Administrator

I'm a clean freak, I like things tidy and neat, overtime many sites can get filled with many left over files and folders from previous version, and other items you may or may not need anymore.

The following guide will show you how to perform a clean upgrade to IPS4 from 3.4.x.

1. Take a backup of the file system and database.

2. Copy the following files and folders from your existing site.

(Yes that is all you need normally from the older version, the file structure on IPS4 is all new so this is a good time to "clean up")

3. Make a temp folder name whatever you would like on your FTP, move all other files but the above to that temp directory, this is a temp place to move them, once the upgrade is completed, and you are sure you didn't forget anything you need, you can delete this temp folder and all contents.

4. Next upload the IPS4 files to your site

5. Once they are all uploaded, verify all were written properly.

6. Adjust permissions as needed/if needed on the writable folders.

7. Proceed to http://www.yourdomain.com/admin/upgradeto process the upgrade.

After upgrading to IPS4 from 3.x, there is a rebuild that needs to take place, if you have the server resources available, then you can increase this "amount per cycle" from 50 to 200 or so. 

applications/core/extensions/core/Queue/RebuildPosts.php line 29

Example improvement:

16Core Machine, 16GB Ram, SSD Drives, went from 50 per cycle, in about 1 second to 200 per cycle in about 2 seconds. I wouldn't go over 200-300 or so. 

08-07-2015

We are releasing a patch for IP.Board 3.3.x and 3.4.x to address a potential cross-site scripting (XSS) issue, and we are releasing a patch for IP.Nexus 1.5.9 to address an issue where license keys may be exposed to unauthorized users. The IP.Nexus patch also includes an updated SagePay payment gateway, required for all users that use Sagepay integration as of July 31, 2015, as well as an update to the Stripe payment gateway to use their "v2" javascript integration.

It has been brought to our attention that specifically crafted files uploaded as attachments to IP.Board may allow for javascript to execute.  It has also been brought to our attention that specifically crafted URLs may allow for exposure of license keys otherwise kept private throughout IP.Nexus.


To apply the patch
Simply download the attached zip for your IP.Board version and upload the files to your forum server.

IP.Nexus 1.5.x:

nexus_patch_08072015.zip

IP.Board 3.4.x:

board34x_patch_08072015.zip

IP.Board 3.3.x:

board33x_patch_08072015.zip


If you are an IPS Community in the Cloud client running IP.Board 3.3 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.3, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.8 or IP.Nexus 1.5.9 after the date and time of this post, no further action is necessary as we have already updated the main download zips.

We would like to thank ESET for reporting the IP.Board XSS issue to us, and we would like to thank user "vekmor" for reporting the IP.Nexus license key exposure issue to us.

View the full article

Everyone at IPS has been working hard to continue development on our new IPS Community Suite 4 platform. We have been getting great feedback from clients and are looking forward to implementing your ideas as we keep moving forward.

Most of July was spent with a focus on stability of version 4.0. As with any new platform there is a lot to learn and address once it gets out into real world use. Stability realeases are not very exciting and do not make for a fun blog entry  but we have fixed hundreds of bugs with each maintenance release and continue to keep that as our focus. Clients are reporting that things are greatly improving and we are happy to hear that! Of course there are always some issues but the majority are running great.

So that's really it for July. I know, it's seems like not much but it's actually tons of work from our team to keep getting things better each day. But don't worry! We have some exciting new features in the works that will be introduce in August so do keep watching and keep letting us know you feedback. 

View the full article

Add the following to your conf_global.php file and save.

ini_set('display_errors',1);

This is the first in a series of monthly blogs IPS will be posting to keep you up to date on what is happening. Just in case you missed it!

New Web Site

We launched our new web site featuring IPS Community Suite 4! Featuring our newest technology has been great for new and old clients alike. Our demo system is now using IPS Community Suite 4 as well so feel free to sign up and give it a try.

Release Announcements

In the past we would post an announcement for every release we did. With IPS Community Suite 4 that is not really necessary as the new upgrade system notifies you in your AdminCP when an update is available. Not only that but you can easily download a list of only changed files to quickly upgrade your Suite. It is really nice for us to be able to push updates out to you much more quickly and for you to not have to uploads a lot of unnecessary files for a quicker upgrade.

Release Notes

Be sure to check out our new Release Notes section. Theses notes are also fed into your AdminCP on release time but you can also check here for previews on the next release in production. Even more interesting is our Coming Soon section that shows things coming up in the next month or so. It's a great way to keep track of what is in the immediate future so you can plan your community development.

