Jipa331

Thanks for the suggestion. it would help to solve this issue. Where can I find this option in IPS ACP? (logout all users at once and request all of them to reset their PW)

Regarding this, They demanded money to avoid leaking my website's ID and password information. To test their capabilities, I asked if they could obtain the ID and password for three other random IPS-based websites. Within 10 minutes, they sent me the credentials for these sites, involving thousands of accounts for each. What's most alarming is that these ID and password combinations were indeed functional on other IPS websites. Even though it's not IPS's fault, there needs to be better login protection. The current 2FA system is insufficient for securing all accounts. Currently, members must manually register 2FA after logging into our website. Implementing email code verification at login would be a more effective method to protect all accounts.

Yes, I am aware that ID and passwords are not stored as plaintext in the database but are encrypted. It's possible that the hacker found various IPS sites using a different ID/PW saving tool and organized this information to send to me. However, there is a major flaw in the IPS login system. I know that 2-Factor Authentication (2FA) is available and can be enforced, but this is useless for people who have already left the website. A hacker could log in using the leaked ID and password and then register their own 2FA key. Like many other websites, why doesn't IPS require email-based code verification when logging in? If this were possible, it could securely protect all accounts, including those of people who no longer use the website.

My forum experienced the same issue. In my case, they weren't spamming articles (since only specific member groups can write articles on my forum), but they attempted to purchase products using the "saved credit card" information of genuine users. I've noticed that this can happen on many IPS websites. A few days ago, a hacker sent me a leaked list of IDs and passwords for my website, and I asked if they could obtain similar information for other IPS websites. They sent me leaked IDs and passwords for other IPS sites within 10 minutes. For me, this has been happening since March. Not sure whether this is the security problem related with IPS or not (I'm using the latest version of IPS now), but just want to report a similar issue with the above.

Ah I found a problem. I just miss typed on captcha setting. I thought captcha key can be used for different domains. Didn't know it was a unique for each domain.

Hello, I'm building a new forum using IPS, but I forgot how to add a "security check" to the sign-up page. My old forum had it, as does invisioncommunity.com, but the new forum does not have a sign-up captcha. I tried to check the options in ACP, but there was only an option to use a Captcha for spam post prevention. This is my new forum, and this is my old forum and https://invisioncommunity.com/ 's setting for Sign up Captcha It would be great if anyone recall my memory for this captcha setting.. Thanks!!

Hello, Is there any way to remove saved credit card info for all users at once? (on Stripe payment gateway) I know we can remove it one-by-one from ACP but want to clear all stored card information on all accounts. Any Idea?

Same opinion. Showing QR image is much easier to add token rather than typing security texts manually on Google Auth App.

Ye, Maybe I need to wait until Google or IPS fix this issue. Our users will cry, and tickets will be flooded even though they can see the "not able to scan" option. 😥

OMG, thanks! didn't know it

Hello, I'm trying to force Google 2FA auth to our forum users. However, I just noticed that the Google 2FA Setup QR Code image is broken now. How can I solve this issue? (I checked it on two different IPS forums, but it has the same results v4.7.4 and v4.7.12) I remembered that it had worked well before... People can add 2FA by manually typing code, but it is not good for user experience. When I check that image URL manually, its format is like below, but its page was not found with 404 error. https://chart.googleapis.com/chart?cht=qr&chs=200x200&chl=otpauth://totp/USEREMAIL@SOMETHINGEMAIL.com?secret=SECRECTCODE%26issuer=WEBSITENAME

Issue fixed. Sharing my approach for others to use. If you created a Stripe Webhook on the Stripe website (https://dashboard.stripe.com/webhooks/), Ensure that the number of webhooks does not exceed 16. Excessive webhooks on Stripe may disrupt its functionality. I resolved this by deleting duplicate, outdated, and unused Stripe webhooks.

Okay. where can I find my ticket address?

I've just updated my website to the latest Invision version, 4.7.12. But the same error is occurred.

Hello, I've been using Stripe for years without any problems until now. But I've just noticed today that when I tried to add a new Stripe payment method (like Apple Pay, Giropay etc), It shows this error on my Dashboard. "There is not a webhook set up or it does not have all required event types enabled. The following events are required: source.chargeable, charge.succeeded, charge.failed, charge.dispute.created and charge.dispute.closed" This is happening all of a sudden now because I successfully added another Stripe payment option a few days ago. I set/made all webhook addresses on Stripe Dashboard properly and added Stipe's Webhook IP address to firewall whitelist and... already added Stripe Card payment gateway is still working well now. I just can't add new Stripe Payment Method, or can't edit current one. Is there any idea to solve this issue? or is it IPS itself issue at present suddenly? Because I'm running two different Invision Community-based websites on different server, but both are showing same error (IPS Version 4.7.4). I guess this issue is similar to the below thread, but not sure how they fixed it or not.