Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble


  • Content Count

  • Joined

  • Last visited

  • Days Won

  • Feedback


Everything posted by NickTheGreek

  1. IPS Community Suite 4.4.10 Released 02/04/2020 Key Changes This is a maintenance release to fix bugs. Additional Information Core Added support for PHP 7.4 Added support for [Emoji 12.0](https://emojipedia.org/emoji-12.0/) and [Emoji 12.1](https://emojipedia.org/emoji-12.1/) emojis Removed support for Gfycat embeds due to ongoing unaddressed security concerns on their end. Adjusted advertisement CSS classes to use a dynamic class name. Added a reset to the "upgrade in progress" flag when the upgrader is reached but there are no applications to upgrade. Added caching to the "Who's Online" widget. Improved progress indicator in "Complete My Profile". Improved ElasticSearch error logging. Added an empty alt attribute to reaction images in streams, which validators may flag as invalid HTML. Upgraded CKEditor to 4.13.1. Upgraded PHPUserAgent to 0.15.0, which resolves an issue with detection of the latest Opera browser releases. Updated Firefox & Edge logos on device management pages. Disabled database read/write separation for tasks. Disabled tasks being triggered by AJAX requests. Blew Lindy's mind. Fixed clubs showing up in some places when users did not have permission to access the clubs module. Fixed signature edit field showing for moderators when editing a user when signatures are disabled globally. Fixed an issue with member history logs when a user logs in from a new device but has not completed 2FA (when required). Fixed a javascript error triggered by browser notifications on Android devices. Fixed an issue where users that do not have permission to view Clubs, can still visit content item URL's directly. Fixed display issues with coub.com embeds. Fixed an issue detecting the visitor's country in some cases when using address form inputs. Fixed an issue with dates adjusting incorrectly when crossing over DST threshold in some areas. Fixed an issue using arrows in the editor after an emoji is inserted in some cases. Fixed an issue where some items could be missing from the leaderboard. Fixed an issue where disabled apps could still attempt to process custom URLs. Fixed an issue paginating in tables when certain special characters were included in the URL. Fixed an issue where cookies set by javascript designed to "stick" would expire in Jan 2020. Fixed AdminCP notification that a member is validating not disappearing if the member is flagged as a spammer rather than banned directly. Fixed SendGrid failing to work when using a dedicated IP pool. Fixed an issue where non-required profile completion steps may not be shown after required steps in some cases. Fixed an issue where re-entering the profile completion process after completing it once, but taking an action that requires completion again, may not place you on the correct profile completion step. Fixed javascript errors preventing most javascript from working in IE11. Fixed moderators encountering an error when removing a reaction from a profile status update or status reply made by another user. Fixed an issue where a required profile completion step to supply values for profile fields that do not display on the a user's profile may result in endless loop. Fixed an issue where a user will see an option to skip required profile completion steps, which will just reload the step. Fixed multi-moderation actions so that they redirect back to the page you are currently on. Fixed an issue that can occur when searching by member and changing between result pages. Fixed an issue that caused images to not show properly in poll options. Fixed an issue where sitemaps may show a distant past last modified date for content that doesn't have a valid last modified date. Fixed an issue where animated GIF images may not be properly identified as animated. Fixed an issue where profile photos would not be saved during profile completion if file uploads was the only available option. Fixed an issue rebuilding topic content for areas such as Downloads and Pages that cross post to the forums. Fixed an issue displaying certain locale-specific characters (such as the thousands separator, and the currency symbol) on Windows. Fixes a visual issue on dropdowns in webkit-based browsers. Fixed favicon icon not applying to the AdminCP correctly. Fixed potential broken images when the image filename contained parenthesis characters. Fixed the Safari Mask Icon not working in some server environments. Fixed an issue where using long URL's in an announcement can cause a MySQL error. Fixed an issue using custom WHERE clauses with an external database login handler. Fixed unapproved comments incorrectly being counted on forums where the item has been moved and a link to the item has been left in its place. Fixed an issue embedding Flickr albums in posts. Removed 'nofollow' tag from status updates when member has no other content. Commerce Added clarification that a billing address is required for automatic renewals when deleting the primary billing address. Added a currency selector to the subscriptions listing. Adjusted the payment method deletion process to prompt the administrator for confirmation if there are active PayPal Billing Agreements, and to cancel those Billing Agreements prior to deletion. Fixed error approving or voiding transactions which were held for approval which were from a PayPal Billing Agreement. Fixed an issue where the AdminCP notification indicating your PayPal payment gateway is not set up correctly may erroneously trigger. Fixed an issue where custom fields may incorrectly show up when checking out as a guest while quick registration is enabled. Fixed a possible error when applying changes to subscription plans to existing purchases. Fixed an issue where converting a product with a tax to a subscription failed. Fixed invoice title not showing for transactions in Authorize.Net's control panel. Fixed possible error taking Authorize.Net payments Fixed an issue where images from upsold products in the add to cart dialog may not be styled or sized correctly. Fixed transactions using the "Manual (check, bank wire, etc.)" payment method not showing in the list of transactions requiring attention. Fixed an issue where testing settings would just output the card types when using Braintree. Fixed an error during the upgrade when no default currency is set. Fixed an error that occurs when creating or editing a coupon code and unchecking the "No end date" option but not providing an end date. Fixed an issue where profile completion could be triggered during checkout in some circumstances. Fixed possibility of setting up Stripe without a valid webhook. Fixed subscriptions bypassing the payment confirmation screen. Fixed a styling issue with the Member Subscriptions widget. Fixed a styling issue with the "Best Sellers" and "Latest Products" widgets in some cases. Fixed referrals not working when the site is not accessible to guests. Fixed an issue where checking a Braintree webhook URL from the Braintree control panel would report a 500 server error incorrectly. Converters Improved the conversion process when disabling a conversion step that another step required to run first. Added conversion of article tags to vBCMS. Added conversion of extra article categories in vBCMS, extra categories will be converted as tags. Added conversion of meta tag keywords and descriptions when converting records from vBCMS. Reordered some background tasks that run after a conversion is complete to prevent an SQL error during processing. Improved vBulletin 4 conversion to retain user validating status where possible. Improved vBulletin conversions to convert more PMs where they may not have previously been converted (due to parent messages being deleted). Improved URL redirects for some vBulletin URLs including Social Groups, Social Group Discussions & Blog Entries. Fixed an issue where some vBulletin Blog comments may be skipped during conversion. Fixed an exception that can occur if Pages was selected as a conversion, but all options were disabled. Fixed product filters displaying in the store using the "internal" name instead of the "public" name. Fixed IP address information not converting with vBulletin Blog. Fixed certain user preferences not converting with vBulletin 4. Fixed some PHP notices that can occur in vBCMS converter with specific data. Fixed an issue where Gift Card email links may not work correctly when email statistics are enabled. Removed URL redirection for vBCMS records since required data is not available to support this. Forums Fixed an issue where the moderation history link wasn't shown for deleted topics. Fix Safari not scrolling to the reply box when clicking the "Reply to this topic" button at the top of a topic. Downloads Fixed REST API documentation showing the wrong endpoints for categories. Fixed sidebar not showing Club content correctly when the "Show Club Content Areas" setting is set to "Throughout the community" Gallery Fixed an issue submitting images with capitalized file extensions when movies have maximum allowed filesizes. Fixed multiple issues adding, editing and repositioning image notes. Fixed an incorrect gap between the tabs and reviews/comments while viewing an image. Pages Improved database permission configuration forms to better indicate if a group won't be able to access the database due to page-level permissions. Fixed bullet points using the wrong style (unfilled circle rather than filled circle) in database records. Fixed a (potential) issue moving database records files when adjusting the file storage configuration method for database records. REST / OAuth Fixed an uncaught exception in the member notifications REST API endpoint when an orphaned piece of content is present. Fixed certain `notificationData` entries returning `NULL` in the member notifications REST API endpoint. Fixed an issue where address lines in REST API calls may be returned as an object instead of an array. Third-Party / Developer / Designer Mode Fixed an issue using the node form helper when not using `$titleLangPrefix` in the node model, and using apostrophies in a node's title. Advertisements no longer use the .ipsAdvertisement_* class names, and instead use dynamic classnames unique to each community. Themes that restyle advertisements should update their CSS to use `.ips{expression="mb_ucfirst(\IPS\SUITE_UNIQUE_KEY)"}` instead. Adjusted the abstract class definition for `\IPS\Content\Search\Index::hashesWithPermission()` to match the docblock. Fixed an issue where Database table helpers could allow a blank advanced search value in specific situations. Fixed an error using reviews with content items but not containers when post before registering is enabled. Removed an extra parameter being passed to `_comments()` in some cases which could interfer with third party plugins. Removed some unused code in `\IPS\Output::error()`.
  2. This tutorial explains how to backup and restore MySQL or MariaDB databases from the command line using the mysqldump utility. The backup files created by the mysqldump utility are basically a set of SQL statements that can be used to recreate the original database. The mysqldump command can also generate files in CSV and XML format. You can also use the mysqldump utility to transfer your MySQL database to another MySQL server. If you don't backup your databases, a software bug or a hard-drive failure could be disastrous. To help save you lots of time and frustration, it is strongly recommended that you take the precaution of regularly backing up your MySQL databases. Mysqldump Command Syntax Before going into how to use the mysqldump command, let's start by reviewing the basic syntax. The mysqldump utility expressions take the following form: mysqldump [options] > file.sql Copy options - The mysqldump options file.sql - The dump (backup) file To use the mysqldump command the MySQL server must be accessible and running. Backup a Single MySQL Database The most common use case of the mysqldump tool is to backup a single database. For example, to create a backup of the database named database_name using the user root and save it to a file named database_name.sql you would run the following command: mysqldump -u root -p database_name > database_name.sql You will be prompted to enter the root password. After successful authentication, the dump process will start. Depending on the database size, the process can take some time. If you are logged in as the same user that you are using to perform the export and that user does not require a password, you can omit the -u and -p options: mysqldump database_name > database_name.sql Backup Multiple MySQL Databases To backup multiple MySQL databases with one command you need to use the --database option followed by the list of databases you want to backup. Each database name must be separated by space. mysqldump -u root -p --databases database_name_a database_name_b > databases_a_b.sql The command above will create a dump file containing both databases. Backup All MySQL Databases Use the --all-databases option to back up all the MySQL databases: mysqldump -u root -p --all-databases > all_databases.sql Same as with the previous example the command above will create a single dump file containing all the databases. Backup all MySQL databases to separate files The mysqldump utility doesn't provide an option to backup all databases to separate files but we easily achieve that with a simple bash FOR loop: for DB in $(mysql -e 'show databases' -s --skip-column-names); do mysqldump $DB > "$DB.sql"; done Copy The command above will create a separate dump file for each database using the database name as the filename. Create a Compressed MySQL Database Backup If the database size is very large it is a good idea to compress the output. To do that simply pipe the output to the gzip utility, and redirect it to a file as shown below: mysqldump database_name | gzip > database_name.sql.gz Create a Backup with Timestamp If you want to keep more than one backup in the same location, then you can add the current date to the backup filename: mysqldump database_name > database_name-$(date +%Y%m%d).sql The command above will create a file with the following format database_name-20180617.sql Restoring a MySQL dump You can restore a MySQL dump using the mysql tool. The command general syntax is as follows: mysqld database_name < file.sql In most cases you'll need to create a database to import into. If the database already exists, first you need to delete it. In the following example the first command will create a database named database_name and then it will import the dump database_name.sql into it: mysql -u root -p -e "create database database_name";mysql -u root -p database_name < database_name.sql Restore a Single MySQL Database from a Full MySQL Dump If you backed up all your databases using the -all-databases option and you want to restore a single database from a backup file which contains multiple databases use the --one-database option as shown below: mysql --one-database database_name < all_databases.sql Export and Import a MySQL Database in One Command Instead of creating a dump file from one database and then import the backup into another MySQL database you can use the following one-liner: mysqldump -u root -p database_name | mysql -h remote_host -u root -p remote_database_name The command above will pipe the output to a mysql client on the remote host and it will import it into a database named remote_database_name. Before running the command, make sure the database already exists on the remote server. Automate Backups with Cron Automating the process of backing up the databases is as simple as creating a cron job what will run the mysqldump command at specified time. To set up automated backups of a MySQL database using cronjob, follow the steps below: Create a file named .my.cnf in your user home directory: sudo nano ~/.my.cnf Copy and paste the following text into the .my.cnf file. [client] user = dbuser password = dbpasswd Copy Do not forget to replace dbuser and dbpasswdwith the database user and user's password. Restrict permissions of the credentials file so that only your user has access to it: chmod 600 ~/.my.cnf Create a directory to store the backups: mkdir ~/db_backups Open your user crontab file: crontab -e Add the following cron job that will create a backup of a database name mydb every day at 3am: 0 3 * * * /usr/bin/mysqldump -u dbuser mydb > /home/username/db_backups/mydb-$(date +%Y%m%d).sql Do not forget to replace username with your actual user name. You can also create another cronjob to delete any backups older than 30 days: find /path/to/backups -type f -name "*.sql" -mtime +30 -delete Copy Of course, you need to adjust the command according to your backup location and file names. To learn more about the find command check our How to Find Files in Linux Using the Command Line guide. Conclusion This tutorial covers only the basics, but it should be a good starting for anyone who wants to learn how to create and restore MySQL databases from the command line using the mysqldump utility. https://linuxize.com/post/how-to-back-up-and-restore-mysql-databases-with-mysqldump/
  3. IPS Community Suite Released 01/02/2020 Key Changes This is a maintenance release to fix bug reports since Additional Information Core Fixes an issue where cookies set by javascript are not stored permanently Commerce Fixes an issue when paying with PayPal
  4. IPS Community Suite Released 12/20/2019 This is a security release and we recommend all clients upgrade as soon as possible. Key Changes This is a maintenance release to fix security reports since 4.4.9. Additional Information Security Block binary/octal/hex/decimal based hostnames from being submitted in forms that could trigger an SSRF. Gfycat OEmbed endpoint could create XSS. Also informed Gfycat of issue. - Thanks to René Kroka - https://renekroka.cz for reporting this issue. Addition attachment permission checks when downloading attachments.
