• Content count

  • Joined

  • Last visited

  1. Thanks, I am the only admin for the board so all emails would come to me regardless. It's not a major thing, I just found it a bit strange.
  2. The emails are essential but it wouldn't be hard for the system to note that the report was made by an admin, and therefore it would be nice to have the option of not receiving emails about your own activity if you are an admin.
  3. Hello, I recently had a dozen spammers create accounts and I clicked the Flag as spammer button on them all so they would be deleted and banned. I then received a dozen emails telling me "someone" had reported these accounts as spammers. As I was logged in as root administrator I did not expect to be notified of something I myself did. Shouldn't there be an option to not notify admins of actions they themselves have done? It seems pointless?
  4. Currently we can have every single link nofollowed, or none at all. Can we have the ability to at least allow links posted by admins or specified groups to be followed? My help forums are part of my own site, and when answering questions I more often than not post a link to a relevant article on my main site. I don't want these links to show up as not trusted, they are my links and I whole heartedly trust them. Having said that, I'm not keen on setting my forums so that every single link is followed for obvious reasons. I need to be able to make my own links normal, and links by members "nofollow". I can always manually nofollow a link if appropriate. There must be hundreds of thousands of admins and moderators on forums who post links to trusted places or pages created by themselves who want the freedom to have those links be genuine recommendations of those pages. The current all or nothing option is a bit of a blunt instrument.
  5. Yes clarification would be a good compromise. I'm definitely not stupid and I got confused. People are often busy and scan messages for the gist of it. I don't agree that you can't allow such messages to be dismissed though. People don't need that amount of mollycoddling. If they are responsible enough to be running and controlling a forum, with all the complicated settings and decisions to make then they are more than capable of dismissing a message. If possible an "Are you sure" confirmation window requiring a second click should be enough. It seems a blunderbuss approach to display a message for potentially weeks after the user has fixed the problem. Also, what if they start to tune it out and another important message needs bringing to people's attention and they don't read it?
  6. Hi Michael. I can see how technically it can mean that, I think it isn't really that clear. As ip.board is capable of checking files (as it does with many of the security tools) it isn't clear enough that the system isn't reporting the security issue because it's detecting the vulnerable file version - especially as the message only appears after a second or so which gave me the impression it was checking. It would be a big improvement if the warning was much clearer in declaring it is just an automatic (dumb) warning that will continue to warn even when the security fix has been carried out.
  7. Thanks for your reply Ryan. When I refresh the page, or revisit the dashboard from elsewhere, the page loads without the message and the message appears after about a 1 second delay. This gives the impression the dashboard is checking which version of the file I have and reporting on it. If the message is just automatically blasting out the warning unaware if the security issue has been fixed or not surely it should contain information that this is the case? Otherwise why wouldn't many people become confused and wonder if they've applied the right patch or if something's gone wrong? The message should either say it has detected the board is running with the vulnerable file, or it should say after the warning, "You can ignore this warning if you have already updated the file". Andy
  8. Either something's wrong with the security patch notification system or it's totally misleading. I logged into my control panel just now and got the following warning IP.Board Bulletin It has come to our attention that a security issue is present in IP.Board. We strongly recommend that you follow the link below for instructions on how to patch your community if you have not already done so. I immediately downloaded the correct patch (V 3.3.4) and uploaded the new file to /admin/sources/base whereupon the message disappeared when I refreshed the page. Very pleased with myself I was just about to move on when seconds after disappearing the warning re-appeared. Bugger, I thought, I must have done something wrong. So I double checked everything and replaced the file again. Same thing happened, so this time instead of overwriting the file I deleted it first, then uploaded the new one but the warning still reappeared. After triple checking everything I had to conclude either the new file hasn't fixed the security issue - or (more likely) the warning is not actually detecting I have the vulnerable file at all and just blindly repeating the warning despite it being fixed by me. Is the warning system faulty? Is the file not fixing the issue? Or is it simply that the warning appears to users as though it's detected the vulnerable file but in fact it's no idea and is just slavishly reporting the issue oblivious to the fact it's being sorted?
  9. They don't for me and Eric, Makie. They just display the code whether it's BB or html
  10. Hi Zack. Tech support told me "I have adjusted your "validating" group permissions and removed the ability to post status updates, this was turned on for this group by default." When I expressed my surprise that this was on by default he agreed it should probably not be...
  11. Thanks ZackL. I do have the spam prevention on. Thanks for the heads up on how to look at the individual settings for allowing status updates. My point is though, why would it be considered OK to let non verified members post status updates? Surely the whole point of forcing a verification system is that by default, unless verified correctly, any new member is a suspected spammer? Also, do you have any idea how they managed to post html links in their status but me and Eric can't? I have a full administrator account and I cannot put a link in my status yet these unverified members could.
  12. I'm not 100% sure Eric, it's possible tech support turned off the ability to use html in the status for everyone when they turned it off for unvalidated members. I can't see why they would have thou so it's possible what you say is correct. All I know for sure is that by default, anyone, or any spambot can register as a member, they can leave their account unvalidated, but fill in their status with spam links to porn sites as they did on my ip.board (with ip.content) and if set to show status updates (as mine was) these spam links will be displayed on the home page. Technical support confirmed to me that this is how it is set up by default, which is totally unacceptable.
  13. Funnily enough Eric I've had exactly the same problem, tried to put a link in myself. I tried BB and HTML but neither work. When I brought the spammers to tech support's attention they sad the ability to post html in a status by unvalidated members is turned ON by default. They turned it off for me and I can't find how to turn it on for myself. However, I'm pretty disappointed that no one has from IPS has replied to this thread because the idea that it's OK to let spam accounts post html links in their status when they can't even validate is surely a security concern that needs fixing?
  14. Greetings. I'm running ip.board & ip.content, and recently noticed 2 sets of nasty spam links displayed on my front page via the Recent Updates display. I was bemused to see that both these status's were from "members" who had not validated. I was also surprised to find out from tech support (who give great service by the way - thanks) that by default, unvalidated members are allowed to post any rubbish in their status, which will then be displayed in all its glory on the front page. By default, unvalidated members are not allowed to do most things and rightly so. Why are they allowed to circumvent sensible precautions by posting html links in their status? Can this ability be turned off by default please?