Jump to content
You're invited! Join our 4.6 Live Event on ZOOM 6/24 ×

Community

sadams101

+Clients
  • Posts

    539
  • Joined

  • Last visited

 Content Type 

Profiles

Downloads

IPS4 Providers

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Forums

Store

Everything posted by sadams101

  1. Could it have to do with the fact that my site is https? For example, I had issues with my article site's search engine that I just had to fix. The fix was simple: 1) download https://www.google.com/afsonline/show_afs_search.js, put it to module folder, change all "http:" entries to "https:" in it.2) modify the line that calls the script to be the local path, for example /forum/show_afs_search.js
  2. www.celiac.com/gluten-free/ Try running this search: gluten free food at: https://www.celiac.com/gluten-free/search/ and then try running it on the top-right box. You will see that the ads don't appear when you use the box, only when done on the search page.
  3. The problem I am having now is that if you search using the top search box that is at the top of every page, the results don't show ads. Only if I search from the /search/ page do I see ads. This is a big issue because most people search using the box at the top.
  4. 2005? Sorry, but submitting passwords and logins over non https is considered a really bad idea by anyone.
  5. I did that and redirects do no work. Try taking out the "s" on one of your forum links and see if it automatically redirects to the same page with https. Mine definitely does not.
  6. Hello Martin, thank you for the reply, but please re-read the email that google sent me--this is a different warning than you refer to, as it won't begin happening until 1/1/17. Also, the warning will be triggered on every single page on my site because every page links to a non https registration page, thus, every user not logged in will see the warning on each page they try to load. To be clear, is the code you offer here a fix that would make the register page go to https? Sorry, but that wasn't clear in your post. If so, where does it go?
  7. Thank you Joel R, nice to have a response in this forum that is helpful. As for me posting this in this in Product Feedback, as mentioned, I started this by creating a ticket and reporting it the proper way, but Marc Stridgen says: So now I am very curious how yours could be working, as he seems to acknowledge that this is a known non-issue. He did install a new skin on my site and tested it, as I see the IPS Support skin he added yesterday, so it isn't my skin (I tested this too). I also checked my htaccess, and nothing there is redirecting it. Would you mind telling me the URL to your site?
  8. Ok, so I turn on the https feature in admin, I assume to protect my login and password, but that feature does not protect any of my user's logins or passwords--and this is not a bug, but I should fill out a feature request. At the very least this would be poor, irresponsible software development, at worst a lawsuit waiting to happen should any of my users get their accounts hacked and money stolen from them because a hacker picked up their info. opentype, you should consider applying for a job at IPS as you sound a lot like Marc Stridgen after I reported this issue to him in a support ticket.
  9. Wait until hundreds of IPS clients start getting the insecure page warnings in Chrome that will happen on EVERY page that links to the registration page (starting January 1st...2 in days!)--gee I think that is all pages, no? Then we can talk about whether or not "IPS" treats it as a bug or a "feature request." Bet it will be fixed faster than most bugs are... :-) If the developers actually understood site security this never would have happened, but apparently, like site speed, the don't.
  10. opentype, please see: https://support.google.com/webmasters/answer/6073543?hl=en You may experience a temporary fluctuation in site ranking during the move. With any significant change to a site, you may experience ranking fluctuations while Google recrawls and reindexes your site. As a general rule, a medium-sized website can take a few weeks for most pages to move in our index; larger sites can take longer. The speed at which Googlebot and our systems discover and process moved URLs largely depends on the number of URLs and your server speed. Submitting a sitemap can help make the discovery process quicker, and it's fine to move your site in sections. Since my site is huge, nearly 1 million posts, this could take weeks to sort out in google search, which is what happened last time I did a change.