Development Progress

Since we released version 4.0.0 we have made 13 releases to add features requested by our clients, fix bugs, and improve performance. It has been a busy and exciting time. We are so happy that the vast majority of our clients are really happy with IPS Community Suite 4.0. It's also great to see clients provide so much feedback so we can continue to improve. One of our key goals is to communicate what is coming up next and our Release Notes section has been a really great way to do this and clients are enjoying the constant updates.

For those of you interested in such things: we finally switched from SVN to Git. We started using SVN many years ago when it was the cool thing and have been wanting to switch to Git for our repository for some time. Obviously this is not something that impacts our clients but it's really exciting to the group of nerds that is IPS development staff so they felt I should highlight this!

In addition to lots of bug fixes and performance improvements, here are some new additions to IPS Community Suite 4 in the last month:

• Guest caching feature can now be used with MySQL (previously required a caching engine like memcached)
• New mobile pagination
• Max width option for video embeds
• Legacy PayPal gateway to allow for older PayPal Subscriptions to still be recognised.
• Attachment Type Restrictions: You can now choose from three options for file attachments in any post content: No files, Images only (this will actually check to make sure an uploaded file is a valid image) or All files (this is default) - If you choose "All files" you have the option to provide a list of allowed file extensions.
• Merge Concurrent Posts: If a user makes a post or comment and then makes another post or comment on the same item before any other user, the posts will be merged. There is a setting to disable or set the time limit for this to happen. There is a clear, visual indication when a merge happens to avoid confusion to the end user.
• Moderators can click and hold on topic and other item titles to quickly edit.
• New setting to optionally set products in Commerce to have a grace period to remain active for a period of time after expiration.
• New setting to specify domains to exclude from having rel='nofollow' added to links.
• The "+ Create" menu at the top of the page now has an option to create an announcement.
• New button to post a status within the status updates widget
• You can now embed Pages database entries by pasting their link.
• New widgets for blog entry, gallery images and downloads files feeds.
• Widgets displaying content feeds can now be given a custom title.
• The subject lines for emails sent about new content have been changed slightly so email clients can group them better.
• Announcements now show on every page by default (but can still be removed).
• New ability to disable but not uninstall an app.

In case you missed it: version 4.0.8.1 contained a security update. You would have been alerted both in your AdminCP and on our Release Notes page. Be sure to always stay up to date.

What's Next

Version 4.0.10 is already in development and our Coming Soon list is well under way:

We will be announcing those exciting changes in the next few weeks!

Past Updates

As this is our first update entry we didn't provide previous updates so here is the list of things added since 4.0.0 original release that were prior to the last month:

• Pages can now be run under your install directory
• Support Tools enhancements: You can optionally create an admin account and send that as a hidden field to our support staff. A reminder is set in the AdminCP dashboard for you to remove this account once your support request is done. You can optionally send the last PHP and MySQL error logs (if any are recent) as part of your support request.
• When a new version of IPS Community Suite 4 is available you will now see release notes. This feature is added in 4.0.2 but will not show until 4.0.3 is available.
• You can now set a maximum image dimension size. If a user uploads an image larger than that setting it will be resized down and the smaller size saved.
• Setting to limit the length of content item titles Suite-wide
• Added new notification setting for Members you Follow. On install and upgrade, this setting is off by default to prevent your users from getting bombarded with notifications for members they follow until they are able to decide their preference.
• If you enable the "use SSL for logins" setting then this will apply to the entire AdminCP: not just the login form. Setting was renamed to reflect this.
• You can now specify the default view option for the Commerce store front: grid or list.
• When you upload files for a new version, the AdminCP login box will now prompt you to run the upgrade system before showing login form.
• Queue tasks should run faster
• You can now select multiple locations for an advertisement rather than just one in Advertisement settings.
• We now support multiple version management. This means that we will no longer release "patch files" for major bugs or security issues but will instead simply release a new version even if that new version may only contain one changed file. No more losing track if you have or have not patched as you will simply make sure you're on latest version.
• Emoticon sets can now be reordered. You can also now delete entire sets.
• Bulk email system can now filter based on Commerce packages and information.
• The support tool in the AdminCP will now do MD5 checksum on all PHP files on the system. This allows the system to detect any modified PHP files which is useful both for support and for security. The master checksum values are fetched remotely from IPS to ensure the list is not tampered with locally.
• Interface improvements to Gallery
• Theme comparison tools

