Chris027

1 minute ago, Charles said:

The best way to kill a community is to refuse to keep up with new ways that people consume content.

I don't suffer from FOMO and I understand my community far better than anyone else. I don't jump on bandwagons or follow the herd. Only dead fish swim with the current. 

It's about having vision and content, not the new shiny object. 

4 hours ago, Matt said:

Now that the bad stuff is out of the way, we can start talking about v5 and there is a lot of fun stuff to get into. Invision Community 5 is a new chapter for the product and us as a company. A more streamlined and focused operation fit for the next decade of community building.

When using an app for fun, this kind of thing got me excited.

I use IPS for my business, so this means nothing but problems and tons of work coming soon. My community likes stability and hates change just for change sake. V5 sounds like a bunch of change, even for everyone who wants to maintain the same experience for their communities. 

Thank you guys for this. 

6 hours ago, opentype said:

Log in to Stripe to see more details about these attempted transactions. 

I wouldn’t necessarily assume that something is fishy. Could be an honest user really trying to pay and having their card(s) rejected.  

Thanks for the idea. I logged into Stripe and can see the IP address and some details. 

Today a guest user was doing something strange when attempting to purchase a subscription to my site. I dont' know if the person was trying different stolen credit cards to see if they'd actually go through or what, but this definitely was NOT normal. You can see all the failed attempts below in the screenshot.

it would be really nice to see the IP address of this user somehow. I could at least attempt to block the person or bot. I know this could change, but I found that blocking IP addresses frequently causes enough friction so the users moves to lower hanging fruit. 

Question: Does anyont know how to obtain the IP address of a guest user trying to purchase something on a site?

12 minutes ago, Marc Stridgen said:

Sorry, Chris. The setting above should have been "Trust IP addresses provided by proxies?"

Also enabled. 

4 hours ago, Marc Stridgen said:

The only way that can really happen is if its being proxied in some way. Do you have the following switched on?

System>Settings>Advanced Configuration>Check IP address when validating session?

Yes, this is enabled. 

1 minute ago, Randy Calvert said:

Are you using a proxy, firewall, or a cdn or something else in front of the server?

I use all kinds of stuff through CloudFlare and NGINX, but this has never happened previously. Other new users are showing public IPs, all existing users are showing public IPs. 

I just had a new member sign up and his/her registration IP address is showing a private address. I queried all my members to see if this has happened previously and I see nobody with this issue. 

Any idea how a private IP can be shown as the registration IP?

46 minutes ago, InvisionHQ said:

@Chris027 
I have added an additional check,
although I must say that this is the first time I have been notified of such a thing.
It will be available within 7-10 days with the new update.
If you want a patch now please contact me privately.

Thank you! 
 

I should be ok until the update is released. 

Just now, wimg said:

Did you check if thsi works OK in a normal post?

 

That's a great idea, but I can't recreate it. Only this guy can somehow. 

I now have the complete text the person used to create the advert, but I am unable to recreate the issue. He can cause the issue every time. He is pasting a word doc into the form. When he removes a specific set of paragraphs, everything works perfect. If he pastes the entire doc, then we have issues. 

I have an entire category that’s inaccessible and this could happen in all of the categories. 
 

The same guy has done it again (unknowingly). Now I have to go into MySQL and remove the records. Browsing through AdminCP causes an error as soon as the product is displayed in the list. 

This seems like a huge security hole if someone can create an advert that brings down entire sections of a site and can’t be resolved without MySQL command line deletions. 

OK, i found some information.

Someone added a product for sale and the link to the item was mydomain[.com]/classifieds/3111--/

For some reason the name of the product was screwed up or he did something by accident. When I queried my mysql databse I can see this. It may be of help to @InvisionHQ to figure out how to disable people from screwing up products.

Perhaps he left the title blank and it caused the issues?

SELECT * FROM classifieds_adverts WHERE CONCAT(cl_a_id) LIKE "%3111%";
+---------+------------+----------------+----------------+------------------+-----------------+-------------------+------------+----------------+-----------+---------------------+----------------------------+--------------+-------------------+----------+----------------+---------------+-------------+-------------+--------------+-----------+-------------+---------------+----------------+-------------------+---------------------------+-----------------------+--------------+-------------------------+---------------------+-------------+---------------------+------------------+-----------------+--------------+------------+----------------+--------------+-----------------+--------------------+--------------------------+--------------+---------------------+-----------------------+--------------------------+----------------------+----------------------+---------------------+----------------+--------------------+-----------------+---------------------+----------------------+---------------+--------------------+-----------------------+----------+
| cl_a_id | cl_a_title | cl_a_title_seo | cl_a_member_id | cl_a_category_id | cl_a_date_added | cl_a_date_updated | cl_a_price | cl_a_condition | cl_a_type | cl_a_advert_expired | cl_a_advert_expirationdate | cl_a_package | cl_a_advert_views | cl_a_tid | cl_a_ipaddress | cl_a_featured | cl_a_pinned | cl_a_locked | cl_a_content | cl_a_open | cl_a_rating | cl_a_location | cl_a_questions | cl_a_primaryimage | cl_a_unapproved_questions | cl_a_hidden_questions | cl_a_reviews | cl_a_unapproved_reviews | cl_a_hidden_reviews | cl_a_offers | cl_a_paymentpending | cl_a_dealpending | cl_a_allowoffer | cl_a_topicid | cl_a_items | cl_a_completed | cl_a_contact | cl_a_contact_pm | cl_a_contact_email | cl_a_contact_email_email | cl_a_renewed | cl_a_completed_date | cl_a_completed_reason | cl_a_url_external_advert | cl_a_buyer_member_id | cl_a_feedback_seller | cl_a_feedback_buyer | cl_a_meta_data | cl_a_gallery_album | cl_a_skroutz_id | cl_a_watch_notified | cl_a_real_date_added | cl_a_shipment | cl_a_shipment_note | cl_a_shipment_options | cl_a_USD |
+---------+------------+----------------+----------------+------------------+-----------------+-------------------+------------+----------------+-----------+---------------------+----------------------------+--------------+-------------------+----------+----------------+---------------+-------------+-------------+--------------+-----------+-------------+---------------+----------------+-------------------+---------------------------+-----------------------+--------------+-------------------------+---------------------+-------------+---------------------+------------------+-----------------+--------------+------------+----------------+--------------+-----------------+--------------------+--------------------------+--------------+---------------------+-----------------------+--------------------------+----------------------+----------------------+---------------------+----------------+--------------------+-----------------+---------------------+----------------------+---------------+--------------------+-----------------------+----------+
|    3111 |            | -              |          10354 |                8 |      1683820042 |        1683820042 | NULL       |              0 |         0 |                   0 |                          0 |            0 |                 0 |        0 | IP Address Removed |             0 |           0 |           0 | NULL         |         1 |           0 | NULL          |              0 |              NULL |                         0 |                     0 |            0 |                       0 |                   0 |           0 |                   0 |                0 |               0 |            0 |          1 |              0 | NULL         |               1 |                  0 | NULL                     |            0 |                   0 | NULL                  | NULL                     |                    0 |                    0 |                   0 |                |                  0 |               0 |                   0 |           1683820042 |             0 | NULL               | NULL                  |     NULL |
+---------+------------+----------------+----------------+------------------+-----------------+-------------------+------------+----------------+-----------+---------------------+----------------------------+--------------+-------------------+----------+----------------+---------------+-------------+-------------+--------------+-----------+-------------+---------------+----------------+-------------------+---------------------------+-----------------------+--------------+-------------------------+---------------------+-------------+---------------------+------------------+-----------------+--------------+------------+----------------+--------------+-----------------+--------------------+--------------------------+--------------+---------------------+-----------------------+--------------------------+----------------------+----------------------+---------------------+----------------+--------------------+-----------------+---------------------+----------------------+---------------+--------------------+-----------------------+----------+

Now I'm not sure how the title could be blank in the database because the field is required and I tried to post withuot a title and it didn't work. 

Anyone have this running on 4.7.10?

@InvisionHQ any ideas?

Now I received this error

Anyone? This is an issue that's effecting my community right now. 

I updated to 4.7.10 last night and now see an error.

On this page - https://audiophilestyle.com/discover/385/ the first ad shows the error. This person just tried to list an item and also received an error.

Also, seeing the error when trying to view the Amplifiers category here - https://audiophilestyle.com/classifieds/

This bug remains unsquashed in 4.4.9 :~)

42 minutes ago, Phillyman said:

Can I get a tl;dr

I’d pay hundreds of dollars for a new app.  I’d also pay to have the old classifieds content moved into the new app. 

Do people have exit plans to get out of Classifieds, but retain the content? That’s my worry now.

This is really troubling and will eventually put all of us in a really bad spot, if it isn’t resolved.