Aaron M

Thank you Charles for the reply. We're looking into WAF settings now.

Another couple errors from the system logs:

We're hosted on AWS with load balancing. We started getting hit with DDoS earlier today and our site would go down for a couple minutes while it scaled up another instance. This stopped working at a point though and we're just getting hit with 502 and 504. We scaled down to one instance and rebooted, came up for a minute and the site worked, then it went back to 502's and 504's. The admin cp stays up for longer (although running slow) but the frontend starts blowing errors very quick. We've tried clearing cache but to no avail... Our team member who set all this AWS stuff up left us abruptly so we are flying blind and down on our busiest day of the month :*( Really need support, happy to pay someone whatever hourly rate to hop on a discord call and help us out. Please let me know any suggestions or thoughts. Thank you. This is an error we're getting via nginx:

Any progress on this?

Found it through Stripe, cust ID is 302351 re Sec qn's, strange - it seems those were somehow deleted during the migration? I've reset them as on file though; please retry now.

Invoice ID #1009544

Hello, I believe Commerce has protections against Core deletion of members if they aren't validated provided they have a successful transaction on file, however we have noticed a number of users who paid via the Apple/Google Pay option are showing up as deleted, which is obviously a terrible customer experience. Can IPS ensure that these protections are extended to A/G Pay?

I'm running PHP 8, it's a fresh setup so cron should be using php8.0-fpm already

Got after upgrading to latest version. Full trace: TypeError: array_reverse(): Argument #1 ($array) must be of type array, null given in applications/nexus/sources/Gateway/PayPal/BillingAgreement.php:126 Stack trace: #0 applications/nexus/sources/Gateway/PayPal/BillingAgreement.php(126): array_reverse() #1 applications/nexus/sources/Customer/BillingAgreement.php(307): IPS\nexus\Gateway\PayPal\_BillingAgreement->latestUnclaimedTransaction() #2 applications/nexus/tasks/billingAgreements.php(57): IPS\nexus\Customer\_BillingAgreement->checkForLatestTransaction() #3 system/Task/Task.php(274): IPS\nexus\tasks\_billingAgreements->execute() #4 system/Task/Task.php(237): IPS\_Task->run() #5 applications/core/interface/task/task.php(72): IPS\_Task->runAndLog() #6 {main} Backtrace: #0 applications/nexus/tasks/billingAgreements.php(74): IPS\_Log::log() #1 system/Task/Task.php(274): IPS\nexus\tasks\_billingAgreements->execute() #2 system/Task/Task.php(237): IPS\_Task->run() #3 applications/core/interface/task/task.php(72): IPS\_Task->runAndLog() #4 {main}

Perfect, thanks!

Posting here since email support is no longer a thing. We noticed that L341 in the ips4.php requirements checker (ref https://invisioncommunity.com/files/file/7046-invision-community-requirements-checker/) attempts to communicate with the IPS licensing server through HTTP?? Is this not a security vulnerability by not using HTTPS - you're basically just transmitting the key in cleartext over unencrypted channels. The line in question: <?php if ( file_exists( 'conf_global.php' ) and isset( $mysql ) and $licensekey = @$mysql->query("SELECT * FROM core_sys_conf_settings WHERE conf_key='ipb_reg_number';") and $licensekey = @$licensekey->fetch_assoc() and $licensekey and $licensekey['conf_value'] and $lkeyData = @file_get_contents( "http://license.invisionpower.com/?a=info&key=%7B$licensekey[%27conf_value%27]%7D" ) and $lkeyData = json_decode( $lkeyData ) ): ?> Recommend that gets changed to HTTPS asap. Cheers!

Closing IPS notification fixed it as per

Another request 😄 Would you be able to integrate this with MaxMind, if it's possible to do so?

@OctoDev I appreciate you developing this. So far, we have found it to work perfectly. Can I request more information is passed to/from the gateway, as is done so like in the Stripe gateway available by default on the IPB transaction view? I'm not sure how far the Coinbase API extends, however things such as which cryptocurrency/method was actually used, time from payment initiation to authorization, total amount of crypto sent, etc. would be useful to have added.

Highlighting this as a pressing issue for us still too. Surprised to see someone else encountering the same difficulties as we, but at least this shows there is a demand for this change.