054) Unknown column 'chart_timescale' in 'ipb_core_saved_charts': changeColumn ["core_saved_charts","chart_timescale",{"name":"chart_timescale","type":"ENUM","length":null,"decimals":null,"values":["hourly","daily","weekly","monthly","none"],"allow_null":true,"default":null,"comment":"","unsigned":false,"auto_increment":false}]

    The error was thrown at this step of the upgrade:

    .../admin/upgrade/?controller=upgrade&key=abcdef&mr=16&_=1704058060594

    Any ideas on why we got this error?
    Apart of that the forum looks fine after upgrade.

    Happy New Year btw. 🥳

    Thanks,
    Thomas

     

     

  7. Hi all,

    we had and have spammers who try to abuse the homepage link ("Website URL") or the "About me" section, i.e. profile fields, for link stuffing and unsolicited advertisement - which is spam.

    Marking the spammer using the built-in function hides the posts and threads but not the profile fields or the member profile itself.

    Suggestion is to hide the entire content of a spammer after being marked so.

    Regarding the profile fields specifically: Either the profile field content should be removed (A) or the entire profile should be set to hidden except for the Mods & Admins (B). This is just to give you an idea how it can be done, but in those details I trust your judgement as you are more into the details.

    This is the follow-up to this q&a topic: 

     

    Thanks,
    Thomas
     

  8.  

    Hi mates,

    upgrade to 4.7.9 latest went fine, I have one error I couldn't associate with, in the system log.

    Upgrade went flawless so far judging from the Upgrade UI and the frontend outcome, it is just this one error in the system log, what concerns me.

     

    admin/upgrade/?controller=upgrade&key=25f9c38812d4c22588ddaf2368d5f8fe&mr=43&_=1681843838469

    Type: Upgrade error

    Error (1051) Unknown table 'xyz.ipb_core_members_features_seen': dropTable ["core_members_features_seen"]

     

    #0 /home/xyz/system/Application/Application.php(1672): IPS\_Log::log()
    #1 /home/xyz/applications/core/sources/Setup/Upgrade.php(511): IPS\_Application->installDatabaseUpdates()
    #2 /home/xyz/applications/core/sources/Setup/Upgrade.php(326): IPS\core\Setup\_Upgrade->step1()
    #3 /home/xyz/applications/core/modules/setup/upgrade/upgrade.php(47): IPS\core\Setup\_Upgrade->process()
    #4 /home/xyz/system/Helpers/MultipleRedirect/MultipleRedirect.php(93): IPS\core\modules\setup\upgrade\_upgrade->IPS\core\modules\setup\upgrade\{closure}()
    #5 /home/xyz/applications/core/modules/setup/upgrade/upgrade.php(77): IPS\Helpers\_MultipleRedirect->__construct()
    #6 /home/xyz/system/Dispatcher/Controller.php(118): IPS\core\modules\setup\upgrade\_upgrade->manage()
    #7 /home/xyz/system/Dispatcher/Setup.php(220): IPS\Dispatcher\_Controller->execute()
    #8 /home/xyz/admin/upgrade/index.php(34): IPS\Dispatcher\_Setup->run()
    #9 {main}


    Thanks for any hint or detail,

    Thomas

  9. On 10/28/2022 at 10:15 AM, Emediate said:

    Also have this problem. Just one name in the list (no comma following), but it is still showing in the Multiple Posters list.

    Just asking because this issue here.
    Regarding development my question is, if there are any new features or planned improvements for the future.
    Thanks 🙂

     

  10. OK, I re-enabled curl_multi_exec and upgrade went through. I still would like to put it back after upgrade and wonder, if this upgrade (exceptionally) needed it or I have to dig when it was added. My guess would be it came with PHP 8.x on our side.

    Just now, Nathan Explosion said:

    It's now required as of 4.7.9

    I see, thanks. For functions in general or just during upgrade?
    I can leave it on of course, if required generally.

  11. Hi mates,

    right after login I get the following error message during upgrade:

    Could contain: File, Page, Text, Webpage

     

    Call to undefined function IPS\Http\Request\curl_multi_exec()

    The log shows me:
     

    Error: Call to undefined function IPS\Http\Request\curl_multi_exec() (0)
    #0 /home/xyz/system/Http/Request/Curl.php(496): IPS\Http\Request\_Curl->_executeMh()
    #1 /home/xyz/system/Http/Request/Curl.php(302): IPS\Http\Request\_Curl->_executeAndFollowRedirects()
    #2 /home/xyz/system/Application/Application.php(553): IPS\Http\Request\_Curl->get()
    #3 /home/xyz/applications/core/modules/setup/upgrade/systemcheck.php(95): IPS\_Application::md5Check()
    #4 /home/xyz/system/Dispatcher/Controller.php(118): IPS\core\modules\setup\upgrade\_systemcheck->manage()
    #5 /home/xyz/system/Dispatcher/Setup.php(220): IPS\Dispatcher\_Controller->execute()
    #6 /home/xyz/admin/upgrade/index.php(34): IPS\Dispatcher\_Setup->run()
    #7 {main}

    Anyone experienced the same?
    Any hint to what went wrong?

    Thanks,
    Thomas

×
×
  • Create New...