IPS Company Blog

IPS Converter Update

Mon, 29 Apr 2013 12:00:00 +0000

We are pleased to announce an update to our popular converter application and with it support for conversions from vBulletin 5 Connect.

This release has been particularly focused on converter stability and performance improvements. At the time of writing there are 0 open bug reports in the bug tracker.

Performance Improvements

Whilst data integrity will always be our number one priority we do often review and apply performance improvements where appropriate.

In a previous release we introduced a feature that would significantly reduce the time taken when selecting data from the source software but this was only applied to a select few products. We are happy to report this change has now been applied across all converters. For the technically curious, this eliminates the need to use expensive LIMIT clauses with high offsets when converting forums with large amounts of posts.

Additionally we identified a few areas that would benefit from extra indexes particularly in the area of looking up relational content.

Software Specific Improvements

Support for vBulletin5 Connect is now available and the following items are converted - Permissions, Groups, Members, Passwords, Forums, Topics, Posts, Attachments, BBCode, Profile Fields, Emoticons, Moderators, Friends, Ignored Users, Reputation, Ranks, Warn Logs

The Ning converter has been greatly overhauled and now works much more reliably.

Considering switching to IPS?

Now is a great time to switch to IPS. We have a full community suite of products and a great resource community in the Marketplace. For a limited time through May 15 you can use the coupon code SWITCH at checkout to take 10% off your order. Feel free to email sales@invisionpower.com with questions or post in our pre-sales forum to get feedback from other clients.

IPS Marketplace Update

Sat, 20 Apr 2013 11:30:00 +0000

The IPS Marketplace is the place to go for plugins, skins, language packs, full applications, and other resources provided by the IPS community. Some resources are free and some have a small fee. It's a great way to find ways to personalize your community and expand its functions.

Some updates...

I wanted to share some general statistics on the Marketplace (yes, I'm channeling Apple here). Yesterday we reached a great milestone:

Since its inception, we have paid out over $250,000 to contributors. Yes over a quarter million dollars has been paid out to those that sell resources in the Marketplace!

What's even more exciting is the growth we are seeing. In fact over 40% of that total payout was done just this year! Because I love any excuse to play with Excel here's a chart showing growth trend:

We also now have over 500 individual contributors that are providing both free and paid resources in the Marketplace.

Improvements coming soon

We are in the process of doing some cleaning up to make resources easier to find. Expect to see new categories based on what things do (moderation tools, promotion, utilities, etc.) rather than what they are (hook, mod, app, etc.) which we think will make finding resources for your community even easier.

A new ability to allow us to feature more than one resource at a time has already been launched.

Take a moment to browse the IPS Marketplace and see if there are any resources that would benefit your community. If you find one don't forget to thank the contributor!

Monetize your traffic with VigLink

Sat, 20 Apr 2013 11:21:00 +0000

IPS is always looking for ways to assist our clients in monetization and promotion of their community traffic. After we saw so many clients successfully using VigLink on their community we decided to bundle it directly in the AdminCP under the Community Enhancements section. Since then many clients have reported success in using their service. Many clients have also since looked into other monetization options and have started to really grow.

Information from VigLink:

VigLink is a content monetization service used by tens of thousands of publishers. While most monetization services focus on the traffic you receive - usually by displaying ads that distract and interrupt - VigLink is focused on the traffic that’s already leaving your community. Here’s how it works: Often your communities will post links to retail sites like eBay or Amazon. With VigLink, clicks on these links are automatically monetized. There’s no change to the user experience. It’s simple: when a user clicks and purchases something, you earn a commission. Through their relationships with over 30,000 merchants, including over 90% of the top 500 affiliating retailers on the web, VigLink automatically monetizes more links than any relevant competitor. Because of their size and success they have negotiated spectacular commissions with some of the top merchants. If you or your community already posts affiliate links or uses any other form of monetization, VigLink will not interfere.

To further increase your revenue, VigLink also offers Link Insertion, a technology that can automatically create links when brands, products, and stores are mentioned. These links are normal, everyday links, except for the fact that they can earn you money. For example, if a user posts about a camera they are thinking of buying, VigLink can detect the product mentioned and link it to a retailer that pays top commissions. Typically, publishers get more than half of their earnings from this technology.

