CoffeeCake

If you integrate with the Commerce support tool, there is a setting where you can add filters to ignore things like e-mails from a specific e-mail address.

I'd like to learn more about these "defart" strings.

As the title suggests, if I restrict a member from posting for 30 days that should also restrict them from reacting to posts, or at least have an option to disable.
Had a couple of members now taking their frustration out by trolling the moderators with reactions following their temporary restrictions. Work around has been to move them into different groups where they can make 0 reactions a day, but would be nice as I say to have that as an option.

You can enable the TOTP token without forcing others to use it, yet this is also a problem from the perspective of looking up your member record in ACP, as the questions and answers are visible in plaintext.
See:
 

I understand there's a separate permission, however I believe this data should not be shown without explicitly requesting it and logging that it was requested to be viewed. This should be an auditable activity.
Someone that has this permission should not be able to see the answers of every person who has supplied those answers just by viewing the member record in ACP.

And there is the fleshing out of the request: you are referring to the Q&A functionality here.
I will be honest and say that you should implement Google Authenticator instead as your second-step for the ACP, as it isn't static.

That's precisely the issue you're facing. SendGrid's unsubscribe mechanism is designed to make sure you don't email people who tell you to stop e-mailing them, so it stops any e-mails being sent out to them for other purposes if you don't use unsubscribe groups. By using their default unsubscribe without groups, you effectively told SendGrid "block e-mails to the people that unsubscribed so they don't get spammed."
SendGrid, without groups, has no idea what you're sending. It can't tell the difference between your newsletter and password reset e-mails. It just knows dualipavsbritney420@gmail.com said I don't want e-mails from this sender, and effectively stops those e-mails from being delivered wholesale.
To fix this, you probably want to create a newsletter specific group and a group for "important site communication" that would be things that IPS sends out by default. Then, manually move your unsubscribes into the newsletter group (that's probably what they wanted when they did it).
See here to set it all up:
https://app.sendgrid.com/suppressions/advanced_suppression_manager
Look here on how you should update your e-mails:
https://sendgrid.com/docs/ui/sending-email/index-suppressions/
Ideally though, you'd want to remove these e-mails from your actual tool that sends out Newsletters instead of having SendGrid manage suppressions. Each e-mail that is suppressed consumes one of your e-mail credits, so it's probably better to go in and remove them from your mailing list.
What do you use to send newsletters? IPS itself or some third party product/application?

Just that this thread exists is a sign that it's done the wrong way.
Furthermore, I can't find any "PRUNE MEMBERS" link in my Members page. I have some hundred spammers that I want to ban and delete. It's quite tedious to do this manually.... 😖

THIS.

You would need to modify (or have someone modify for you) the behavior of IPS.
You have some options:
Remove the Google Analytics integration configuration from the ACP entirely. This will remove the script tags from all pages of your community. Then, add the code manually to your theme with a condition to exclude the areas in question. Create or find someone to create an extension for you that would allow you to remove the tags from a selected area of your community.

On the page that you don't want tracked, however this code will not remove the script tags you took a screenshot of. Instead, it will still call Google Analytics, while also instruct GA to not record analytics on the page.
See: https://developers.google.com/analytics/devguides/collection/gtagjs/user-opt-out

I'd say that there is likely a 50/50 split between spam registrants that are simply trying to create a profile with links in an attempt at SEO or link count nonsense as compared to those that actually attempt to post.
There is a need to be able to moderate links in profile fields. We turn off profile viewing to guests as one way to mitigate against this, but it's less than ideal.

Thank you for this. We operate a site that is similarly sized to the one you are associated with, and have had similar suspicions.
We had far better success at addressing the issue by focusing our efforts on the source of registrations. For us, the majority of spam registrations came from particular network segments once we looked at the ASN associated with known spam registrants. We used our CDN's firewall feature to handle those registration attempts and have quite significantly reduced the number of spammers getting through. It's mostly a rare occasion now.

And there is one:
 

Stuff it...have a v2.1.0..currently pending approval
Fixes none Changes added option to allow quotes to be fully collapsed, showing no content apart from the citation added ability for settings to be controlled on a per-user basis, via Account Settings -> Quotes control  

Well, it's actually visible, but it's white on a white background. You should probably change the color or add a border 🙂

You could use custom variables to differ between logged in members and guests.

