Jim M

Unfortunately, you would need to ask them why your server is generating a 503 Server Unavailable error then. This is not specifically something from a software standpoint we can get the reason for or resolve as 5xx level errors are server-related errors. They would need to investigate the server error logs. I'm afraid, there is not anything from a software point of view we can do until they provide the reason for the 503 error and state it is something they are able to assist you with you or something you are not able to get by on your hosting package (if it is resource related).

You would want to contact your hosting provider or server administrator for assistance here. "-200" in plupload is an error with processing on the server so it would need to be investigated and handled there. I'm afraid, server configuration is outside the scope of our support.

23 minutes ago, mtlurb said:

When I disable a plugin or change to GD/Imagemagick, how long does it take for it take effect?

It should be relatively instantaneous, depending on what is being changed. At most it may take the cache length of the page to take effect.

3 minutes ago, Ndugu said:

We can configure the server, but is there a place in the forum admin where we'll need to add the credentials?

PHP mail would be through your server's configuration. Anything you need to configure would be in your php.ini 😉 . 

All the software does pass that through native PHP functions and then PHP handles it to how you configured it.

2 minutes ago, mtlurb said:

Please see my workaround above... has nothing to do with plugins which I already disabled.

My point is that you did not have to do your workaround here. They uploaded just fine 🙂 .

1. Please contact your hosting provider for further assistance. They will be able to tell you how your server is configured for this PHP mail.
2. SendGrid is an email service. Instead of sending via your own server, you send via their professional email service. Email sending/receiving is a complex system which can lead to vulnerabilities/security problems, email deliverability due to being blacklisted, etc... Overall, it's a pain. Those that want to offload that pain, can use SendGrid or another service like SendGrid.

As you were able to upload the image fine here, there is something specific with your installation which is the cause here. Both here and your community run Cloud, there is nothing underneath which is causing an issue. I would advise disabling all third party applications/plugins, switching to an unmodified theme, and ensure that you do not have any resizing going on in ACP -> System -> Posting as a temporary test.

1 minute ago, mtlurb said:

Yeah I checked right after posting... and I tried all permutations ... and same thing, image uploads black.

 

I would recommend disabling what is creating the watermark there as that is not a core feature outside of Gallery.

2 minutes ago, mtlurb said:

My server is hosted on Invisions cloud... can this still be switched?

You can change image handler in ACP -> System -> Files -> Image Settings.

As of today, there are not any plans to make PHP 8.2 or higher compatible with Invision Community version 4. However, like many things in the software world, this is written in pencil so could change as we progress through the end of version 4's lifetime.

49 minutes ago, Claudia999 said:

...but you have to change robots.txt too – isn't it? There is this entry:

Disallow: /tags/

That is correct as well, if you're still using the default robots.txt

You would need to install them by uploading the files to your server and then going to ACP -> System -> Applications to run the installer. The guide below is regarding the previous license terms where you could purchase individual ones but the process is still the same to install them.

While I get what you're saying here, it is not intended to how we built the system. It is intended to only count answers, rather than voters. However, it still does provide you the voters next to the answers if you want to do your own calculations.

If you would like to see this changed, you're more than welcome to submitting a topic in our Feedback forum for further information.

7 minutes ago, tforums said:

IPB already caches a lot of things

We no longer cache full pages/responses. This was removed some time ago in effort to move customers more towards better solutions that wouldn't utilize so much server resources, e.g. CDN caching. We pass a cache header but it won't cache unless you have a CDN (or similar) servicing your community.

Example of a HEAD request to our all activity stream. As you can see, there are caching headers which will tell our CDN to now cache this page for 900 seconds (15 min).

I've moved this to a ticket so we can look further into this to see what we can do for you here. Please watch your email for further correspondence.

This is added on purpose for the search pages. You can likely change this using the metatag editor though.

You can just comment the lines out or copy/paste them somewhere else. The lines being:

\define( 'REDIS_ENABLED', true );
\define( 'STORE_METHOD', 'Redis' );
\define( 'STORE_CONFIG', '[]' );
\define( 'CACHE_METHOD', 'Redis' );
\define( 'REDIS_CONFIG', '{"server":"127.0.0.1","port":6379,"password":""}' );
\define( 'SUITE_UNIQUE_KEY', '########' );

Would recommend disabling Redis for testing purposes as it looks like you have template cache enabled. Would then ensure that all your folders are correctly writable to ensure everything is able to write/delete/regenerate.

As you’re missing files, that would be the first thing you need to resolve. Is the queue task running and taking a while to complete or are you getting an error?

35 minutes ago, rayzir said:

I came back to check on things and the background processes are really starting to back up.  Right now, I have 26 in the queue. 

I checked logs in the Locked Taks: Queue and there's nothing in there.

When attempting to run that task, I am still getting a 503 service unavailable error. You will need to contact your hosting provider to find out what is stopping that service prematurely. It may be a resource issue, configuration issue, etc...

Do you have an example of the request? This could be the form of an attack, if there are many requests at the same time, which would need to be mitigated at the server or network level for optimal results as the software would just cause more consumption of resources.

45 minutes ago, Svetozar Angelov said:

Can you specifically say what exactly you have seen on our forum that makes you think the problem is not with your software.

At a basic level, we are not seeing any direct logs, errors, brute force attempts, etc... The user in question logged straight in which can only be done with having the credentials. The email on the most recent user which you banned also has had passwords exposed from different other, non-IPS websites. Which is why we're asking for further examples of why you believe it to be an issue with the software. It isn't pointing that way but of course, if you have further information, we're happy to explore it.

22 minutes ago, Randy Calvert said:

they not target important accounts?  Why not target admin or moderators?

Also, what Randy is stating here, they would not just attack normal members hold no importance significance  to the community who can be deleted/banned/etc.... They would want to do more damage, gain more exposure, etc...

12 minutes ago, Svetozar Angelov said:

What we suspect, along with a lot of people, is that the IPS are telling us generalities without really understanding the issue, which is a breach with the March security update, and they're probably buying time to figure out exactly what's going on.

As mentioned, please provide an example and we'd be happy to investigate further your particular case. However, what we have seen on your website is not a breach on your community or in our software but we're happy, of course, to confirm that with a specific example user.

Please be advised I have split this off for you to the Feedback forum.

7 hours ago, Svetozar Angelov said:

We have taken enough measures, I ask that you now take measures and look very carefully at the code from the beginning of March, because we have not had such problems before. It is clear that precisely from this period the problems with spammers on the IPS platform started massively. I can't sit all day and clean the forum of spammers after the version is paid for and obviously the problem is yours.

As Randy, us, and others mentioned several times through these conversations, spam is a walk of life on the internet and odds are you will never be able to 100% combat it. It also comes in cycles. Points that are high, turn to lows as people adapt spam measures and combat spam accounts or our spam defense grows aware of individuals, etc... However, our methods posted here will make it significantly less annoying and to a degree remove it from being a daily hassle.

As Randy mentioned, we take significant measures with each release to ensure that we release the best software possible to our customers. We have mentioned several times in this topic that we're happy to look at what you're seeing but we have not gotten a specific example. We have, however, looked at a recent example of a banned member and they have compromised email/password combinations from other websites around the web (non-IPS) so that would explain how a malicious-intended spammer could gain access directly, with no brute force. If this is not an active member, banning them, as you've done, is the right measure. If it is an active member, you may wish to change their password and contact them. However, it could be that the spammer/attacker has access to their email inbox so be mindful of that.

If you would like us to take another look at another example or have a further complex example than just a username, please feel free to us the Contact Us form at the bottom of each page and we'll be happy to take a look.