  11. You are incorrect about it not being a bug. Simply search google as to whether registration pages that ask for personal data should be https or not--the admin switch for making the admin area and the login page https should also include the registration page--why wouldn't it? Daveoh, please give me one good reason why that page should not be HTTPS--on the registration page I am asking members for their password and login on an insecure page. I am also asking them for their name, address, phone, etc., but really, any google search will tell you not to EVER ask for a login and password on a non-secure page. Therefore, the https switch in admin has a bug. I invite anyone who reads this to convince me otherwise--no offense Daveoh, but you haven't. I've been on the internet over 20 years (Celiac.com, but the forum is www.celiac.com/gluten-free/ ) with my site, and my forum has more posts than this one...I know a bit about securing sites, SEO, etc. Below is the entire email I received from Google Search Console Team. One other major problem I've had with IPS, and I now also consider it a bug due to the fact that it causes all uses of IPS to lose page rank in google, is the fact that IPS doesn't combine Javascripts or do other obvious things to increase site speed. I noticed they are now blocking google's site speed check for this site: https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Finvisionpower.com%2Fforums%2Ftopic%2F434738-registration-page-is-not-secure%2F&tab=mobile I am not sure why they would do this, but I used to use this to complain about this very issue. This site, like mine and all of your sites, is likely scoring lower now due to not fixing these issues--it affects all IPS users' page rank. Sites that ignore these things were hit especially hard a few months back by the Possum Update: http://www.clickthrough-marketing.com/seo-news-roundup-googles-possum-update-has-effect-on-local-serps/ Why would IPS ignore google site speed recommendations for so many years--why not just include such optimizations into development? Only IPS knows, right?
  12. I reported to IPS that their registration page (/ips/registration/) is not a secure page, even if I have selected my login and admin areas to be https in the board settings. I think we can all agree that this is a HUGE bug--you can't ask for personal data via a non-secure page. My site's rankings have dropped recently due to this, and I received warning from Google about it. "Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as 'Not Secure' unless the pages are served over HTTPS. " Remarkably Marc Stridgen at IPS told me "The login over https would cover the login pages only, and not the registration page. In order to have the registration page over https, you would need to switch the site over to https as a whole. " Thank you, but I don't want a complete domain change, which google warns could drop my ranking for weeks, to fix what is really just bad coding. This is a bug that IPS needs to fix, and if affects everyone reading this whose entire site is not in https (the vast majority of you). I have tried simple server 301 redirects which don't work, and create a redirect loop, so I can't fix this on the server level. The only way is for IPS to fix their bug, and code this page properly.
  13. UPDATE: I got it working after uninstalling it, then re-installing it. If fact, it seems that you need to do this each time you update your version of IPB. I have noticed that running an update on IPB breaks this plugin, and you must re-install it each time after running the update.
  14. I am using 4.1.17.1 and a custom skin, and the plugin does not seem to work at all...I keep getting the normal search results and no CSE content is displayed. You can test it here: http://www.celiac.com/gluten-free/
  15. This plugin was working, but now in the latest version of the board it stopped working for me. I uploaded the latest version of your plugin, but can't get it going. EDIT: I got this working again...I had to fully uninstall it, the re-install it, and that solved the issue.
  16. I got this working, but was hoping it worked after X posts too. Can you add that feature?
  17. I just bought this and have no idea how to set up an ad...there are zero directions.
  18. Over time google has been ranking these things more and more, which is why the scores have gone lower. This trend will continue for all IPB users until the problem is fixed. It is clear by looking at the IPB site's ranking drop over the last year that you don't pay much attention to site ranking: http://www.alexa.com/siteinfo/invisionpower.com ...otherwise you'd focus on it more.
  19. Thank you for pointing me to that...I've been playing around with it and they clearly didn't imagine that anyone would want their tabs/links in a particular order. Moving them around within the design box doesn't work either...very strange coding indeed.