@wohali, I think @Lindy is misunderstanding your question. This is exactly how we download updates--we step through the installer, download them locally when given the option, and then put the files into our production server using our deployment mechanisms. We do not have sftp open to the world, and we manage code changes via git. We step through the updater, provide IPS credentials, and then click the link (look carefully for it) that says something like "I'll upload these changes myself."
You will then get a zip file with delta changes in your browser (only the files that have changes to them), and can use whatever your process is to deploy those files.
Alternatively, log into the Client Area and download the suite. This will include all files (not just those changed between the release you've deployed and the latest).

Please don't deprecate this. Hide in the docs, put up big warnings if you must, warn people that there is no additional security by doing this by itself, but please leave the option intact. Security through obscurity is the reliance of hiding things on security and is bad news bears. However, having the admin control panel in a non-standard place is one of many layers of protection, upon which moving it is not relied upon for security.
Consider Magento: https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html
Capturing and mitigating against attempts to access the default URL serves a honeypot of sorts (we identify and isolate attempts to hit /admin which would be coming from no one up to any good), helps protect against scripted attacks, and layered with other protections, serves as a multi-layered approach to security. We secure administrative things on multiple fronts, including moving the ACP address, protecting access behind zero trust authentication, and having separate accounts for elevated administrative functions. We monitor and block traffic attempting to access known paths that no legitimate user would have any business accessing (i.e. example.com/wp-admin/, /admin, etc.), but we protect the actual administrative things as if the URLs were known to all.
The option to change the ACP path absolutely should come with a big "do not tamper with unless you know what you're doing" sticker. But please don't take it away.

You may want to go to CodingJungle's web site and purchase from there. www.codingjungle.com
https://codingjungle.com/articles/records/why-i-am-leaving-the-ips-marketplace-r90/

Please don't deprecate this. Hide in the docs, put up big warnings if you must, warn people that there is no additional security by doing this by itself, but please leave the option intact. Security through obscurity is the reliance of hiding things on security and is bad news bears. However, having the admin control panel in a non-standard place is one of many layers of protection, upon which moving it is not relied upon for security.
Consider Magento: https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html
Capturing and mitigating against attempts to access the default URL serves a honeypot of sorts (we identify and isolate attempts to hit /admin which would be coming from no one up to any good), helps protect against scripted attacks, and layered with other protections, serves as a multi-layered approach to security. We secure administrative things on multiple fronts, including moving the ACP address, protecting access behind zero trust authentication, and having separate accounts for elevated administrative functions. We monitor and block traffic attempting to access known paths that no legitimate user would have any business accessing (i.e. example.com/wp-admin/, /admin, etc.), but we protect the actual administrative things as if the URLs were known to all.
The option to change the ACP path absolutely should come with a big "do not tamper with unless you know what you're doing" sticker. But please don't take it away.

Thanks @SUBRTX - that's at least a step in the right direction, which is great news.
However, as I've just posted over in the comments on that link, I don't think it's been thought through very well.

Here's what I posted over there.
========================
I just had a closer read of it and and whilst it is a step in the right direction, I still don't think it's amazing.
Most people that use these notifications will still want to be notified when one of their posts is quoted by someone else.
But no-one wants to be notified when their post get a like/reaction.
So, keeping "quoted" and "reactions" bundled into a single option is a mistake in my opinion.
I feel like "quotes" should either be bundled with "replies / mentions" or setup as it's own option.
To be honest - for the best granularity - IMHO all 4 options should be separate.
I.e.
- REPLIES         [ON / OFF]
- MENTIONS   [ON / OFF]
- QUOTES        [ON / OFF]
- REACTIPONS [ON / OFF]

Cautionary tale: Be careful on what third-party applications or extensions you decide to purchase and depend on. Get nothing you can't live without or upgrade/support yourself if anything other than "works today" matters for you.

You likely installed a version of mysqldump that doesn't match the version of mysql on your server. In any case, try adding:
--column-statistics=0 to the command.