Pushpendra Singh Chauhan

After disabling mod_security the error gone and website is working fine. But expert says Mod_security module helps to protect the website from various attacks. If mod-security is disabled, the website will be at risk from vulnerabilities. Please suggest what to do?

Yes I am aware of this excellent feature. But security agencies in many countries doesn't clear this. That's why I asked to give this as a option. Captcha is there in registration form so it would not be tough to give an option in login page too for you guys. Also, what if a bot hit a wrong username password multiple time it could not lock anything but each time a query will run and make the heavy load on db. Captcha may stop this. Or you must block that IP for 15 minutes.

Hello Invision Team, IPS should give an option to add invisible re CAPTCHA in the login form. In countries like India Security agencies don't give the clearance without this. This is highly recemented by them. I request to provide this in next update. This is my experience why government agencies avoid to use Invision Community as a CMS for their websites.

The directory /uploads/logs is empty. There is no error logs

Hi, I am trying to add bootstrap5.css file in Pages>templates>css but the file is not getting save. I tried to paste file in small pieces but after a specific length this is showing error There is also bootstrp4.css Please note - if I hit save without doing anything the same error occurs. The same thing is happening in pages after some line the page is not getting save. If I remove some lines it works fine. Kindly advise. I want to add here recently we changed the server is this due to server misconfiguration. if, pls suggest what to do

If I can use this on registration page there should a way to use this on login page too

Hi, Is there a way to have Invisible Invisible reCAPTCHA/ reCAPTCHA V2 on login page? At present this is on registration page only.

Posted in Suggestion and feedback. Also, I want to know the use of field named EXTRA_DATA in the table core_statistics. Please suggest

It would be great to get IP address of guest/members to are searching content on the website. In ACP>activitystats>Searches , I can see only three fields here SEARCH TERM RESULTS DATE I tried to see in DB table core_statistics but no IP field is there So Please add IP Address in this table in future update

Hi, I've a requirement. I want to get IP address of guest/members to are searching content on my website. In ACP>activitystats>Searches , I can see only three fields here SEARCH TERM RESULTS DATE I tried to see in DB table core_statistics but no IP field is there Also I saw a field named EXTRA_DATA here but could not understand the use of this field Could anyone suggest how can I get the IP for searches? A little suggestion would be a great help.

Thanks will contact form for this in future @Randy CalvertCould you guide a little bit about no.2 (Host Header Injection:) how to mitigate this at the server level. it would be a great help.

Hi, The security audit agency found some vulnerabilities. Invision team kindly look into this urgently @Marc Stridgen 1. Source Code Disclosure: The attacker can get sensitive information of application which leads to other chaining attacks. 2. Host Header Injection: : An attacker can perform malicious activity using host header injection. Attacker can control the host header and exploit it using web-cache poisoning. 3.The application transmits the clear text password from Login Page.

How can i disable this from ACP?

OK. thanks for your quick response. But I want to know why my website is communicating with Google server? what is the use of https://fcm.googleapis.com/fcm/send/...? Can i disable this from ACP ?

Hi, I am getting repeated log entries. The log entry is as below: https://fcm.googleapis.com/fcm/send/cTvWTA96mfs:APA91bGOg6MeOTtwRsv6cpdU4TL3PqbjShfG4oQMfpPrsh84-kKRmql_FsflyA3VBtKVOZjjtHDKm8rB7TSmmKRLc2-9n8r5bGdoJL_jzQZkzDq2FjCdqtCPaT3M0TwU681xxzQbj7Q4 Connection timed out after 10000 milliseconds Why this is coming again and again what is the use of https://fcm.googleapis.com/fcm/send/... and how can I get rid of?

Hi, In ACP I can see the System Log but if I check Uploads>Logs directory there is only one file index.html (0KB). All I need to share System Logs and Error Logs to my Organization's security team. In which directory I can get System Logs? Please help..

I am asking this because when I get access of Server A and make any changes through ACP let say I change guest cache time this is not reflecting in Server B and C. In future if i upgrade IPB version I am afraid I need to upgrade all 3 webservers separately.

Checked app key there is nothing wrong, also checked with a new api key but the same is happening. Sometimes it works if i clear system cache. Is system cache making problem? I have a question the previous setup was 1 master and 1 slave webserver. Now all 3 webserver are master, a fileserver is mounted on all 3 and 2 DB server (1 read and another with write permission) is linked to each. Is this correct setup? Or should I create a master webserver with 2 slave servers?

I checked the app is using the same key that is in rest API section. I am not understanding what invalid is in that?

Yes a mobile App is using REST API to display Files only (for guest users) . but we didn't change the load balancer configuration. We were using 2 webserver by December 21. one of them was corrupted so we decided to add new servers on the same load balancer. Now we have 3 webserver added to same LB. I checked mobile APP too, sometime this display files sometime not. Sometime API works sometime display this error { "errorCode": "1S290\/A", "errorMessage": "IP_ADDRESS_BANNED" } While accessing REST OAuth section i am getting this error I removed ban filter may times. Pls suggest the way that to do ?

I am not aware of this. How can I check this, pls suggest? or how can i increase this value? How can i fix this error?

Hi, I was running my website on single server, today I separated Web, DB and Fileserver. Now I have 3web server+1 fileserver+1db(write permission)+1db(read permission). All webserver are added to a load balancer, The problem starts when load balancer switch the webserver after some time, this show banned message for logged in user. If I check User>Member Settings > Ban Setting, sometime this show that my IP is banned (Reason: API.) If I delete this filter everything works fine. Sometime it work after Clearing system Cache from support tool. I am able to access admin panel from all webservers, but getting problem for frontend login, once load balancer switch the server. We (organization) use a common IP that is above in screenshot, every registered member is facing the same problem. For Guest users everything is fine. Could anyone suggest what I am doing wrong here?

@Matt We are on a government hosting agency that is not open to external urls. To communicate with Invision remote server this is required, otherwise I can't update the Invision Community version.

Hi, For the whitelisting of URL remoteservices.invisionpower.com my hosting provider is asking for IP detail of destination server. Invision Team could you help me in this regard?

Ok. thanks @opentype and @Daniel F