  5. IPS Community Suite 4.4.9 Released 12/02/2019 Key Changes Version 4.4.9 is a maintenance update to fix critical issues reported since 4.4.8. Additional Information Core Added ability to search for members based on custom profile fields with type "Checkbox Set". Improved the warning form to make it clearer when a preset action cannot be overridden. Updated PhpUserAgent to 0.14.0 for 'Edgium' support. Fixed an issue where duplicate quote/mention/embed notifications could be sent when editing content. Fixed an issue where you could submit the form to update your profile information with no date set for your birthday, resulting in your form submission being ignored. Fixed an unclear page title when searching for members. Fixed a potential issue sending digests when cron is used to run tasks. Fixed an issue with dates adjusting incorrectly when crossing over DST threshold in some areas. Fixed an issue where some administrators may not be able to manage applications in the AdminCP in some permission configurations. Fixed a MySQL 8.0.17 compatibility issue with the 4.0.0 Alpha 1 upgrade step. Fixed an issue where attachment filename text could be edited in the editor. Fixed an issue with status update pagination not appearing correctly in some cases. Fixed profile photo uploads allowing you to upload more than one file without automatically removing the previously uploaded file. Blogs Fixed an issue where draft entries submitted in private/closed clubs may not be visible by club owner or moderators. Fixed an issue where club blog entries may not be visible to global moderators/administrators when they have permission to view all club content. Forums Removed trendlines from charts in the AdminCP to reduce confusion. Commerce Fixed a situation where duplicate display names were allowed when checking out as a guest and the user was not prompted for their display name. Fixed Stripe webhooks potentially reporting an error. Fixed an issue with generating renewal invoices via the task system. Fixed an issue where custom fields may incorrectly show up when checking out as a guest while quick registration is enabled. Fixed a possible error when applying changes to subscription plans to existing purchases. Gallery Fixed a styling issue for widgets not set to show on all devices in some cases on pages. Fixed an issue where the sitemap could be stopped being rebuilt. Pages Changed categories in databases that do not allow direct record submissions to not output a "noindex" <meta> robots tag. Changed database category sitemap files to include empty categories if they contain subcategories.
  6. IPS Community Suite 4.4.8 Released 11/12/2019 Key Changes Version 4.4.7 is a maintenance update to fix critical issues reported since 4.4.7. Additional Information Core Upgraded CodeMirror to 5.49.0. Upgraded CKEditor to 4.13. Increased the amount of text that can be stored within an announcement. Fixed merging members creating duplicate follow records. Fixed an issue where accounts banned as a result of the spam service may be deleted automatically if email validation is enabled, allowing the user to register again. Fixed an issue embedding Twitch clips in some cases. Fixed a performance issue with Elasticsearch and posting in large topics. Fixed an issue where content items would stop showing in streams when deleting the last comment on that content item and using Elasticsearch. Fixed a CSRF error paginating through clubs after changing your view preference. Fixed floated images inside spoilers breaking out of the spoiler box. Fixed an issue with club breadcrumbs on mobile devices when the "Overview" tab is not the default tab for the club. Fixed an issue confirming guests have not reviewed an item when they have used the "post before registering" feature. Fixed an issue where the submit button on the account validation screen could be clicked multiple times, resulting in more than one confirmation email being sent. Fixed possible issue downloading the member list export on larger sites. Fixed a styling issue viewing the list of members who were not initially included in a member export. Fixed an issue where club nodes weren't shown in the node selector while creating custom streams in the ACP. Fixed a possible error in the menu manager where editing a deleted menu item would throw an exception. Fixed an issue where email addresses weren't saved for accounts created via non-default login methods when allowed domains were defined. Fixed a bug where certain email notifications triggered by guests may show incorrect verbiage in the email content. Fixed two issues where replying to Status Posts or hiding/unhiding them could fail when Elastic Search is being used. Fixed an issue saving custom chart views in the AdminCP when a lot of nodes were stored. Fixed an issue updating date ranges for custom chart views in the AdminCP in some cases. Fixed a styling issue for widgets not set to show on all devices in some cases. Fixed an issue where cancelling editing a post with a spoiler results in the spoiler no longer working. Fixed an issue where spotify links wouldn't embed. Fixed some missing friendly URLs. Fixed a niche error where a wrong message can be displayed if there is a network failure whilst browsing status updates. Fixed an issue where multiple New User Awaiting Validation notifications can be sent when using User then Admin Validation. Forums Fixed an issue where multipage topics that have been read can be marked as unread when visiting a page other than the last. Fixed a styling issue in QA forums when no rows are shown. Fixed an issue where an incorrect meta description tag may persist when navigating through the forums. Gallery Fixed an issue which made it impossible to move images into albums set to allow submissions from the public, specific members, specific groups, and club members. Fixed promote button not showing on non-lightbox Gallery image view fallback page. Commerce Fixed potential double charges if using Stripe. Fixed customer name showing as random characters in Stripe when a guest purchases something and opts to save their card on file. Fixed Hosting Error ACP Notifications causing an error when viewing the notifications page. Fixed an issue when a guest makes a donation. Fixed the missing overlay title while creating & editing an invoice note. Fixed possible timeout error when generating invoices manually in the AdminCP. Fixed an issue where purchases which wouldn't require a billing address couldn't be marked as paid. Fixed an issue where club joining fees may be shown without tax. Pages Fixed an issue previewing feed blocks in the AdminCP when restricting the feed by author. Fixed an issue where "Records" would be shown in database notification emails if categories were not being used for the database. Calendar Fixed manual iCalendar uploads requiring a venue to be specified if venues are enabled. Fixed an error importing ics files in the AdminCP if a venue is specified. Converters Added support for vBulletin 5.5.3+ conversions. Added support for XenForo 2.1.x conversions. Fixed issues with running conversions on MySQL 8.0.17 or newer. Fixed an issue converting from MyBB where PMs would not reflect the correct conversation starter. Fixed an issue where members may not be correctly assigned to groups that were added during the conversion. Fixed a bad log reference when converting from Gallery if the image is invalid. Fixed an issue where an error may be triggered when installing a new application and attempting to start a new conversion. Fixed an issue converting WordPress post thumbnails to Pages record image. Third-Party / Developer / Designer Mode Centralized the breadcrumb generation method for club nodes to reduce code duplication and ensure breadcrumb consistency. Changed `\IPS\Http\Url::ips()` to be declared as `final`, so hooks cannot override it. Fixed an issue using custom table helpers without quicksearch where the result and page counts may inadvertently get reset. Fixed an issue where cached unapproved/hidden review counts when merging content items were not adjusted properly. **You may wish to rebuild these counts in an upgrade routine within third party applications that support reviews and merging of content items.** Fixed an issue where the hidden status when creating a new review may not be set properly during creation when calling `\IPS\Content\Review::create()`. Minor code clarification where curly braces were omitted (while unnecessary, some found the code confusing to read).
