Marc Stridgen

You mention you check another photo. Please could you check the same photo

I could have told you it was anything then 😄

The above 2 are the only 2 things it can really be. Given you can upload here, I suspect this is probably the latter

Feel free to post up within the feedback area if you wish to see changes in this area

At present it follows the permissions of the database, so you would have to set it there within the admin CP if you want to set specific permissions

This is done from your file system, not your admin CP. So you create a file in the route directory named constants.php and add this <?php define('DISABLE_MFA', TRUE); This will disable the google authentication you are struggling with, so you can log in

Have a look in System>Files>Image Setings, and check to ensure you arent stripping sensitive EXIF Data

I have moved this to our feedback forum for you, as unfortunately this isnt something I can think of a way around at present.

Also please check within email errors in System>Email to see if anything is showing there

@Svetozar Angelov - Sorry to see you are having issues with spam here. I just wanted to pick up on where we are here, as there appears to be a lot of confusion, and I want to clear up where we are. We understand you have an issue with spam, and I feel you believe we are in some manner ignoring this. Let me assure you this is certainly not the case. You have stated there is a "Hole" here, without any evidence of this in any way. Just an assumption. While I understand the frustration, this isn't going to help your issue. We have no known security issues on the platform, and from what my colleague has seen so far, it seems the users are logging in and posting as normal, and they are standard users, who have logged in with a password. A few things to note on that. If they have logged in with the password, then they have the password. There is no way in which to get a users password on the software. To make this very clear. If I have access to your database directly, with your database credentials, and have full FTP access, I still could not obtain what a users password is on your system, due to the way the passwords are encypted. And they are encrypted with PHP methods useds throughout the internet (not only our software). Quite simply, nobody has gained the password of a user through your software. My colleague has also shown you there where to check if a user has had their details compromised on another site. Most users will use the same passwords across multiple sites. So if a site elsewhere has been hacked where their password can be identified, they have an email/password combination that may work on the site. Therefore they would simply be able to log in with those details. I'm sure you understand, thats not something we have any control over You can use 2 factor authentication for all users. There is unfortunately an issue with the google one at present that we are looking into, but you can use question and answers. This would force users to at least have another action to log in, meaning if someone does know the password, they may stumble at the question/answer stage We are more than happy to look at your settings to see what we can advise. But you do appear to be quite hostile toward people who are trying to help you. Both staff and other customers. I can only assume that is out of frustration. A frustration I can fully understand. But please do help us to help you. We are on your side, and do not like spam any more than you do 🙂

I am curious as to how you have "notices this can happen on many IPS websites"? Could you perhaps elaborate on that? There isn't any way in which to actually get password from the database (for example, even from the database, I couldn't tell you what your password is). So if someone is sending you usernames and passwords that are genuine, its very likely they have gotten it from another source. We often find that users using the same password across multiple platforms are the ones that get targeted. Of course, if you have more specific information, please do feel free to contact our accounts department on the contact us link below (or pm me, that's not a problem). But a list of usernames and passwords being sent to you won't have come from your IPS database, as they simply aren't stored in a manner that is readable and would allow that, even with full access to a sites database. If you have many customer accounts that have been compromised, I would advise you force all users to change passwords on your site, which you can do from the members section of your admin CP

I've just asked about this, and it does indeed show the last 5. So it seems the others are records from prior to us having that limit

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

Of course

If you can provide some examples, that may be easier to go by to advise on

There is nothing in terms of settings for this. As mentioned above, it would require modification

Glad to hear you got that working 🙂

What my colleague is saying, is we hit them. Not that we fixed it 🙂

It sounds like server resources you are having an issue with when sending them over. Something timing out perhaps. It would be worth checking your server error logs to see what is showing up there

Customisation>Email is where you would look for this

As mentioned in my message just above yours, this isnt really something that is a software issue. If users are able to access those accounts to spam, then of course they will be able to do so.

Are you using custom templates or anything there?

You would need to contact the author of your theme in order to ask this question. Not knowing what changes you have in your themes means we are unable to provide a clear answer on that for you, unfortunately.

If this is not something you are comfortable with, have you ever considered our cloud platform? It would certainly save you ever needing to deal with servers again

Yes, you should be find to proceed