View the full article

To prevent direct access to your site/server/ip, you can block all other direct traffic that isn't routed through incapsula (assuming you are using it)

To do so you can add the following to your htaccess file.

order deny,allowdeny from allallow from 199.83.128.0/21allow from 198.143.32.0/19allow from 149.126.72.0/21allow from 103.28.248.0/22allow from 185.11.124.0/22allow from 192.230.64.0/18allow from 45.64.64.0/22

Add this to your conf_global.php file if needed to temp update memory available.

ini_set( 'memory_limit', '128M' );

There are many ways for a site to get compromised however most are the same result, hackers either try to use your site to serve malicious files, or try to redirect your users to infected sites.

Here are some things that are common that hackers do that you should look our for.

1. They will always try to leave behind a file or two as aback door into your system, it's a good idea to understand what files are good files and what files are bad. To do this you can compare the file set of your site to a fresh file set from a download. 

2. Look for files with odd or random .php extensions, here are some examples, these are not exact names, but examples of a typical naming structure, they will either be short and sweet like sh.php or a random string followed my .php

zx.php
sh.php
123482379874hjsdf8734.php
dsfjklsadjfklasdjfklads.php
ipbfirewall.php

When inspecting any files and you see any reference to ipbfirewall, this is not a real product or item, it's bad code left behind made to look like it belongs, so you can safely delete it.

Example of IPB_Firewall code that IS NOT FROM IPSif ( ! defined( 'IPB_FIREWALL' ) )
{
define('IPB_FIREWALL', 1);

/**
* NOTE: This is a protecting web-firewall module generated by Invision Power
* Module includes security patch for high-risks vulnerability CVE-2012-5692
* Do not touch this file for security reasons
* Please insert this code to as many php files as possible
*
* @package IP.Firewall
* @version $Revision: 9544 $
* @md5 e66e6cadd6e13efea54ed50c0eb2d32b
* @sha1 6966286d64352840245f5b2248545450
* @crc32 5f51554f5445225d293d3d2463732965
*/

These are most commonly placed in the root directory, /cache, /public /uploads or other areas.

3. Another thing to look for are odd folder names, you can again compare your folder structure from a fresh download of files to compare them, they will often create odd names directories or try to mimic an existing name as well. 

Here is what a standard folder/file structure looks like for the forum directory



Here is what a typical /cache folder looks like as well



4. If you see any odd files in those folders that do not belong, odds are they do not belong there, you can open the file to inspect the code as well to see if it looks like a legit file or not. Keep in mind if you have third party add ons or other apps installed, these can often also require other files. 

5. After you have cleaned up any bad files, the next step is a fresh file upload of the board and all apps that you have installed. You can download these from the client area, upload them via FTP, making sure to over write any and all existing files.

6. After that is done, log into your admincp, and you will see a "Furl cache out of date error" please click the option to "Rebuild Furl Cache" to correct that error. This is normal and due to the new files that were just uploaded.

7. Rebuilding HTML & CSS and Recaching your skins. Often times there will be an infection deep inside of your templates or code left behind, this is done via a direct file edit to your skin files, rebuilding and recaching will often clear this out. 

To do this select "Look & Feel" from the tabs, then select "Manage Skins and Languages" Then on the left side you want to select "Template Tools




You will then see an option to Rebuild Master Skin Data, select HTML & CSS from this and also all of your apps as below.




After that is completed, then select the Template tools again and now at the top select "Re-Cache Skin Set's"




8. Often times a offender will also dig into your language files and infect them as well, to correct this, select "Look & Feel" > Manage Languages, on the language pack effected, select the drop down menu to the right and then "Rebuild from XML" This will rebuild your language files for you. If you are using a third party or custom language file, please re-import the language pack to correct any issues.



9. Another common issue that I have seen is offenders modifying your .htaccess, conf_global.php, initdata.phpor index.php files and adding extra code to them for re-directs or other purposes, please inspect all of your .htaccess index.php and conf_global.php files for proper code. Over writing the new file set for the board files will correct the index.php and initdata.php files, however not the .htaccess or conf_global.php

10. The last thing you want to make sure of is that you have changed all of your admins passwords on your forum, your FTP access details, and any control panel access as well. In most cases I even recommend updating your mysql database password too. See your host for details on that if you are not sure how to update the mysql password.

11. Reimporting your hooks is another item that should be done as well, from the admincp > manage hooks > re-import all hooks

12. The last step is to run the tools from the system security area Admincp > System > System > Security Center

add to conf_global.php 

ini_set( 'memory_limit', '128M' );

IPS Community Suite 4 - Now Available

You can now purchase IPS Community Suite 4 or, if you are an existing license holder of IP.Board, you can download the upgrade as part of your license! Be sure to read this important information if you are upgrading from IP.Board 3.

IPS Community in the Cloud clients can simply submit a support request when you are ready to upgrade and we will take care of it for you.

• Sign Up Now
• Existing Clients: Go to Client Area

Background

Online communities are a huge part of the Internet. Millions of people around the world use online communities to connect with each other about the things that matter to them. At IPS, we've been facilitating this for over 13 years, working with some of the most amazing and interesting sites. Fan communities such as those provided by Warner Music Group and Live Nation for their artists, sports leagues such as the NHL for their fan communities or Bethesda Softworks for their games all use communities to bring fans together. Business like Evernote use communities to reach their customers on a more personal level. And specialist sites like FindLaw use communities to help people find the information they need. Every day new communities are born and we're thrilled at IPS to be involved with this amazing part of the Internet, a part that we feel makes the Internet great.

Two years ago we started on an ambitious project. We wanted to make our platform even better. We wanted to bring all of our applications together in a tightly-integrated suite with a modern codebase, gorgeous interface and unrivaled experience for users.

Philosophy

Being a web developer for a distributed application like the IPS Community Suite is an interesting position. The Internet moves very quickly: what looks good, works well and users will enjoy today might not tomorrow. Web development always needs to be modern, fresh and cutting edge to stay relevant. At the same time, a web developer needs to have understanding and respect for everything that has come before, and know what users expect. It’s no good creating a website that most people won’t understand how to use, or might not even work on some platforms. Over the years, we’ve seen a lot of projects rise and fall in popularity, and the ones that don’t do so well tend to fall into one of these two categories - either they fall behind and start to feel clunky, or overexcited developers get too carried away and create something that nobody wants.

At IPS, we don’t do either. We make a platform that is modern and both easy and fun to use and customize. In short, we make the best community platform available. This is the philosophy which underlies IPS Community Suite 4.

Features / Technology

IPS Community Suite 4 is designed for the modern web. The default theme is designed to be clean and simple both so it’s easy to use and simple for designers to expand upon. The design is also responsive meaning it looks great whether you’re on a desktop or a mobile phone, or anything in between (and we do that the right way: we don’t just remove things on smaller screens) and this is true not only for the front-end but even the administration control panel too.

Our editor supports drag-and-drop uploading, automatic media embedding, auto-saving and mentions. Every email the suite sends looks great no matter what client you’re using. These are just a few of the countless features that make IPS Community Suite 4 great.

Check out the full feature tour

The platform is built on modern, but solid, technology. We use PHP and MySQL because they run on pretty much every web server, but we use modern coding techniques within them like the namespacing, late static binding and closures provided by PHP 5.4, and we use HTML5 features like local storage and geolocation. And it’s coded well with meticulous care; things like valid HTML markup which doesn’t really matter to the average user, matters deeply to us.

Finally, it’s ready for communities of any size. You can use Amazon S3 for file storage. You can leverage caching technology, including memcached to page output caching for guests which can even mean most requests never even establish a connection to your database.

And that’s without mentioning all of the features which have always made IPS stand out, like the spam monitoring service, monetization, Sphinx integration and so on.

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Expansion Potential

But not only is IPS Community Suite great out of the box, its potential for expansion is huge, and there’s a great community of third party designers and developers working with us.

Tools for developers

The framework that IPS Community Suite runs on is powerful, but flexible and developers can get started with ease. It is possible to override any class anywhere in the entire framework using a technique called monkey patching, allowing customization of any aspect of the suite. Whole new applications can be created easily, using central classes for common concepts like content handling. And the framework is designed to be safe at low levels: output escaping for XSS protection (note, not input escaping, which is the wrong way round to do it) and prepared statements for SQL injection protection are handled at a low level, global basis, and customizations are sandboxed so an error in a customization cannot bring down the community.

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Tools for designers

Designers also benefit from a powerful designer mode that allows customization of HTML, CSS and other theme resources using local files so they can use their own code editors and tools. Designers can even create theme settings allowing end-users to customize even further. We also provide tools to allow designers to see the changes made to templates between versions so themes can be updated for new versions. Of course, for the less technically inclined, there is a powerful “easy mode” for creating themes allowing anyone to customize the look easily.