  7. Πώς ένας Instagram λογαριασμός θα μπορούσε να παραβιαστεί σε λιγότερο από 10 λεπτά Πρόσφατα απονεμήθηκαν 30.000 δολλάρια σε ένα ερευνητή ασφάλειας ο οποίος ανακάλυψε μια σοβαρή ευπάθεια η οποία θα μπορούσε ενδεχομένως να έχει θέσει σε κίνδυνο παραβίασης οποιονδήποτε Instagram λογαριασμό. Καθώς το Facebook και το Instagram προσφέρουν υψηλές αμοιβές σε όσους ανακαλύπτουν ευπάθειες στους λογαριασμούς τους, ένας Ινδός ερευνητής ασφαλείας, ο Laxman Muthiyah, επέλεξε να εξετάσει την πλατφόρμα του Instagram. O Muthiyah διερεύνησε το κατά πόσον μπορεί να υπάρχει μια ευπάθεια στην διαδικασία με την οποία το Instagram χειρίζεται τα αιτήματα επαναφοράς του κωδικού πρόσβασης για τους χρήστες που έχουν τον έχουν ξεχάσει. Ο ερευνητής διαπίστωσε ότι όταν οι χρήστες ζητούν επαναφορά του κωδικού πρόσβασης μέσω του link του Instagram, ο ιστότοπος στέλνει ένα email στον χρήστη. Μετά από δοκιμές, ο Mutiyah δεν μπόρεσε να βρει κανένα κενό ασφαλείας στη διαδικασία και έτσι έστρεψε την προσοχή του στο πώς οι χρήστες των smartphones ανακτούν την πρόσβαση στους Instagram λογαριασμούς τους. Αυτό που βρήκε ήταν ότι το Instagram δίνει την δυνατότητα χρήστες που έχουν κλειδωθεί να ζητήσουν την αποστολή ενός εξαψήφιου μυστικού κωδικού ασφαλείας στο κινητό τους τηλέφωνο ή στο email τους. Εάν εισαχθεί αυτός ο κωδικός πρόσβασης, ο χρήστης θα μπορέσει να ανακτήσει την πρόσβαση στον Instagram λογαριασμό του. Θεωρητικά, εάν ένας χάκερ μπορούσε να αποκτήσει πρόσβαση στον εξαψήφιο κωδικό ασφαλείας, θα μπορούσε να σπάσει τον Instagram λογαριασμό (και να επαναφέρει τον κωδικό πρόσβασης κλειδώνοντας ταυτόχρονα τον νόμιμο κάτοχο). Αυτός ο κωδικός πρόσβασης θα μπορούσε ενδεχομένως να κλαπεί εάν ένας χάκερ κατάφερνε να αποκτήσει πρόσβαση στον email λογαριασμό του θύματος ή αν είχε πάρει τον έλεγχο του κινητού τηλεφώνου του θύματός του μέσω της μεθόδου SIM swap scam. Ωστόσο, ο Mutiyah αναρωτήθηκε αν θα μπορούσε να υπάρξει και άλλος τρόπος να σπάσει κάποιος έναν λογαριασμό στην περίπτωση που καμία από τις επιλογές αυτές δεν είναι διαθέσιμη. Ο Mutiyah συνειδητοποίησε ότι το μόνο που αρκεί να κάνει ο χάκερ είναι να δώσειι τον σωστό εξαψήφιο κωδικό - που είναι ένας οποιοσδήποτε συνδυασμός μεταξύ 000000 και 999999 – πριν εκπνεύσουν τα δέκα λεπτά που ο συγκεκριμένος κωδικός είναι αποδεκτός από το σύστημα. Για τον αριθμό των ψηφίων αυτών απαιτούνται περίπου ένα εκατομμύριο αριθμοί που πρέπει να εισαχθούν μέσα σε δέκα λεπτά, για να είναι εφικτή η αλλαγή του κωδικού ενός Instagram λογαριασμού. Μέσω των likes του Instagram μπορεί να τρέξει ένας κώδικας με τον οποίο να δίνονται ταχύτατα διάφοροι συνδυασμοί του κωδικού μέχρι να βρεθεί ο σωστός. Ως τρόπο άμυνας, η πλατφόρμα έχει την δυνατότητα να ανιχνεύσει την κίνηση αυτή και επιβραδύνει διαρκώς τις επόμενες προσπάθειες μέχρις ότου λήξει το χρονικό διάστημα των δέκα λεπτών. Στις δοκιμές του ο Mutiyah είδε ότι, από τις 1000 προσπάθειες που έστειλε για να μαντέψει τον κωδικό ασφαλείας ενός Instagram λογαριασμού, είχε άμεση απάντηση στις 250 ενώ στις επόμενες 750 η απάντηση καθυστερούσε. Ωστόσο, μετά από μερικές επιπλέον ημέρες δοκιμής, ο ερευνητής κατάφερε να ανακαλύψει ότι ο μηχανισμός καθυστέρησης της απάντησης του Instagram θα μπορούσε να παρακαμφθεί εάν άλλαζε η IP διεύθυνση του υπολογιστή που έστελνε το αίτημα (με άλλα λόγια, να μην χρησιμοποιεί τον ίδιο υπολογιστή για να προτείνει τον κώδικα ανάκτησης) «Η αποστολή ταυτόχρονων αιτημάτων χρησιμοποιώντας διαφορετικές IP διευθύνσεις μου επέτρεψε να στείλω ένα μεγάλο αριθμό αιτήσεων χωρίς χρονικό περιορισμό στην απάντηση. Ο αριθμός των αιτημάτων που μπορούμε να στείλουμε εξαρτάται από τον αριθμό των ταυτόχρονων αιτήσεων και τον αριθμό των IP διευθύνσεων που χρησιμοποιούμε. Δεδομένου ότι ο κωδικός λήγει σε 10 λεπτά, αυτό κάνει την επίθεση ακόμη πιο δύσκολη. Τελικά χρειαστήκαμε γύρω στις 1.000 IPs για να ολοκληρώσουμε την επίθεση.» Ο Mutiyah λέει ότι χρησιμοποίησε 1.000 διαφορετικές μηχανές και IPs για να πετύχει την επίθεση και στις δοκιμές του έστειλε περίπου 200.000 αιτήματα. Δημιούργησε μάλιστα και ένα YouTube βίντεο για να αποδείξει την επίθεση του. Φυσικά, ο αριθμός των 200.000 αιτημάτων απέχει πολύ από το 1 εκατομμύριο που είναι ο αριθμός των συνδυασμών που απαιτείται για να καλυφθούν όλα τα ψηφία του κωδικού. Η έρευνα του Mutiyah καταλήγει στο συμπέρασμα ότι σε μια πραγματική επίθεση θα χρειαστούν περίπου 5.000 IP διευθύνσεις για την επιτυχία της επίθεσης. Αν και αυτό ακούγεται σαν ένας μεγάλος αριθμός, αυτό μπορεί πράγματι να επιτευχθεί εύκολα με χαμηλό σχετικά κόστος (ο Mutiyah λέει το κόστος μπορεί να είναι και γύρω στα 150 δολλάρια αν χρησιμοποιηθεί εάν χρησιμοποιηθεί ένας cloud provider όπως η Google ή η Amazon). Είναι εύκολο να φανταστεί κανείς ότι μια τέτοια τεχνική θα κινήσει το ενδιαφέρον σε πολλούς χάκερ που θα ήθελαν να αποκτήσουν πρόσβαση σε Instagram λογαριασμούς και θα ήταν διατεθειμένοι να πληρώσουν περισσότερα από τα 30.000 δολλάρια που έλαβε ο Muthiyah ως ανταμοιβή. Σας υπενθυμίζουμε ότι είναι απαραίτητο να ασφαλίζετε τους λογαριασμούς σας με ισχυρούς και κωδικούς πρόσβασης και για να ενεργοποιείτε όπου είναι δυνατό ττην μέθοδο της two-factor authentication.
  8. IPS Community Suite 4.4.6 Released 08/19/2019 This is a security release and we recommend all clients upgrade as soon as possible. Key Changes Version 4.4.6 is a maintenance update to fix issues reported since 4.4.5. Additional Information Security Fixed an issue where a malicious user may be able to identify the full path to a file uploaded to a custom field. Core Added support for MySQL 8. Improved security headers on error pages. Changed the "Who follows this" page to instruct bots not to index the page for SEO purposes. Moved the Club Members Box to the sidebar when the club information are shown in the sidebar. Fixed an error visiting the full notifications screen when the user has no notifications. Fixed an issue where old messenger links may not redirect correctly. Fixed an issue where new comment notifications can show an incorrect read status. Fixed club sorting preference being lost when navigating to another page of clubs. Fixed an issue where the "Bypass word and link filters" setting was not honored for links. Fixed attachments not being properly claimed when added to a Staff Directory member entry. Fixed an issue where reordering social profiles may not show the reordered list after saving without reloading the page. Fixed a potential error when an invalid sort parameter is passed in to certain pages. Fixed an issue where certain tables of data may show an incorrect number of pages when filtering the table. Fixed the Leaderboard popular content inconsistency when using ElasticSearch. Fixed an issue where Pages blocks wouldn't show in the configuration form when using the block manager. Fixed an issue where creating a club feature could result in a DB exception. Fixed broken ACP tables on Internet Explorer 11. Fixed an issue where Status Posts couldn't be deleted. Fixed an issue where 0B may be displayed in place of the real Redis maximum memory amount on the support overview page. Fixed an issue where using REDIS as session storage would return the wrong members for the online list. Fixed an issue with lazy-loading where images with a custom aspect ratio set did not honor the ratio after loading. REST & OAuth Fixed OAuth Logins being broken because of a missing DB column. Blogs Fixed blog entries from clubs showing on the Blog applications Grid View when the "Show Club Content Areas" setting is set to "Only Within Clubs". Fixed an error that can occur with some configurations when attempting to add or move a blog entry. Pages Fixed an issue where the wrong user may be notified of Pages database records being embedded in other content areas. Fixed an issue where attachments in newly submitted database records would not be used when embedding records in other areas of the software. Fixed an issue with Schema.org structured data tags in Pages when the site has a logo image applied to the theme. Fixed an error searching databases in the AdminCP using the quicksearch input on the database listing page. Fixed an issue in the Pageurl Output Extension which was catching a not existing exception. Gallery Fixed media sound continuing to play after closing the lightbox. Fixed an error that can occur when attempting to view disk space statistics when there are none. Calendar Fixed an issue where all day ranged events reflect the wrong event end date in iCalendar exports. Adjusted ical import process to ignore WKST values of 'MO' (which is the default) to reduce false-positive error reports. Converters Fixed some issues converting MyBB content including profile fields, avatars & attachments. Commerce Added ability for administrator to choose what to do after a dispute is won (previously would automatically re-approve the transaction). Fixed an issue where the tax name in invoice emails could be missing. Fixed potential uncaught exception if trying to view a product in the AdminCP that doesn't exist. Fixed an issue where the description of new payment gateways wasn't saved successfully. Third-Party / Developer / Designer Mode Fixed an issue using the node form helper when not using $titleLangPrefix in the node model, and using apostrophies in a node's title. Fixed an issue where the wrong member's AdminCP notification dismissals were referenced in \IPS\core\AdminNotification::notificationIdsForMember(). Fixed an issue where Nodes that do not implement permissions may still try to check them, resulting in an error in some situations. Changes affecting third-party developers and designers Added an ID to the mobile navigation sign in link elSigninButton_mobile. All columns named member must now be escaped with backticks when querying the database in order to support MySQL 8.
  9. 83 useful Linux commands Enterprise administrators and managers who use this guide of essential Linux commands, utilities and tools will find ways to manage files, get process status updates and more. Linux administrators cannot live by the GUI alone. That's why we've compiled useful Linux commands into this convenient guide. By learning how to use a few simple tools, command-line cowards can become scripting commandos and get the most out of Linux by executing kernel and shell commands. alias The alias command is a way to run a command or a series of Unix commands using a shorter name than those that are usually associated with such commands. apt-get The apt-get tool automatically updates a Debian machine and installs Debian packages/programs. AWK, Gawk AWK is a programming language tool used to manipulate text. The AWK utility resembles the shell programming language in many areas, but AWK's syntax is very much its own. Gawk is the GNU Project's version of the AWK programming language. bzip2 A portable, fast, open source program that compresses and decompresses files at a high rate, but that does not archive them. cat A Unix/Linux command that can read, modify or concatenate text files. The cat command also displays file contents. cd The cd command changes the current directory in Linux and can conveniently toggle between directories. The Linux cd command is similar to the CD and CHDIR commands in MS-DOS. chmod The chmod command changes the permissions of one or more files. Only the file owner or a privileged user can change the access mode. chown The chown prompt changes file or group ownership. It gives admins the option to change ownership of all the objects within a directory tree, as well as the ability to view information on the objects processed. cmp The cmp utility compares two files of any type and writes the results to the standard output. By default, cmp is silent if the files are the same. If they differ, cmp reports the byte and line number where the first difference occurred. comm Admins use comm to compare lines common to file1 and file2. The output is in three columns, from left to right: lines unique to file1, lines unique to file2 and lines common in both files. cp The cp command copies files and directories. Copies can be made simultaneously to another directory even if the copy is under a different name. cpio The cpio command copies files into or out of a cpio or tar archive. A tar archive is a file that contains other files, plus information about them, such as their file name, owner, timestamps and access permissions. The archive can be another file on the disk, a magnetic tape or a pipe. This Linux command also has three operating modes: copy-out, copy-in and copy-pass. It is also­ a more efficient alternative to tar. CRON CRON is a Linux system process that executes a program at a preset time. To use a CRON script, admins must prepare a text file that describes the program and when they want CRON to execute it. Then, the crontab program loads the text file and executes the program at the specified time. cURL Admins use cURL to transfer a URL. It is useful for determining if an application can reach another service and how healthy the service is. declare The declare command states variables, gives them attributes or modifies the properties of variables. df This command displays the amount of disk space available on the file system containing each file name argument. With no file name, the df command shows the available space on all the currently mounted file systems. echo Use echo to repeat a string variable to standard output. enable The enable command stops or starts printers and classes. env The env command runs a program in a modified environment or displays the current environment and its variables. eval The eval command analyzes several arguments, concatenates them into a single command and reports on that argument's status. exec This function replaces the parent process with any subsequently typed command. The exec command treats its arguments as the specification of one or more subprocesses to execute. exit The exit command terminates a script and returns a value to the parent script. expect The expect command talks to other interactive programs via a script and waits for a response, often from any string that matches a given pattern. export The export command converts a file into a different format than its current format. Once a file is exported, it can be accessed by any application that uses the new format. find The find command searches the directory tree to locate particular groups of files that meet specified conditions, including -name, -type, -exec, -size, -mtime and -user. for, while The for and while commands execute or loop items repeatedly as long as certain conditions are met. free With the free command, admins can see the total amount of free and used physical memory and swap space in the system, as well as the buffers and cache used by the kernel. gawk See AWK entry. grep The grep command searches files for a given character string or pattern and can replace the string with another. This is one method of searching for files within Linux. gzip This is the GNU Project's open source program for file compression that compresses webpages on the server end for decompression in the browser. This is popular for streaming media compression and can simultaneously concatenate and compress several streams. history The history function shows all the commands used since the start of the current session. ifconfig The ifconfig command configures kernel-resident network interfaces at boot time. It is usually only needed when debugging or during system tuning. ifup With ifup, admins can configure a network interface and enable a network connection. ifdown The ifdown command shuts down a network interface and disables a network connection. iptables The iptables command allows or blocks traffic on a Linux host and can prevent certain applications from receiving or transmitting a request. kill With kill signals, admins can send a specific signal to a process. It is most often used to safely shut down processes or applications. less The less command lets an admin scroll through configuration and error log files, displaying text files one screen at a time with backward or forward navigation available. locate The locate command reads one or more databases and writes file names to match certain output patterns. lft The lft command determines connection routes and provides information to debug connections or find a box/system location. It also displays route packets and file types. ln The ln command creates a new name for a file using hard linking, which allows multiple users to share one file. ls The ls command lists files and directories within the current working directory, which allows admins to see when configuration files were last edited. lsof Admins use lsof to list all the open files. They can add -u to find the number of open files by username. lsmod The lsmod command displays a module's status within the kernel, which helps troubleshoot server function issues. man The man command allows admins to format and display the user manual that's built into Linux distributions, which documents commands and other system aspects. more Similar to less, more pages through text one screen at a time but has limitations on file navigation. mount This command mounts file systems on servers. It also lists the current file systems and their mount locations, which is useful to locate a defunct drive or install a new one. mkdir Linux mkdir generates a new directory with a name path. neat This is a Gnome GUI tool that allows admins to specify the information needed to set up a network card. netconfig/netcfg Admins can use netconfig to configure a network, enable network products and display a series of screens that ask for configuration information. netstat This command provides information and statistics about protocols in use and current TCP/IP network connections. It is a helpful forensic tool for figuring out which processes and programs are active on a computer and are involved in network communications. nslookup A user can enter a host name and find the corresponding IP address with nslookup. It can also help find the host name. od The od command dumps binary files in octal -- or hex/binary -- format to standard output. passwd Admins use passwd to update a user's current password. ping The ping command verifies that a particular IP address exists and can accept requests. It can test connectivity and determine response time, as well as ensure an operating user's host computer is working. ps Admins use ps to report the statuses of current processes in a system. pwd The print working directory (pwd) command displays the name of the current working directory. rcp Short for remote copy program, this prompt lets users copy files to or from a remote computer or between remote systems. read The read command interprets lines of text from standard input and assigns values of each field in the input line to shell variables for further processing. rsync This command syncs data from one disk or file to another across a network connection. It is similar to rcp but has more options. screen The GNU screen utility is a terminal multiplexor, where a user can use a single terminal window to run multiple terminal applications or windows. sdiff Admins use sdiff to compare two files and produce a side-by-side listing indicating lines that are dissimilar. The command then merges the files and outputs the results to the outfile. sed The sed utility is a stream editor that filters text in a pipeline, distinguishing it from other editors. It takes text input, performs operations on it and outputs the modified text. This command is typically used to extract part of a file using pattern matching or to substitute multiple occurrences of a string within a file. service This command is the quickest way to start or stop a service, such as networking. shutdown The shutdown command turns off the computer and can be combined with variables such as -h for halt after shutdown or -r for reboot after shutdown. slocate Like locate, slocate -- or secure locate -- provides a way to index and quickly search for files, but it can also securely store file permissions and ownership to hide information from unauthorized users. Snort Snort is an open source network intrusion detection system and packet sniffer that monitors network traffic. It looks at each packet to detect dangerous payloads or suspicious anomalies. Snort is based on libpcap. sort This command sorts lines of text alphabetically or numerically according to the fields. Users can input multiple sort keys. sudo The sudo command lets a system admin give certain users the ability to run some -- or all -- commands at the root level and logs all the commands and arguments. SSH Secure Socket Shell (SSH) is a command interface for secure remote computer access and is used by network admins to remotely control servers. tar The tar command lets users create archives from a number of specified files or to extract files from a specific archive. tail The tail command displays the last few lines of the file. This is particularly helpful for troubleshooting code because admins don't often need all the possible logs to determine code errors. TOP Technical Office Protocol (TOP) is a set of protocols for networks that performs distributed information processing and displays the tasks on the system that take up the most memory. TOP can sort tasks by CPU usage, memory usage and runtime. touch Admins can create a blank file within Linux with the touch command. tr This command translates or deletes characters from a text stream. It writes to a standard output, but it does not accept file names as arguments -- it only accepts input from standard input. traceroute The traceroute function determines and records a route through the internet between two computers and is useful for troubleshooting network/router issues. If the domain does not work or is not available, admins can use traceroute to track the IP. uname This function displays the current OS name and can print system information. uniq With uniq, admins can compare adjacent lines in a file and remove or identify any duplicate lines. vi The vi environment is a text editor that allows a user to control the system with just the keyboard instead of both mouse selections and keystrokes. vmstat The vmstat command snapshots everything in a system and reports information on such items as processes, memory, paging and CPU activity. This is a good method for admins to use to determine where issues/slowdowns may occur in a system. wget This is a network utility that retrieves web files that support HTTP, HTTPS and FTP protocols. The wget command works noninteractively in the background when a user is logged off. It can create local versions of remote websites and recreate original site directories. while See for entry. whoami The whoami command prints or writes the user login associated with the current user ID to the standard output. xargs Admins use xargs to read, build and execute arguments from standard input. Each input is separated by blanks. https://searchdatacenter.techtarget.com/tutorial/77-Linux-commands-and-utilities-youll-actually-use
  10. IPS Community Suite 4.4.5 Released 07/29/2019 Key Changes Version 4.4.5 is a maintenance update to fix issues reported since 4.4.4. Additional Information Core Added an Admin CP dashboard widget to show total members. Added back the ability to search personal messages by recipient and sender name, and removed the 365 day limit on results. Added an option for feeds of content that support future publishing (such as Pages records and Blog entries) to control whether published, unpublished or any results are shown. Added new options for content widget feeds to return hidden content (in addition to the existing pending approval option), as well as both hidden content and content pending approval. Added support for more explicit browser autofill on form fields. Added moderator log support for opening/closing polls. Upgraded CKEditor to 4.12.1. Improved the page speed for guests by not loading the editor or notification sound javascript libraries until they are needed. Improved the error message when attempting to access the REST API in the Admin CP in the event the local server is inadvertently IP banned. Improved performance when sending Digests. Improved license key checking when the license server may not be available. Improved reporting of Redis memory usage in support area. Improved the error message when attempting to access the REST API in the Admin CP in the event the local server is inadvertently IP banned. Improved performance when using the database for common data storage. Improved the accuracy of the progress bar on the 'Deleting moved original files' background process. Improved efficiency when generating sitemap files if certain content is configured not to be included. Improved the user interface configuring Sitemaps to clarify content that will be include and excluded from the Sitemap. Improved admincp upgrading when using SFTP. Implemented logging to the moderator log, when a moderator removes all followers from a followable item. Changed notification read/unread status to behave as it did prior to 4.4.4. Clarified the "Domains to instruct search engines to follow" setting description and improved the setting to strip http:// and https:// protocols from supplied values. Fixed account failed logins not correctly locking future login attempts in some cases. Fixed an issue where node deletions (such as forums and categories) were not always properly logged to the administrator logs. Fixed an issue where blacklisted URLs used for embeds may not trigger post moderation when configured to do so. Fixed an issue where the club tab on the members profile can result in a DB error when a page <1 was used. Fixed an issue where the Automatically Prune Followers setting ignored reviews. Fixed an issue where it may not be possible to permanently delete deleted content manually. Fixed status updates not importing properly when an account is linked to multiple social logins. Fixed some server error messages not showing. Fixed certain notification and digest emails not sending properly via cron. Fixed custom field custom formatting options being applied to fields in the AdminCP unexpectedly. Fixed Custom Sorting on the Deleted Content page not working. Improved upgrade process for Community in the Cloud. Improved the error message when attempting to access the REST API in the Admin CP in the event the local server is inadvertently IP banned. Fixed potential browser errors and warnings caused by notification sounds. Fixed pagination not loading correctly when searching within messenger. Fixed an issue where comment counts are decremented incorrectly when a Post Before Registering comment is cancelled. Fixed an issue where the mobile keyboard would not be hidden after submitting the search form. Fixed issues that can occur (such as the editor not loading) when browser local storage is unavailable. Fixed an issue where auto-scheduled promotions may not correctly queue for upcoming slots. Fixed maps generated by Mapbox potentially displaying larger than intended when lazy loading is enabled. Fixed an issue where profile completion could cause a fatal error when using custom forum themes. Fixed an issue where single status update links had the wrong canonical URL. Fixed a possible error when mentioning someone or using a custom emoticon in a post. Fixed an issue where installing plugins with a title containing more then 32 characters would fail. Fixed an issue where Elastic Search may not update records correctly. Fixed an issue where user profiles may be slow to load. Fixed an issue where a template error could be generated by attempting to search members when the user does not have permission to view members. Fixed some styling (spacing) issues with the right-hand column shown on the Clubs homepage. Fixed an issue pasting certain code into editor code boxes. Fixed some old URL patterns (from IP.Board 3.x) no longer redirecting to the new URL format as of 4.4.x. Fixed an issue where the publish_to_groups permission was still required to promote to Facebook pages. Fixed an issue where canceling an invoice with already canceled billing agreements would try to cancel the billing agreement again. Fixed a niche issue that can occur when using lazyload, image proxy and external file storage. Fixed an issue where one could fake member null votes on polls. Fixed an issue where profile photo permissions may not apply correctly when a user belongs to more than one group. Fixed a styling issue with profile completion on mobile. Fixed a broken link in the report center. Fixed an issue where invalid user groups can cause an error to show to users. Fixed an issue where the poll form wouldn't add an empty first question. Fixed an issue where sort buttons can overlap pagination. Fixed an issue where personal conversations may show a 'promote' button to members with permission to promote content. Fixed incorrect REST API documentation when editing items. Fixed an issue where the 'support' link in the AdminCP would be viewable if the restricted administrator did not have access. Fixed an issue where the spoiler header within a post can get doubled up when selecting text within the post in certain cases. Fixed an issue where merging members incorrectly merged reputation. Fixed an issue where the image aspect ratio setting was not set correctly when editing images. Fixed an issue where search options may show for items that are not searchable. Fixed AdminCP member quick-searches not searching within member names when the site can handle inline searches. Adjusted instances of "recognise" in language strings to "recognize". Fixed an error when full registration is enabled with no available profile fields. Fixed an issue where the node controller wasn't showing the child nodes as possible target category while moving the content. Fixed an issue where it was possible to be stuck in a position where a poll could not be re-opened. Calendar Removed the ability to create ranged recurring events that overlap (e.g. where the next occurence start time is before the first occurrence has finished). Removed the timezone from event notification emails for all day events. Fixed an issue where events that repeat for a set period will end one period before they should. Fixed an issue where users are able to create events where the end time occurs before the start time. Fixed an issue where ranged recurring events may show an incorrect date range for the event on the calendar "Day" view. Fixed an issue where embedding a Calendar Event may fail in some circumstances. Fixed an issue where ranged recurring events may not show as occurring on an end date when they span across months. Fixed an issue where the calendar name would be exposed to members which don't have permissions to view the calendar via the members online location on the profile. Pages Added the ability to specify whether the record canonical tag points to the current page, or the root page (page 1). Added the ability to show just your own records via the Database Filters widget. Added the ability to filter by Member field types via the Database Filters widget. Added record tags to the database record listing template for newly created Listing template sets. Improved the display of databases in the ACP menu. Fixed an issue where excluding Pages pages from the sitemap may cause the sitemap task to get stuck and stop building new sitemap files. Fixed an issue where a template group could be renamed to an existing template group, causing a conflict which results in an error. Fixed an error attempting to submit records to a database where a Member type field that must be unique is configured. Fixed an issue where the category title is missing from the page's HTML title tag. Fixed an issue where deleting a database record with a linked topic may cause an error. Commerce Added support for Strong Customer Authentication (SCA) in Stripe. Fixed referral commission not being given for renewals. Fixed an error that can occur when renewal invoices are generated if no billing address existed on the original invoice. Fixed invoice notification emails showing a payment failed warning if one payment method failed even if another one succeeded. Fixed social login buttons not working when checking out as a guest. Fixed staff replies to support emails. Fixed an issue where stock replies may have new lines stripped. Fixed pending withdrawl AdminCP notification link to point to the pending withdrawl filter. Fixed an issue where you may not be able to delete subcategories in the store. Fixed a potential error when upgrading from a version older than 4.4.2. Fixed an issue where switching to a "default" support stream (ex. Open, Assigned, or Tracked Requests) can result in a MySQL error. Fixed an issue where deleting a customer note would not close the dialog. Fixed member group being moved when upgrading or modifying an expired purchase. Fixed an issue where purchase custom field labels may show as a random string or in the wrong language in the Transaction Approved email. Edited the purchase email notification setting to clarify an email is sent for every item. Converters Clarified the error message shown when invalid database details are supplied. Fixed an issue where a conflict may prevent some data being converted if (for example) converting attachments for blog and forums in the same conversion. Fixed an issue relating to converting mentions from other platforms. Fixed an issue where converting from vBulletin 5 can cause duplicate topics. Fixed an issue where items selected to skip were converted anyway. Fixed an issue where it wasn't possible to convert only core. Fixed a performance regression re-introduced in 4.4. Fixed an issue preventing UBBThreads conversions working. Stopped converting the "manually set time zone" preference for vBulletin conversions, as the timezone preference itself is not converted and the ability to adjust this preference is not available in our current interface. Forums Improved the performance of the Unarchive task. Fixed an issue upgrading from older versions of Invision Community where topics or posts queued for deletion were present. Fixed an issue where posts from ignored members were visible if the author was in a highlighted group. Fixed an issue where archive settings could be saved with no more than or less than selection. Fixed an issue where hiding a topic without an existing first post would stop the queue to hide all the members content. Gallery Fixed Follow and Promote buttons not showing for images on mobile devices. Fixed an issue where inline renaming an image from the lightbox would either fail or rename the album. Fixed instances where a member with a secondary group that doesn't allow albums to be created, but with a primary group that does but limits how many that can be created, will allow the member to create unlimited albums. Downloads Implemented logging to the moderator log, when a moderator toggles the purchasable status of a file. Removed the button to copy the Log Downloads category setting which does not apply. Blog Improved the blog header display for blogs within clubs. Fixed an issue where the club leader could not set a cover photo for a club blug. Fixed an issue where draft entries may be included in digests. REST & OAuth Added a “Use a different account” button on OAuth login screen Third-Party / Developer / Designer Mode Cleaned up some legacy code checking for specific PHP versions. Fixed some typos in the REST API documentation. Fixed malformed HTML in the admin `tabs` HTML template which caused problems when hooks were created for this template. The Application and Plugin directory are limited to 80 characters. Set the alreadyReported flag in \IPS\Content after reporting content to ensure correct value is returned on future calls to report methods. Fixed some minor issues with the lightbox comments support (currently unused by core Invision Community code). Fixed an issue where email template parameters may not be captured properly to generate the email subject, resulting in an error. Fixed a potential error that may be encountered while working with Calendar dates from command line (i.e. tasks being executed via cron). Fixed an error that can occur with email statistics when different applications use the same email subject language string. Fixed a few functions that needed to be called from the root namespace. Changes affecting third-party developers and designers Added `\IPS\Node\Model::deleteLogPermissions()` method to allow applications to specify permissions for managing deletion logs. js.php javascript loader no longer creates an external dispatcher instance. `\IPS\Content::logDelete()` and `\IPS\core\DeletionLog::setContentAndMember()` now accept FALSE for the member parameter, which will store the deletion log as if no specific member deleted the content. Added a new `digestWhere()` method to content items, this allows you to specify an additional where clause when processing digests. * Items in red require extensive testing.
  11. Install ImageMagick on cPanel with EasyApache 4 This post will help you to install ImageMagick on cPanel with EasyApache 4. ImageMagick is mainly used to create, edit and convert bitmap images. It supports a variety of image formats. Please click here to get the supported image formats. The ImageMagick can be installed using a simple cPanel script (/scripts/installimagemagick) in the older version of cPanel, but in newer versions of cPanel with EasyApache 4 uses another method to install it. Please check it below: yum install ImageMagick-devel ImageMagick-c++-devel ImageMagick-perl Once the installation is over, run the following command to verify if it is working /usr/bin/convert --version Install ImageMagick PHP extension on cPanel with EasyApache 4 /opt/cpanel/ea-php56/root/usr/bin/pecl install imagick Add ImageMagick extension into the PHP 5.6 configuration file to load the module. vim /opt/cpanel/ea-php56/root/etc/php.ini Add the following into it: extension=imagick.so Restart the web server service httpd restart Then verify the installation /opt/cpanel/ea-php56/root/usr/bin/php -m | grep imagick Note: If you would like to enable ImageMagick PHP module on PHP 7.0, you just need to update the correct binary paths on the above installation. ie., /opt/cpanel/ea-php56/root/usr/bin/pecl to /opt/cpanel/ea-php70/root/usr/bin/pecl /opt/cpanel/ea-php56/root/etc/php.ini to /opt/cpanel/ea-php70/root/etc/php.ini /opt/cpanel/ea-php56/root/usr/bin/php to /opt/cpanel/ea-php70/root/usr/bin/php If you would like to enable the ImageMagick PHP module on the other PHP versions available on EasyApache 4, please do the same by changing the correct binary path. That’s it! https://grepitout.com/install-imagemagick-cpanel-easyapache4/
  12. https://www.lowendtalk.com/discussion/158547/new-cpanel-licensing-and-pricing-structure-thoughts
  13. cPanel has shaken the web hosting community with its recent price rise announcement. They have changed its pricing model from a per server pricing to a per account model. So if you’re a cPanel partner and were paying $11 per cPanel license for each server and running 1,000 websites, you’ll now have to pay $122. That’s approximately 1000% price rise! According to cPanel’s new pricing, here’s the breakup for 1000 websites : $32 for 100 accounts $0.1 each for 900 accounts The “Not So Acceptable” New Pricing The pricing is different depending upon the number of accounts. The price for the end user is comparatively higher than the cPanel partners. General Pricing For 5 accounts – $20/month For 30 accounts – $30/month For 100 accounts – $45/month + $0.20 for each additional account You can find more information about the latest pricing here. cPanel Partner Pricing For 5 accounts – $12.50/month For 30 accounts – $17.50/month For 100 accounts – $32/month + $0.10 for each additional account cPanel Pricing: New vs Old People are criticizing cPanel for rolling out the new pricing model. Let’s see the old and new pricing of cPanel: cPanel Pricing Earlier Before it was simply VPS and dedicated pricing. Latest cPanel Pricing The new pricing will not make a huge difference to people under 5 Accounts. However, as the accounts increase, cPanel will cost more than the server itself. Major Impact on Web Hosting Community Over the years, people have relied on cPanel for managing their sites. cPanel’s popularity is because of its integration with Softaculous, LiteSpeed, PHP Selector, JetBackup, CageFS, CloudLinux, Imunify360, and much more. This has helped cPanel become faster, reliable, secure, and feature-rich. This price increase seems to be a nonstrategic roll out and cPanel has faced major backlash from the web-hosting community! Users on Twitter reacted with a lot of aggression and mostly negatively with most of them threatening to switch to alternative control panels. 1. End-Users While servers with a single account can go for cPanel solo, and servers with under 5 accounts still get the same price, the overall price for end-user is comparatively higher for servers having more than 5 accounts. 2. Shared Hosting Providers or Resellers The worst affected of the whole lot. Mostly, a shared hosting company will run around 1000 websites on a single VM with the $11/mo cPanel VM license. After the new changes come into effect, their cPanel license costs will rise to $122/mo! That’s a whopping 1000% increase and almost equivalent to their infrastructure or server costs 😉 3. Unmanaged Server Providers Generally, unmanaged server providers don’t have the access to the server and therefore, didn’t know how many accounts are on running on a server which was fine because the license was per server. The new pricing model has added an extra layer of efforts for the providers. Now, they need to have a log of how many accounts are being created on a single server, or else they may end up footing the bill of thousands of dollars! Who is Going to Get The Hardest Hit? Shared/Reseller Hosting Providers License holders in price-sensitive countries like Latin America, India, and other South East Asian countries. Should You Remain With cPanel? Pros cPanel has innovated over years with a user-friendly UI and a number of integrations Less time to spend on customer support No need to migrate data and involve in the risk of data loss You will avoid downtime caused while migrating data. Cons With no annual billing, you will face the hassle of monthly invoices, lack of funds, etc. Substantially increased costs may either make business unviable for a few or the end clients will end up paying extra for these additional costs. Coping Up with the cPanel Price Rise If you’re choosing to stay with cPanel, the only solution is to re-evaluate your pricing structure. Only people with 100+ accounts will be hard it. You can transfer the extra 10/20 cents charges to customers. However, be sure to properly communicate the price changes to customers. cPanel Alternatives With this unexpected change, people have already started finding alternatives. Some of them are: DirectAdmin InterWorx Virtualmin/Webmin VestaCP What’s Next? cPanel, WHMCS, SolusVM, and Plesk are under the same umbrella – The Oakley Investment. Here’s the timeline: Oakley acquired Plesk in May 2017 and there was an insane increase in prices between July 2017 to October 2017 WHMCS prices hiked in Aug 2017 Oakley Acquired cPanel in August 2018 and the price hiked in June 2019 SolusVM, are you next? We hope not. https://magehost.com/blog/cpanel-price-rise-impact-solutions/