  20. Great plugin! No idea why IPB hasn't make it easier to add external links to their menu. It works great on the desktop version, but I do not see where the links show up in the mobile version...or do they work in the mobile version?
  21. Try looking at the mobile...so you are a B- on desktop, and still totally unconcerned...nice to see that nothing has changed!
  22. While it may have been 91/100 in January--Google is now weighting this CSS problem of yours more heavily (I really don't care that you guys at IPB don't think it is a problem--you have never taken google or site ranking seriously--and shame on you for this because you affect so many sites with your short-nearsightedness in this matter). Check your score now...looks like this page gets 62/100. Good luck with that in google!
  23. I recently upgraded to 4.x and had the exact same issue...the use of emoticons now triggers Mod Security and 406 blocks users. I've done some research on this, and am hoping you found a solution--if you do could you please post it here? Here is the info I have: 1) The Mod Security warning I get: [msg "Cross-site Scripting (XSS) Attack"] 2) The specific piece of code that seems to trigger it which is included in the warning: [data "src\x22:\x22http:"] 3) After opening a ticket with Invision they told me that this specific way of calling the emoticons is probably the actual trigger: [{"src":"//community.invisionpower.com/uploads/emoticons/tongue.png","text":":tongue:"}] 4) And now for the hard part, here are my XSS Mod Security Rules...can anyone tell me how to modify them so that this won't happen anymore? Obviously taking out the entire rule is what I had to do for now, but what I am really seeking here is just removing the one part of this rule that is causing the block: # XSS SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pm jscript onsubmit copyparentfolder javascript meta onmove onkeydown onchange onkeyup activexobject expression onmouseup ecmascript onmouseover vbscript: <![cdata[ http: settimeout onabort shell: .innerhtml onmousedown onkeypress asfunction: onclick .fromcharcode background-image: .cookie ondragdrop onblur x-javascript mocha: onfocus javascript: getparentfolder lowsrc onresize @import alert onselect script onmouseout onmousemove background application .execscript livescript: getspecialfolder vbscript iframe .addimport onunload createtextrange onload <input" \ "phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:1234123406" SecAction phase:2,pass,nolog,skipAfter:1234123449,id:1234123405 SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "(?:\b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?:owsrc\b\W*?\b(?:(?:java|vb)script|shell|http)|ivescript)|(?:href|url)\b\W*?\b(?:(?:java|vb)script|shell)|background-image|mocha):|s(?:(?:tyle\b\W*=.*\bexpression\b\W*|ettimeout\b\W*?)\(|rc\b\W*?\b(?:(?:java|vb)script|shell|http):)|a(?:ctivexobject\b|lert\b\W*?\(|sfunction:))|<(?:(?:body\b.*?\b(?:backgroun|onloa)d|input\b.*?\btype\b\W*?\bimage)\b| ?(?:(?:script|meta)\b|iframe)|!\[cdata\[)|(?:\.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)|\@import)\b)" \ "phase:2,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Cross-site Scripting (XSS) Attack',id:'1234123404',tag:'WEB_ATTACK/XSS',logdata:'%{TX.0}',severity:'2'" SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "(?:\b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?:owsrc\b\W*?\b(?:(?:java|vb)script|shell|http)|ivescript)|(?:href|url)\b\W*?\b(?:(?:java|vb)script|shell)|background-image|mocha):|s(?:(?:tyle\b\W*=.*\bexpression\b\W*|ettimeout\b\W*?)\(|rc\b\W*?\b(?:(?:java|vb)script|shell|http):)|a(?:ctivexobject\b|lert\b\W*?\(|sfunction:))|<(?:(?:body\b.*?\b(?:backgroun|onloa)d|input\b.*?\btype\b\W*?\bimage)\b| ?(?:(?:script|meta)\b|iframe)|!\[cdata\[)|(?:\.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)|\@import)\b)" \ "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Cross-site Scripting (XSS) Attack',id:'1234123449',tag:'WEB_ATTACK/XSS',logdata:'%{TX.0}',severity:'2'" Command access SecRule REQUEST_FILENAME "\b(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe\b" \ "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Access',id:'1234123399',tag:'WEB_ATTACK/FILE_INJECTION',logdata:'%{TX.0}',severity:'2'"
  24. In the spirit of helping someone else out on a late night...the correct code that worked for me was not above, but: <div class='ipsResponsive ipsResponsive_hidePhone'> <!-- insert advertisement code here --> </div> <div class='ipsResponsive ipsResponsive_hideDesktop'> <!-- insert advertisement code here --> </div>
  25. Will (DP34) Adverts in Topic 2.1.6 work in the new 4.x version of Invision Power Board?
×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy