CoffeeCake

I would agree. IPS has some ways of showing this now, however it's very difficult to see it unless you already suspect it from a moderator perspective. Things like shared devices should have a better way of being surfaced in the various control panels, so that you can easily see a list of those devices at the device level that are used between multiple accounts, rather than from the user level. This would greatly help in identifying problematic issues.

If you see that the member is banned in the admin CP (red notice when you look at the user), then you know the ban status was successfully converted from MyBB and you can safely move them into the members group. They will retain the banned status, regardless of usergroup.

It may also be wise to make sure nothing is skimming cards from your site as another avenue that would account for suspicious activity being associated with the payments. Verify all IPS files are intact and unmodified, check plugins and applications, server filesystem, logs, etc.

I'd suggest reaching out to Stripe and see if they can shed light on that. Per their documentation, that's a bank-level decline, so they may not be in a position to even be able to get that information or share it. In other words, they're accepting what they're getting from IPS and passing it along to the processor rather than stopping it because of a bad API call, or their own fraud checks. I imagine if a processor marked your site as a place where fraudulent purchases are more likely to be made (would that make sense for your purchasable content?), then you may be getting stopped by fraud checks more frequently as another possible scenario. The customers may be getting a phone call or alert from their banks that purchases were blocked as potentially fraudulent and ask the customer to verify that the purchase was intentional. This would be different from Stripe identifying it as fraudulent.

Here's more information on Stripe's decline codes and how to interpret them: https://stripe.com/docs/declines/codes#do_not_honor do_not_honor The card has been declined for an unknown reason. The customer needs to contact their card issuer for more information. Typically, this would be for fraud alerts or insufficient funds for banks that don't report that information back to the processor.

Good idea, Joy Rex, yet I don't believe this is an option with the warning system. It would require an extra step in admincp to move the member, and then an extra step and manual follow up when the member is no longer banned if set for a period of time. It would be nice to be able to provide an indicator that Member X is on hiatus for a little while for losing their cool.

Thank you for this. It looks like altering the group promotion to "no" for the promotion filter is a temporary work around that prevents members with disposable email addresses from being promoted. We were trying to figure out what was wrong with promotions independently.

I think the leaderboard feature is good for content that is largely objective (answers to homework questions, how to, technical discussion, support), and is dangerous for content that is largely subjective (opinions, politics, art, personal preferences). It would be great to tabulate this data but have the option to only make it visible to administrators or by usergroup. I don't think that's how it works now.

I will share that this has come up at well, in our predominantly mobile, high traffic, website. Unfortunately hover events aren't supported on mobile. I'd like to give members the option to toggle between relative and actual time. And I'm a bit sad to see the misogynistic comments.

Have you considered OAuth? Check this guide for a bit more info and context:

Paging @Adriano Faria 🙂

Interesting approach. Yet, I agree a bit clunky. Adding, that at least in the use case we have, we only want it to restrict people who can post. So, if it's a guest (or search engine), we don't want the restriction.

Yes, I saw that one, thanks! I'm not sure if clubs provide this functionality, yet looking for a way to give notice and set expectations before entering a segment of the community. "There be dragons ahead" sort of thing. Something like an interstitial page or dialog that appears, with forum specific information, such as: "Attention, you're entering the 4.5 beta forums. We have some specific rules about these posts and we need you to follow them. If you don't want beta related information, click the go back button. Otherwise, if you agree to reading all sorts of things about beta bugs, click agree to continue." Ideally with the ability to configure once per session (agree every time you come back to the site and enter this area) or once per member (agree once and never be bothered again, unless maybe the rules change?) and enabled by usergroup (no sense in alerting a moderator, for example).

I could have sworn I saw this somewhere, but can't find it. Is there a way to force a user to agree to a set of rules for a particular forum before being accessed? Sort of "by continuing, you agree......" I see where rules can be defined by forum, but no where to force an extra click. Ideally these would appear any time a person clicks on a link to a thread within the forum, or is just viewing the forum thread list.

Hopefully @Rhett has some insight into this and not just going off on a limb and assuming your site is not a clearinghouse for all things adorable puppies in people clothes then..... I guess if you run spammersandhowtospam.spam, then, yes, you may be asking for it. 😁

No problem! Yes, that's what I meant by duplicated in bad words filter. If apple is a bad word in posts and display names, you need to enter it as both types. But, we have use cases, where things like "admin" are okay to say in a post, yet would be a bad name to register.

Sure! Go to Members > Member Settings > Ban Settings > Add Ban Filter Choose Non-Registrable Name as the type. Enter in the Content, using * as a wild card. If you think the word "apple" is a bad word, and you don't want people to be able to use the word "apple" anywhere in their display name, you can enter in *apple* in the content field, and then provide an optional reason that will display: "You dirty person, using apple in your name. Shame on you and your family." Rinse and repeat as desired 🙂 Without the wildcards, it will only prevent the actual name entered.

Check to make sure you're running the latest version of 4.4.10 and have installed all patches available when you go to support > something isn't working. There was an issue that allowed spammers to use 4.4.10 and lower to use the "e-mail this to a friend" feature to send spam.

Some discussion on potential ways to anonymize IP addresses: https://www.icann.org/en/system/files/files/rssac-040-07aug18-en.pdf

So, reporting back on this. Some issues. While I managed to get the desired result, there are two places that issues remain: dialog boxes that "pop up" are covered by the sticky header (for example, sending warnings to a user, or private message notifications. These either need to have a higher z-index, or be pushed further down the page. anchored links (jumping to a specific post halfway down a thread, for example) are covered up by the header. Are there solutions for these side-effects that can be implemented?

+1. Miss this from vbulletin.

We would like a way to keep IP address information from being viewable by moderators, yet still allow them to use the IP address tools to find individuals who register more than one account and see posts that have been made by the same address. Please consider making these tools available, yet with a hash or some other unique string that can be used to translate what is reported by a moderator as a problem, only viewed by trusted administrators, while keeping moderators from viewing the actual IP address. There are jurisdictions where this information is sensitive and access should be minimized. Instead, have something like a hash or string that represents the IP address displayed, or make these tools function without revealing the data. We'd like to additionally have the ability to show the location on a map without the IP address info. We know there's an option to not show IP addresses, which we use, yet we'd like to allow them to be able to use the IP address tools in mod CP without having access to the actual addresses.

We do this through the "unregisterable" list, which is duplicated in the bad words filter.

If you're wanting to ban the web server itself (presumably apache in your case), you can ban IP ranges by providing a partial IP address or by using CIDR notation. See: https://httpd.apache.org/docs/2.4/howto/access.html

Please consider making it possible to select all posts on all pages of a given thread through moderation tools. If, for example, I wanted to select all hidden or unhidden posts in a thread containing hundreds of posts, I'd have to paginate through each page of the thread and individually select that option. I'd like a "select all posts in this thread / select all hidden posts in this thread / etc." option in the moderation drop down. This feature existed in our previous forum solution and is greatly missed.