  14. IPS Community Suite 4.4.4 Released 06/06/2019 Key Changes Version 4.4.4 is a maintenance update to fix issues reported since 4.4.3. Additional Information Core Added support for [Emoji 11](https://emojipedia.org/emoji-11.0/) emojis Added logging for errors communicating with Spam Defense. Added an admin log when existing member notification preferences are updated. Added a pre-installed Giphy key that can be used for all Invision Community installations. Improved usability and display of date-based member filters. Improved account validation process to prevent accounts being inadvertently validated by scrapers and bots, and to improve the user experience when following a validation link that is no longer valid. Improved the opcache comments check on the REST API Reference page. Improved sending bulk emails via SendGrid. Improved post before register permissions when allowing guests to create content, but not members. Improved performance when viewing all IP addresses used by a member. Clarified the registration completed email when no local password has been set. Fixed an issue where members may not be marked as complete, and thus will not show within the community, in some circumstances. Fixed the Posts Per Day group setting not applying consistently to all content. Fixed an issue where click tracking may not be applied to all links in emails sent. Fixed emails for AdminCP notifications "A new member has completed registration" and "A member is flagged as a spammer" not sending. Fixed an issue that could occur if deleting a node (i.e. forum) if there was already a move task from another node in progress. Fixed the email statistics charts in the AdminCP showing incorrect data when viewing weekly charts. Fixed an issue where the inbox list may be stuck showing a spinner when canceling a search in the personal messenger. Fixed an issue where folder counts may show NaN after deleting a folder in the personal messenger. Fixed an issue that may occur when deleting/moving login handler related images. Fixed searching by tags not honoring the "Convert all tags to lowercase" setting. Fixed 'post before register' content submissions not incrementing the user's post count if pre-moderation is not required. Fixed an issue related to 'post before register' where 'next unread' item links may show when there isn't any new content. Fixed the callback URL used for Wordpress sign in. Fixed the digest task looping on a follow attached to a deleted member. Fixed the `PruneMembers` background task from endlessly looping in certain circumstances. Fixed disabling password changes in the AdminCP settings not removing the link to change your password on the Account Settings overview page. Fixed issue where lazy-loaded images in warn reasons would prevent warn reason from automatically updating when new reason was selected due to incorrect editor 'dirty' status. Fixed a niche issue where promoting an item may show an auto scheduled time from the past. Fixed an issue where the button to change a members profile photo would still show on their profile when they do not have permission to upload profile photos. Fixed an issue where public clubs would show the member count in several locations. Fixed an edge-case issue with redirecting old non-rewrite FURLs after enabling rewrites. Fixed issue checking signature image dimensions when using 'insert existing attachment' when using Amazon S3. Fixed an issue where the frontend upgrade notice wouldn't disappear once dismissed. Fixed an issue where cover photos might disappear shortly after displaying. Fixed an issue with lazy load placeholders when added to existing content. Fixed a layout issue with the mobile pagination buttons. Fixed an unnecessary redirect when viewing a club. Fixed a potential timeout running the cleanup task. Fixed Elasticsearch being able to be set up with version 7 (which is not yet supported). Trying to do that will now show an error message. Fixed an issue where moved links may show in the topic widget. Fixed an issue where a member registering with an auto-detected language would revert back to the default language after registration. Fixed an issue where the latest activity tooltip would state "online now" when the member was offline. Fixed broken login form. Fixed status pagination loading a full page instead of comments only. Fixed non-latin characters in the URL showing incorrectly when moving between pages. Fixed an issue where the approval queue may show content in the wrong order. Fixed an issue where the guest signup block title and text was reversed in vertical view. Fixed an issue where custom friendly URLs would not use the newer `/page/2/` pagination format. Fixed an issue where club pagination in user profiles was showing the wrong number of pages. Fixed an issue where a Redis failure caused an uncaught exception. Fixed an issue where the Clubs REST API would throw an error if commerce isn't installed. Fixed an issue where online user lists may be empty following a Redis crash. Fixed an issue where incomplete member registrations were not cleared correctly. Fixed an issue where Post Before Register Followups were sent out immediately rather than delayed. Fixed an exception that prevents storage handler changes from being saved properly. Fixed an issue where the 'Failed Emails' AdminCP notification may not be removed properly. Fixed an issue where the "Anonymous login" checkbox was incorrectly checked. Fixed an issue where PBR content would be left in the database for uninstalled applications. Fixed a rare issue where a template disk cache could corrupt and affect templates loading. Fixed an issue where members created via the ACP weren't marked as completed. Fixed an issue with Flickr video embeds showing as photos. Fixed an issue with notifications not showing as unread. Fixed an issue where the exact profile field search option had no affect. Fixed an issue where the default country was not correctly set in address form inputs. Fixed an issue where the guest teaser would not show on the comment form in some circumstances. Disabled Grammarly from checking editor fields to prevent Grammarly from breaking HTML and causing broken posts. Disabled preloading of notification sound to speed up initial page load. Disabled concurrent comment merging in status replies. Removed post content from Post Before Register reminder emails to prevent spam. Removed ability to sort club menu tabs if only one tab is present. Forums Fixed a niche issue where the 'Delete Legacy Posts/Topics' background task may not work when ran via CRON. Fixed an error when moving topics in fluid view. Fixed a database error that could occur when archiving old posts. Commerce Fixed tax class being lost with renewal terms when editing a purchase. Fixed tax class being lost when renewal invoices were generated for location-specific tax rates. Fixed an issue where tickets from non-registered users may link to an empty ticket listing. Fixed an issue where AdminCP notifications for pending withdrawals link to the wrong page. Fixed Stripe webhooks unnecessarily reporting an error. Fixed category filters not displaying on mobile. Fixed an issue where creating a support request with a guest member and email address via REST API wouldn't store the email address. Fixed an issue which would result in an empty product list on the registration form. Fixed an issue searching last names in admin live search. Fixed an issue where manually creating an invoice and adding renewals doesn’t prevent an auto-renewal invoice being added later. Fixed an issue where the member subscriptions block was not editable. Pages Fixed times displaying as timestamps for some Pages blocks. Fixed records not sorting correctly by 'highest rated'. Fixed the `updaterecords` task not running correctly if a database exists that is not assigned to a page. Fixed an issue where 'follows' may not get removed when a category or database is deleted. Fixed an issue where the create menu could get out of sync when the page name or the default page were changed. Fixed an issue where adding records via the create menu may not show categories for default pages. Fixed an issue that can occur when moving a record in a database that is not assigned to a page. Fixed an issue where Our Picks can throw an error if a database is unassigned from a page. Fixed an issue where, in certain circumstances, notifications could be sent for records that weren't viewable. Removed record image dimensions from JSON-LD markup for database records to improve performance in some cases. Downloads Fixed an SQL error that could occur when upgrading from older versions. Fixed an issue where the purchase count for Files associated to purchases was shown in the widgets and downloads index page blocks. Fixed an issue in the 'Download Reviews' widget, where links to reviews on page >1 were broken. Gallery Fixed an issue where past reputation for image comments and reviews no longer displayed. Fixed browser scrollbar disappearing while editing Gallery image details in some cases. Fixed image carousel widgets not displaying correctly in certain circumstances. Fixed an issue where uploading on small screens caused the status to overflow outside of its box. Fixed an issue where images may show as unread incorrectly in streams. Calendar Fixed an issue where recurring events may show on the wrong day in Calendar. Fixed an issue where all day events specified an incorrect start and end time in search engine markup. Converters Fixed an issue where reaction images may get converted into the wrong container. Fixed an inaccurate progress bar on a background task that runs after completing a conversion. Changes affecting third-party developers and designers Added a `$statementReverse` parameter to use `NOT IN` in the where clause when `\IPS\Db::select()` is passed to `\IPS\Db::delete()`. Added a further check when trying to choose which storage configuration should be used for new storage extensions. Added a new Language String Option `removeLazyLoad` which will remove the lazy load links while parsing the language string. Fixed an incorrect class reference when passing `\IPS\Db::select()` to the `$where` parameter of `\IPS\Db::delete()`. Fixed a search error that could occur with 3rd party applications. Fixed an issue with the rest API where output was json encoded before language replacements. Changed the default parameter in the `IPS\Content\Review::url` method.' Removed unused code in the \IPS\core\modules\admin\promotion\advertisements::getHtml method. Removed UI for immediately sending Bulk Mail, all Bulk Mail will now be sent via background queue.
  15. IPS Community Suite 4.4.3 Released 04/25/2019 Key Changes Version 4.4.3 is a small maintenance update to fix issues reported since 4.4.2. Additional Information Security Fixed an XSS concern deleting members in the AdminCP. Fixed an XSS concern managing Downloads versions from the changelog view. Fixed a minor XXE possibility in blog RSS imports. Core Upgraded CKEditor to 4.11.4. Updated LinkedIn login handler to use the LinkedIn v2 API. Improved performance when merging two comments with duplicated member reactions for large sites. Improved performance when working with edit history logs. Improved security of how passwords are handled in the code to decrease the likelihood of a password being included in an error log. Improved the display of the upgrader confirmation page. Improved performance of the latest activity stream shown on user profiles. Improved anonymous log in tracking to resolve an issue with "Since my last visit" activity streams Improved the UX configuring moderator permissions for clubs, including the ability to disable club-level moderators. Improved database error reporting in certain error situations. Improved performance of a 4.1.8 upgrader step. Changed AdminCP notifications for "A new member has completed registration" and "A member is flagged as a spammer" to show all applicable members grouped into a single notification, rather than a separate notification for each member. This change gives a significant performance improvement for sites which have lots of new registrations. Fixed multiple formatting concerns with custom profile fields. Fixed an issue where restoring soft-deleted content would throw an exception under specific circumstances ( e.g. when there was no record in the soft deletion log ). Fixed an issue where the member group restriction to require one piece of approved content before users can bypass content moderation was not correctly applied to posts made before registering. Fixed an issue where deleting a member's content and then deleting the member may result in the content not being removed. Fixed SVG images breaking when served through the built in image proxy. Fixed an issue with profile completion if you choose not to upload a profile photo. Fixed third party processor information not showing when users are forced to reaccept an updated privacy policy. Fixed the "Remove followers from uncommented content" setting not working. Fixed an issue where clicking to delete a member twice might result in all status updates being removed from the search index. Fixed an issue where copying content from one area with an attached image and pasting into another area may result in a broken image. Fixed an issue where allowing a user to moderate comments, but not items, would result in an error when using the multi-moderation menu. Fixed inability to edit profile fields by members if the field was not displayed on the profile. Fixed invalid HTML in the quick search form. Fixed an issue where a comment or post made before registering which requires moderator approval after the registration is completed may not update the container flag to indicate that comments within the container require approval. Fixed an error where the member view in the AdminCP may become broken if the member history for the user includes an old subscription group change and Commerce is not installed. Fixed an issue where broken letter photos may be displayed in emails. Fixed an issue with clean up tasks where they may try to delete a member that doesn't exist. Fixed an error that can occur if you double click the "unfollow" button quickly. Fixed autosaved content in the editor not clearing out when it was deleted within the editor. Fixed an issue where MFA while the login would send 3 'new device' emails to the member instead of only one. Fixed an issue where attachment links inserted into content may have a hard coded URL. Fixed an upgrade issue where custom file storage configurations in 3.x may not be preserved correctly when upgrading to 4.x. Fixed an uncaught exception when visiting a specifically malformed follow link. Fixed attachment bbcode tags not converting correctly when upgrading from version 2.0 or older. Fixed the About Me default custom field not showing on new installs. Fixed email statistic charts so they report more accurately. Fixed issues with performing advanced member searches in the AdminCP when multi-select custom profile fields are present. Fixed a minor inconsistency with group name formatting. Fixed an issue rebuilding certain meta data in Elasticsearch. Fixed an issue where items and comments queued for deletion or submitted by a guest prior to registration are returned via the REST API. Fixed an error when searching a specific search string. Fixed a possible error that can occur during login when using the post before register feature. Fixed the Notification Settings form in the Admin CP so that it can save properly. Fixed an issue where Login Handlers were shown out of order. Fixed an issue where the canonical link HTML tag may include unnecessary query string parameters (i.e. filters). Fixed an issue where AdminCP settings search results were not always highlighted when clicked on. Fixed an issue where the pagination for comment and review areas wouldn't link directly to the comments area when Javascript is disabled. Fixed an issue where content item and comment widgets would show content from not specified categories. Fixed an issue where editor auto saved content may not be removed. Fixed an issue where some content may not show a report link. Removed the hide signatures toggles from guests when they are able to see signatures. Prevented search engine spiders from following the cookie notice dismissal link. Removed poll votes from showing in the All Activity stream. Removed ability to copy theme settings. Removed the unread indicator in several widgets because it can't be used there because of the widget cache. Removed the ability to toggle cover photos in clubs list when no image was uploaded. Fixed an issue where the support tool could incorrectly report undiagnosed problems. Fixed missing images when lazy loading is enabled in several areas. Fixed an HTML validation issue with mini-pagination next to multi-page content item titles. Fixed an uncaught exception which is thrown by the Admin Notification System. Fixed member validation display issue in ACP notifications page while mobile. Fixed attachments being added to an editor which has attachments disabled. Fixed an issue where a display name sync error may be displayed on the AdminCP member profile. Fixed two language strings where countries have changed their names: Macedonia is now North Macedonia and Swaziland is now Eswatini. Fixed some broken messenger related links. Core - Clubs Fixed "Clubs" tab showing when splitting content even if clubs are disabled. Fixed display issue with club tabs on mobile devices Removed ability to reorder club tabs on mobile devices Forums Fixed a duplicated error code in the topics REST API endpoints. Fixed images used in forum rules not displaying when image lazy loading is enabled. Fixed a potential upgrade error when reformatting forum rules during the 4.0.0 upgrade routine. Commerce Added an additional subtotal language phrase to the cart summary for localization flexibility. Improved legacy parser to potentially allow conversions of tables in content. Changed renewal terms to not allow $0 renewals. Fixed an error occurring submitting new tickets when read/write database separation is enabled. Fixed an issue where up/downgrading a purchase could result in an error or the expiry date changing incorrectly. Fixed an issue where a cancelled subscription may still generate a renewal invoice (and subsequently charge the user). Fixed tax class being lost with renewal terms in some cases. Fixed an issue where images may not show in printable invoices if lazyload is enabled. Fixed support stream date-based filters producing incorrect results. Fixed stock action text not defaulting in the form when creating a new ticket from the AdminCP if you do not use a signature. Fixed an issue where the password field on the store checkout form might disappear if using Chrome's password autofill feature. Fixed an issue where invoices may not have a billing address set when one is available. Fixed an issue where a template error may be thrown for non-recurring subscriptions. Fixed a missing language string if you had servers configured prior to upgrading to 4.4. Fixed adding a custom package to an invoice. Fixed an exception being logged when rebuilding the search index if any custom packages have been created. Fixed the PayPal Billing Agreements radio element not showing selected if BAs are enabled. Fixed an issue where files uploaded to a custom field may not be downloadable. Removed a stray HTML end tag. Restored Braintree gateway option. Included a disclaimer about qualification process. Pages Fixed an issue where cloning a custom field would result in a database error. Fixed an issue on the media page where the "File Overview" Tab was not set as activated and also not clickable when one or more files from the file list were selected. Added last modified date to database category and record sitemaps. Gallery Changed the reputation type flag for album comments and reviews to resolve bugs where the reputation may be mistakingly treated as if it belongs to an image comment or review. Fixed an issue submitting images to an album if the category requires moderator approval. Fixed an error that can occur when downloading the original image in Gallery if the original image is missing on disk by forcing the largest available size to download instead. Fixed image lazy loading not working correctly in category rules, descriptions and custom error messages. Fixed the submission dialog box potentially showing an incorrect dialog title. Fixed an issue where uploaded videos could not be played in the lightbox. Fixed editor showing twice for each image during submission. Downloads Added a group setting that will allow users to bypass download restrictions when downloading a file that's been purchased. Added the ability to shut off version numbers per-category. Improved the header styling on the homepage. Improved performance, especially of the index page. Reduced top spacing (margin) of the sidebar when viewing the index page. Fixed an issue where custom fields may show out of order. Blog Fixed an issue where the previous and next link under the blog entry could link to hidden or soft deleted entries. Fixed some minor UI issues with the "Blogs" widget. Calendar Added an option to prevent edits and RSVPs for events that have passed. REST & OAuth Fixed the search REST API endpoint. Converters Improved vBulletin archive redirects. Improved vBulletin blog conversions to retain the date the blog or blog entry was followed. Fixed an issue where converted members won't be marked as completed. Fixed an issue when trying to convert from a platform with converters for apps that are not installed. Fixed an issue where PM replies may be duplicated when converting from vBulletin. Fixed an issue with converting comments from Vanilla. Upgrader Fixed an edge case issue where some legacy customers may be unable to use the AdminCP upgrader. Changes affecting third-party developers and designers Backwards-incompatible changes that may affect third party applications / plugins: Methods that handle passwords in login handlers (authenticateUsernamePassword(), authenticatePasswordForMember(), changePassword()) now receive an object which can be cast to a string, rather than a normal string, for the password. This reduces the likelihood of a password being included in an error log. The onPassChange MemberSync callback now receives an object which can be cast to a string, rather than a normal string, for the password. This reduces the likelihood of a password being included in an error log. Enhancements / fixes for developers: Added a new constant \IPS\DEV_LOG_HEADERS which allows you to log all headers being sent during responses. Better abstracted code that dynamically builds class paths for areas that are no longer using iterators. Improved some extension skeleton files to not cause a ParseError once the extension is created. Fixed color fields not initializing for new rows added in a manageable matrix. Fixes that only affect developer mode or third party apps/plugins: Fixed some functions not being called from the root namespace and throwing warnings when in developer mode. Fixed an undefined index loading form to add a new hosting server in Commerce. Code-level fixes that may have been causing bugs in third party apps/plugins: Added code comments to all of the default constant values in init.php explaining what they all do. Ensured all default wizard instances are cast as a string before being sent to the output handler. Fixed an issue when pluralization and sprintf functionality is used together and the placeholder is used in the pluralized string. Fixed an issue with post before register where it was assumed content items would have a container. Fixed an exception when post before registering is checked against a content item that supports reviews but not comments. Fixed some ambiguous column concerns with the \IPS\Content\Item::_comments() method. Fixed an issue editing titles via Ajax when the item class does not use containers. Fixed an issue where the release date may not show correctly for third party plugins or themes. Fixed some functions not being called from the root namespace and throwing an IN_DEV warning. Fixed the widget configuration form being called twice which may result in some form elements duplicating. Improved some extension skeleton files to not cause a ParseError once the extension is created.
  16. Example configurations The following examples explain how to add rules with CSF, APF, and the iptables application. Important: We do not recommend that you use these examples for your personal configurations. Instead, make certain that your firewall rules match the way in which you use cPanel & WHM's services. CentOS 7, CloudLinux™ 7, and Red Hat® Enterprise Linux (RHEL) 7 servers have additional requirements. For more information, read the CentOS 7, CloudLinux 7, and RHEL 7 firewall management section below. CSF ConfigServer provides the free WHM plugin CSF, which allows you to modify your iptables rules within WHM. To install CSF, run the following commands as the root user: 1 2 3 4 5 cd /usr/src rm -fv csf.tgz wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf && ./install.sh To configure CSF, use WHM's ConfigServer & Firewall interface (Home >> Plugins >> ConfigServer & Firewall). Note: For more information about how to install and use CSF, visit the CSF website. APF APF acts as a front-end interface for the iptables application, and allows you to open or close ports without the use of the iptables syntax. The following example includes two rules that you can add to the /etc/apf/conf.apf file in order to allow HTTP and HTTPS access to your system: 1 2 3 # Common ingress (inbound) TCP ports IG_TCP_CPORTS="80,443″# Common egress (outbound) TCP ports EG_TCP_CPORTS="80″ Note: For more information about APF, visit the APF site. iptables The iptables application offers more customization options for your packet filtering rules. This application requires that you understand the TCP/IP stack. The following example includes iptables rules for HTTP traffic on port 80: Note: This example assumes that a DMZ exists on eth0 for the port, and the broadcast IP address. 1 2 $IPTABLES -A FORWARD -p TCP -i -o eth0 -d -dport 80 -j allowed $IPTABLES -A FORWARD -p ICMP -i -o eth0 -d -j icmp_packets Note: For more information about the use of iptables, visit the iptables site, or run the man iptables command from the command line. CentOS 7, CloudLinux 7, and RHEL 7 firewall management Servers that run the CentOS 7, CloudLinux 7, and RHEL 7 operating systems require that you use the firewalld daemon. Important: We recommend that you only use the firewall utilities on CentOS 7, CloudLinux 7, and RHEL 7 servers. Note: For more information about the firewall utilities and the firewalld daemon, read Red Hat's Using Firewalls documentation. The cpanel service Important: The /usr/local/cpanel/scripts/configure_firewall_for_cpanel script clears all existing entries from the iptablesapplication. If you use custom rules for your firewall, export those rules before you run the script and then re-add them afterward. cPanel & WHM version 11.50 and later also includes the cpanel service, which manages all of the rules in the /etc/firewalld/services/cpanel.xml file. This allows TCP access for the server's ports. To replace your existing iptables rules with the rules in the /etc/firewalld/services/cpanel.xml file, perform the following steps: Run the yum install firewalld command to ensure that your system has firewalld installed. Run the systemctl start firewalld.service command to start the firewalld service. Run the systemctl enable firewalld command to start the firewalld service when the server starts. Run the iptables-save > backupfile command to save your existing firewall rules. Run the /usr/local/cpanel/scripts/configure_firewall_for_cpanel script. Run the iptables-restore < backupfile command to incorporate your old firewall rules into the new firewall rules file. https://documentation.cpanel.net/display/CKB/How+to+Configure+Your+Firewall+for+cPanel+Services
  17. IPS Community Suite 4.4.2 Released 03/28/2019 Key Changes Version 4.4.2 is a small maintenance update to fix issues reported since 4.4.1. Additional Information Core Adjusted the AdminCP live search to look for search strings within the name and email address (instead of only at the beginning) for sites with less than 1,000,000 members. Improved error reporting for unexpected exceptions in some cases when manually running tasks. Upgraded CKEditor to 4.11.3. Added some AdminCP live search keywords for the Icons & Logos page. Adjusted search results processing to automatically clear out invalid results when detected. Adjusted comment and item widgets to restrict by the last year to prevent slow performance. Fixed an issue where the leaderboard may not correctly rebuild. Fixed an issue where searched terms may not be highlighted on the search results page when using Elasticsearch. Fixed being unable to reach the last page of search results with Elasticsearch. Fixed an issue where users could encounter an error by logging in with a new social account after already associating with a social account. Fixed mobile PWA manifest file not being accessible to guests when guests are required to login to use the site. Fixed an issue where javascript would not load due to a bug in the 3rd party Howler library. Fixed an issue where the prune members background task may stall if it encounters a staff account. Fixed an issue where email link tracking may not apply to all bulk mails sent. Fixed an edge case issue where it was possible for the lazy load rebuild to affect embedded videos. Fixed an upgrade issue that can occur if you have more than one of the same email address specified for upgrade notifications. Fixed an issue where imported members accounts were not marked as completed. Fixed an issue where changing the warning type on the warning form would not toggle the 'remove points never' checkbox to the correct value Fixed an issue where profile fields display HTML code when applying custom formatting. Fixed an issue where the upgrader could link to an incorrect theme when reporting theme conflicts. Fixed an issue with the upgrade now link on the front-end notification banner. Fixed an issue where the display name filter wouldn't store the "either" option. Fixed images with uppercase extensions not launching the lightbox correctly. Fixed an issue where page styling is lost temporarily when clicking "Check Again" on the support tool in the AdminCP. Fixed an issue with comment widgets where editing them may not show the correctly selected date range. Core REST API Fixed an error adding a member to a club through the REST API. Forums Excluded archived topics from email digests. Fixed an issue where post counts for forums may be incorrect if archiving is used. Fixed an issue where merging two topics may show the topic at the wrong position in the forum listing. Prevented a possible infinite redirect problem when merging two topics simultaneously with each other. Applied group name formatting to member names in topics when viewed on a phone. Removed redirect forums from fluid view. Gallery Fixed an error upgrading Gallery when there are orphaned albums. Blog Fixed guests being able to post comments without permission to do so. Fixed blog entry ratings not displaying. Fixed a minor display issue with blog ratings and tags when viewing blog entries. Commerce Improved the display and functionality of non-recurring subscription packages. Improved security of public endpoints that receive webhooks and other notifications from gateways. Fixed an issue where guests who cannot view the site cannot register if a subscription is required to be purchased during registration. Fixed not being able to check out through Braintree purchasing a subscription while using a credit card. Fixed upgrading of expired purchases resulting in account credit being issued. Fixed an issue where creating a subscription without renewal options would result in a error. Fixed an issue where deleting a subscription wouldn't delete the cover image. Fixed an issue where the recount background task would fail. Pages Fixed an issue where the record revision list would show the same diff for each revision Fixed an HTML validation error with record comments. Downloads Fixed being unable to submit multiple files at once. Converter Fixed an issue where Javascript/HTML may be stripped from code boxes in vB5. Fixed an issue where some data may not be converted when converting from SMF, Vanilla, ExpressionEngine. Fixed an issue where some converters may not be available for use (bbPress, Coppermine). Fixed an issue with SMF conversions where forums may not allow new posts following the conversion. Pages Fixed guests being able to submit articles without permission to do so. Changes affecting third-party developers and designers Fixed an ErrorException occurring when a user receives their first PM during the instantNotifications AJAX polling. Adjusted the `Content\Item::_comments()` queries to not cause a MySQL Error when 3rd party code hooks into Comment::joins to add additional joins. Fixed an issue where `\IPS\Lang::replace` would change non-string values into an empty string
  18. https://go.cpanel.net/auditd https://forums.cpanel.net/resources/auditd-the-linux-auditing-system.533/
  19. While auditing email accounts in my cPanel I noticed that the space usage on some accounts, especially the default email account is not updated. I checked the mailbox of my default email account via Webmail and noticed nothing there. Then, how it’s showing some MB of space usage in cPanel? I decided to check the back end for any hidden files/folders which causing this issue. I checked the cur, new, tmp, .Trash and .Send folders in its mail directory (/home/username/mail/) and cleared those directories, restarted the cPanel. And nothing changed on cPanel. The size usage for the default email account still showing the same disk space usage. This might be due to the cPanel configuration problem or due to any mess up happened while running the default cPanel scripts to check and update the disk space usage of all the cPanel accounts. We can update it manually. I found the following solution for this disk usage problem on default email account. Please do the following steps to fix it. Method I (This will fix this problem) Step 1 : SSH to server as root user. # ssh root@host Step 2 : Execute the following script: # /scripts/generate_maildirsize --confirm --allaccounts --verbose cpaneluser Replace “cpaneluser” with the cPanel user name. For example: # /scripts/generate_maildirsize --confirm --allaccounts --verbose crybit2012 Here crybit2012 is the user name for that cPanel account. That’s it! Just login into the cPanel once again and check the disk usage now. Method II (If the above method did not work) If the above method did not help, you can use the following steps: Step 1 : SSH to server as root user. Step 2 : Locate the following files email_accounts.yaml and email_accounts.cache and clear/delete. Now check the disk space usage of the email accounts in cPanel and verify that the disk space usage is showing correctly. Please check it and let me know if you have any questions. https://www.crybit.com/email-accounts-disk-space-usage/
  20. The most important part of maintaining a secure CMS installation involves keeping your software and your plugins up to date. It is of vital importance to keep WordPress core, plugins and themes updated. Once an update is released, it needs to be applied as soon as possible to close any security holes. Functional problems with updates must be considered. It is possible that an update will break some of the functionality so a backup is recommended before updating the core. The OWASP Foundation Here's a handful of handy resources you can take advantage of: Wordpress: OWASP Wordpress Security Implementation Guide [OWASP] Wordpress: Hardening Wordpress [Official Wordpress Codex] General: How to Secure your CMS [MalwareBytes] General: A Security Overview of Content Management Systems [Detectify] Joomla!: Security Checklist [Official Joomla! Documentation] Drupal: Securing Drupal 8 [Official Drupal Documentation]
  21. mysql_full_unicode_support#File_format this test must pass Your database uses Antelope as the file format. Full UTF-8 support in MySQL and MariaDB requires the Barracuda file format. Please switch to the Barracuda file format. See the documentation MySQL full unicode support for details. Check mysql_full_unicode_support#Large_prefix this test must pass For full support of UTF-8 both MySQL and MariaDB require you to change your MySQL setting 'innodb_large_prefix' to 'ON'. See the documentation for further details. [/code[ in that case there are various approaches to a solution I'm using Mysql 5.6.17 with WAMP Server I solved the problem by editing the my.ini file Find the category [mysqld] there add the following instructions [mysqld] innodb_file_format = Barracuda innodb_large_prefix = 1 innodb_file_per_table = ON https://stackoverflow.com/questions/35847015/mysql-change-innodb-large-prefix
  22. IPS Community Suite 4.4.1 Released 03/05/2019 This is a security release and we recommend all clients upgrade as soon as possible. Key Changes Version 4.4.1 is a small maintenance update to fix issues reported since 4.4.0. This release also contains a critical security update for Commerce. Additional Information Core Improved auto-upgrader for Community In The Cloud clients when an unexpected failure is detected. Added AdminCP search keywords to aid in finding certain new features in 4.4.x. Made several adjustments to HTTP/2 push/preloading to improve overall performance of most requests and resolve minor bugs. Changed database connector so that a database connection is only established once it is actually needed. Improved performance of 4.4.0 upgrades for sites with lots of members. Improved performance of content item and comment sidebar blocks restricted to specific containers. Improved Post Before Registering to allow the user to remove their submission and email address. Changed the error message for a failed login the same regardless of the reason for extra security. Fixed an issue where guest "post before register" submissions may show up in widgets before the guest registers. Fixed an SQL error during the 4.4.0 upgrade in some environments. Fixed several areas in the suite where images were not "lazy-loaded" as expected. Fixed link styling in announcement banners making the text difficult to read in some browsers. Fixed an issue where private conversations may incorrectly get flagged for automatic moderation. Fixed miscellaneous HTML markup errors. Fixed an issue where users could encounter an error by logging in with a new social account after already associating with a social account. Fixed some issues with the "Emails failing to send" AdminCP notification. Fixed frontend upgrade notice linking to the frontend instead of ACP. Fixed Application icon getting lost when the datastore is flushed. Fixed 'Error is logged' AdminCP Notification displaying incorrectly. Fixed an issue where the newsletter signup block was showing an error to guests. Fixed incorrect colors showing in the visual theme editor when creating a new easy mode theme. Fixed an issue visiting certain URLs when a community is installed into specifically named subdirectories. Fixed the email statistics setting not showing the correctly saved value. Fixed an issue with button spacing on mobile. Fixed an issue where streams may go missing if a guest member object is deleted. Fixed a styling issue on certain forms such as the AdminCP notification preferences form when using locales with a comma as the decimal separator. Fixed an issue where pagination may not work when 'rewrite FURLs' is not enabled. Fixed posts not retaining code syntax highlighting with some code languages. Fixed an issue where private conversations can be very slow to search. Fixed an issue with the Emoji shortcode popup when lazy load and Twitter Emoji are used. Fixed an issue with the setting for "Users can see records posted by other users" not being honored. Fixed some issues related to setting a custom start url in the web manifest. Fixed an issue where the prune members background task may stall if it encounters a staff account. Fixed an edge case issue where it was possible for the lazy load rebuild to affect embedded videos. Core - REST Fixed disabled applications showing in the REST API area of the AdminCP. Fixed the Invision to Invision OAuth 2 login handler attempting to sync letter photos. Forums Improved performance of the post feed widget. Commerce Removed Braintree option for new payment gateways. Removed the package moderation ability for moderators on the frontend. Removed a recommendation to switch to Braintree during upgrade. Restored ability to set up PayPal Billing Agreements. Fixed upgrading of expired purchases resulting in account credit being issued. Fixed inconsistent styling being applied to the Latest Products sidebar block. Made the grid vs list view theme setting translatable. Fixed an error viewing hosting accounts. Fixed PayPal checkouts through Braintree failing when tax is applied to the purchase. Fixed a missing language string when managing hosting accounts. Fixed an issue with configuring Braintree, if you have had any issues please open and re-save the Braintree settings. Fixed an issue where paid support request custom fields would show for none paid support departments. Fixed an issue where viewing a product may not work under certain circumstances. Fixed a duplicated HTML element ID (which prevents the page from passing as "valid HTML"). Fixed an issue where the Facebook Pixel for purchase events was missing currency and value. Pages Fixed an issue where reciprocal "back links" may be incorrectly deleted from records. Fixed an issue where importing a database would fail. Fixed a potential upgrade issue if orphaned data was present. Gallery Fixed an issue where notifications for new images can send indefinitely. Fixed an error attempting to move all albums from a category to another category in the AdminCP. Downloads Fixed an issue where notifications for new files can send indefinitely. Fixed issues with Downloads files linked to Commerce packages that are deleted. Blog Fixed a styling issue with the blog header on mobile. Clarified that guests will bypass the post before register feature when guests have the "Can comment on blog entries" Group Setting is enabled. Converter Fixed issues converting tags for database records in some cases. Changes affecting third-party developers and designers Made Commerce Gateways extensible by removing hardcoded namespace paths to Gateway classes. Changed the FileStorage skeleton file so that a new instance does not cause a PHP error by default. The Widget skeleton file was updated to follow the new 4.4.0 logic for widget display options. Fixed an issue cloning custom fields if non-standard column names are used. Trying to set an invalid value for a setting will result in an InvalidArgumentException. Automatic moderation will now only be applied to content types that implement \IPS\Content\Hideable as this is required for automatic moderation to function correctly. Fixed an ErrorException occurring during content promotion when Facebook is set up but no Facebook Pages have been linked for promoting. Fixed an ErrorException that can occur if you attempt to upgrade/downgrade a package without renewal options in Commerce while IN_DEV. The frontend template controlStrip now supports specifying the target attribute for links. Fixed an ErrorException occurring when a user receives their first PM during the instantNotifications AJAX polling.
  23. Good news! Version 4.4.0 of Invision Community is now available. This includes a security patch and we recommend you upgrade as soon as possible. Major New Features / Enhancements Post Before Registering Animated GIFs AdminCP Notification Center New Email Features: Email Statistics Email Advertisements Unfollow Without Logging In SEO Improvements: Improved pagination with page number now in path (rather than query string) and unique page titles for paginated pages. Improved use of canonical tags. Improved handling of empty containers and profiles to reduce soft 404s. Improved JSON-LD markup, adding @id tags and fixing URLs for comments. Removed page output hidden by JavaScript. Performance Improvements: Added Lazy Loading for images, which will speed up page rendering. Added HTTP/2 support with prefetch/preload. Added support for Brotli compression. Improved default profile photos to use inline SVGs rather than generated images, which will speed up page rendering. Improved browser caching of pages served by the guest page cache, which will reduce the number of requests reaching the server. Improved handing of session data for guests to reduce database reads for guests. Optimized images to reduce file size for faster page rendering. Other minor performance improvements to reduce database queries and fix unnecessary code execution. Commerce Store Filters allow customers to filter products by price, review, stock, or custom admin-defined filters. Core Added setting to display user group formatting in more areas (see 6 New Micro Features). Added less intrusive browser notification prompt in Notifications menu (see 6 New Micro Features). Added ability to show sidebar blocks to only certain types of devices (see 6 New Micro Features). Added ability for club owners to reorder the navigation tabs (see 6 New Micro Features). Added ability for announcements to be linked to an URL or be a title only (see 6 New Micro Features), improved consistency in how announcements are shown in different areas. Improved UI for entering time intervals in AdminCP settings (see 6 New Micro Features). Added a new Icons & Logos section in the AdminCP which allows providing logos for use when sharing links from the community, adding the community as a home screen app on a mobile device (along with additional settings for a PWA manifest to control certain aspects the community’s behaviour when used in this way), and in Safari’s favourites menus and pinned tabs on macOS. Added a new UI for attachments, showing a box with some information about the file, rather than a plain line (see Turbo charging loading speeds). Commerce Braintree Gateway including support for PayPal (with recurring payments), Venmo, and cards. Deprecates some PayPal features. Added ability to target bulk mails to members who have spent certain amounts. Added sidebar widgets for best sellers, latest products, product reviews and a featured product. New Server Requirements: PHP 7.1.0 or higher required (7.3.x now supported). MySQL 5.5.3 or higher requires (5.6.2 recommended). Removed Features Removed EmojiOne-style emojis due to licensing issues. Removed Gravatar support due to privacy concerns and performance issues. Removed password hashes when downloading a member list from the AdminCP. This is for security, to reduce the ease of obtaining sensitive data if the AdminCP is ever compromised. Removed the name of the content (e.g. topic) from the “Next Unread” link which could consume significant server resources on large communities. Also included: 4.3.6 This is a maintenance release to fix reported issues.