Jim M

Would apply the patches which are present in ACP -> Support. Then also save the Administrator permissions that you are a part of as that is really odd that those are gone. Unless someone has manually modified your files to remove those buttons, I do not believe we have an option to remove those.

Would ensure you're using PHP 8.1 and then also check to ensure that your server is inline with the requirements checker: If all is well, what Randy said will be required

The configuration file can be found in conf_global.php . The database name and user can be set in that file. Please let us know if you need any further assistance.

ACP -> Members -> Members -> Import Member List.

Unfortunately, the reality here is that we do not know the way which items were copied or if there is an underlying issue there. Therefore, we would not provide support on something which was not done natively in the software. To answer the question about recounting posts, you can do this via ACP -> Members -> Members -> view any members -> go to Posts -> Recount All.

That would be who you need to contact then for assistance, I'm afraid. We would not supply support for something of this nature.

Keep in mind, that is one instance out of many, many, many, many other breaches. Kind of like stating, all car accidents are the same 🙂 . Each breach is different than the next depending on the website and data the attacker obtains. More often than not username is stored and obtained, if it is available.

Sorry, could you please clarify what you mean by copied? The copy function would only copy the forums, not the posts so the counts should be 0. Unless I am misunderstanding what you mean or you used a third party action to do so.

We would only provide recommendations for PHP 8.1, MySQL 8 and only provide support for Apache. We would not provide any further recommendations to OS, etc..

More information will come up in the release which we remove it but we constantly evaluate features in the software which are seldomly used yet cause us overhead a lot of evaluating/developing/supporting them. This is not to say this will change in the future or that a third party can't add this payment method in for you. Regardless though, at the moment, it sounds like these are getting deprecated so will not be available from Stripe themselves. Apologize that you found this not helpful. Sometimes without more information about the API usage involved, we're a little blind on why something may be getting reported that it is in use. In this case we could have reviewed your instance more or Stripe could have reported that you were using the API as outlined (they have this information as they're telling you you're using an outdated API 🙂 ). However, it is good to see that we got the answers we needed and apologize for any inconvenience here.

There would be no means to do this via the core software. It would require a customization.

We would need to review the given issue so whatever it takes for us to review it.

Was the rule deleted? I am not seeing it present or have this user attributed to that rule.

You will want to check your permissions in S3 as it cannot write in your given settings.

I have moved this to a ticket to further investigate this for you. Seems unarchiving has completed but there are still some left over.

It is provided as a means of what may have happened. Not a way to verify all. As mentioned several times in the topic, the hole here isn't the software but rather the human. Humans are using the same credentials on multiple sites and one of those other sites (not associated to IPS) gets breached, their credentials are now known. Thus, these spammers are logging in. The way around this would be implore Two Factor Authentication because this requires another set of actions to log in. This won't help past users but will help in the future. The other option would be to force password resets to all members but there is no guarantee that your users will insert already breached credentials.

We are working with you on your ticket with this... Please be sure to reply there.

Odds are their username is also in that breach.

As mentioned several times in this topic, you will want to check to see if those email addresses have been compromised from other websites (non-IPS). You can look at https://haveibeenpwned.com/ Then take measures outlined in this topic.

You would upload the full file set to the location of your community on your server, overwriting what is there. Then go to ACP -> System -> Applications to install your missing applications.

This would indicate you're missing files so would want to do the manual upgrade.

As you're updating from an old release, you may wish to perform a manual upgrade if the automatic upgrader is causing you problems.

Yes. Users would supply their own answers, that is what makes it secure 🙂.

You can select from a list or make your own questions. The user would select a question and insert their own answer.

The install/upgrade utility will do a cursory check over your system. It also is available in ACP -> Support.