Tools for translators

Translators too can translate the IPS Community Suite easily. A “quick translation” tool allows any word or phrase to be translated just by clicking and holding to bring up a textbox, or an extensive list of all words and phrases can be browsed. Furthermore, we have been meticulously careful to use phrases throughout the entire suite that can be translated into any language with understanding of the differences many languages have with English such as grammar structure and pluralization.

All of these customizations can be exported with one click and distributed as a single file. To install an application, plugin, theme or language, users only need to upload a single file in the administrator control panel. No more uploading dozens of files with FTP.

Rapid Development

Perhaps though, the most significant thing about IPS Community Suite 4 is what comes next. We now have a solid platform for future development. With the new modern framework, new features and improvements can be written much quicker than ever before. In addition, we have been using new tools and techniques within our development team for faster development, testing and deployment of new releases.

For when a new release is ready, IPS Community Suite 4 includes a powerful delta upgrade system: no matter what version you are on, you can download an upgrade package for the latest version - this includes only the files you need, so upgrading is quick and painless.

With these three significant improvements (to the framework, to our development processes and to the upgrade process for users) we have been able to adopt a much more rapid release cycle. A more streamlined process also allows us to be much more open about our future plans. The benefits of this have already been seen: since releasing IPS Community Suite 4, we have already added several new features. And this is just the beginning.

Conclusion

IPS Community Suite 4 has been a huge project. It’s an amazing experience to see the communities that have already upgraded - the countless hours of planning, discussions, whiteboard drawings and thousands of lines of code come that have come together in this incredible platform already spawning online communities of all genres. We’re hugely excited to see the many more to come.

View the full article

http://www.google.com

Testing

http://www.google.comtest url

IP.Board 3.4.8 is now available in the client area

This is a maintenance release to consolidate security updates released since 3.4.7, release additional security updates, and fix some minor bugs impacting many clients. We recommend you upgrade to ensure you have all security updates in place.

You can download in the client area and upgrade as normal.

Support Notes

IPS will no longer provide upgrade services for self-hosted licenses on the 3.x series. You can do the upgrade yourself (it's very easy) but our support will only do upgrades for you to IPS Community Suite 4. If you are a IPS Cloud client we will still do the upgrades for you.

IP.Board 3.3.x and related apps will no longer receive any support or security updates after 1 January 2016. IP.Board 3.4.x and related apps will no longer receive security updates after 1 April 2017.

View the full article

By default OSX finder will hide any .xxx files, to change this from the following from terminal or your ssh app. 

defaults write com.apple.finder AppleShowAllFiles YES

AWS S3 Permissions as follows

"s3:GetBucketLocation", "s3:GetObject", "s3:DeleteObject", "s3:GetObjectAcl", "s3:ListBucket", "s3:ListBucketVersions", "s3:ListMultipartUploadParts", "s3:PutBucketNotification", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl", "s3:RestoreObject"

View the full article

Add to constants.php

<?phpdefine( 'NEXUS_TEST_GATEWAYS', TRUE );

To by pass or raise the limits on prompting for manual queries to be ran on upgrades to 4.0.x, add the following to your constants.php file.  Replace the numbers as needed.

<?phpdefine( 'UPGRADE_MANUAL_THRESHOLD', 450000 );define( 'UPGRADE_LARGE_THRESHOLD', 450000 );

http://rubentd.com/img/banana.gif

If you need to set a cookie domain in IPS4, add this to your constants.php (where x=cookiedomain)

define( 'COOKIE_DOMAIN', 'x' );

$INFO['sql_socket'] = '/tmp/mysql5.sock';

Test

http://www.12voltdata.com/forum/viewtopic.php?t=9772#p47388

http://maestro.idatalink.com/product/product/product_id/102

03-20-2015

We are releasing a patch for IP.Board 3.3.x and 3.4.x to address an SQL injection issue.

It has been brought to our attention that specifically crafted URLs may allow an attacker to trigger an SQL error with specific configurations.


To apply the patch
Simply download the attached zip for your IP.Board version and upload the files to your forum server.

IP.Board 3.4.x:

  patch3122015.zip

IP.Board 3.3.x:

  patch3122015_33.zip


If you are an IPS Community in the Cloud client running IP.Board 3.4 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.4, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.7 after the date and time of this post, no further action is necessary as we have already updated the main download zips.

View the full article