There are others who try to offer similar technologies, however we have selected to integrate with VigLink because of their superior technology, performance, and customer service, especially among discussion-based communities. The largest network of its kind, VigLink processes billions of page views and over three hundred million clicks every month.

If you want to give it a try simply visit your AdminCP and click Community Enhancements to turn VigLink on and start earning. IPS does benefit from this relationship however we do not take any of your commission of course.

Tier II Support Vacancy

Tue, 02 Apr 2013 02:51:19 +0000

IPS is seeking a knowledgeable and experienced individual to join its support team in an advanced support capacity.

Successful applicants will be responsible for answering general support tickets, including providing customers with information, troubleshooting issues not resolved as part of the general product support process and performing maintenance. You would be expected where appropriate to interact with other technicians and developers to resolve issues.

Requirements:

* Must be familiar with IPS applications.
* Must have advanced knowledge of PHP and MySQL.
* Must be able to effectively work remotely.
* English must be your primary language and you must possess strong verbal and written communication skills.

Preferable, but not required:

* Knowledge of server administration and experience working for a web hosting company.
* Knowledge of additional web technologies such as JavaScript, CSS, XML, etc.
* Experience of working in customer support.
* Experience working with the codebase or creating hooks/apps in the IPS Suite

Working hours are flexible and pay will be based on knowledge and experience. Due to the nature of the position, we require all applicants to be physically located in the United States. No exceptions to United States residency requirements.

Please contact hr@invisionpower.com for more information on this position. Please include your salary requirements, availability and an overview of your experience.

We look forward to hearing from you!

IPS Social Suite (4.0)

Wed, 20 Feb 2013 14:00:00 +0000

While we introduced some of our basic plans for 4.0 many months ago, we wanted to touch base again on some of these plans and expand upon some of our motivations behind decisions we have or will make for our upcoming 4.0 software release.

Before we get too far, let me just state now that there is no expected (or even estimated) release date for 4.0 yet. While we always have internal guidelines, timeframes and milestones, we do not communicate these publicly until we are absolutely sure they are as accurate as possible. The 4.0 Suite will be a major overhaul, effectively a rewrite of most areas from the ground up, and there are many factors that can affect delivering within expected due dates.

You may also have noticed the title of this blog entry uses a term for the suite you may not have seen used previously. We have decided to name the 4.0 Suite (which we will often refer to as "4.0 Suite" or "Social Suite", informally), officially as the IPS Social Suite. We feel that as we expand our line up and remove community-related dependencies, it is important that our main product release reflect the fact that our software can power more than just traditional communities.

Formalities out of the way now, here are a few of our driving motivations behind 4.0...

Modernize the interface
The skin delivered for 3.0 and again for 3.2 was great, but several years have since passed. It is time we modernize the user interface in our software lineup once again. Features have been added, trends on the web have shifted, and technologies have advanced. Some specific points you may be interested to know:

All areas of the suite will support the mobile interface.
We are heavily investigating using a "response design" for 4.0.
We will be switching to jQuery
We will be embracing HTML 5 fully

Modernize the underlying codebase
While 4.0 will not technically be a "complete rewrite", most of the underlying codebase will be rewritten in some manner, and all of the code will at least be updated to work within the new framework we are developing. There is a lot to go over for those of you who may be interested in the developer side of things, and I'll point you to the right place later in this entry, but as a general outline here are some things you can expect to see:

PHP 5.3 will be the minimum supported version of PHP
MySQL 5.0.3 will be the minimum supported version of MySQL
IP.Board will fully utilize namespaces in PHP
The entire directory structure, class naming structure and more will be completely overhauled
Applications will truly be self-contained within their own folders (currently javascript, skin and language files, for instance, are scattered throughout miscellaneous directories)
The entire code base will be modernized. More use of formal design patterns will be employed, where appropriate. Dumping ground classes (such as IPSLib) will be avoided at all costs. More consistency between how applications implement functionality will be seen. Naming conventions will be more consistent.
The way hooks work will be completely rewritten, making things simpler for us and for developers, and making hook usage behind the scenes more reliable (no more loadLibrary calls - everything is handled automatically by the framework instead).

Make things more consistent
We are also working towards making all of our applications more consistent. The approach to this actually has much more to do with planning and how we approach new functionality than it does any specific technical aspect of software development. In a nutshell, we will have one "suite" release moving forward starting at 4.0. Every application will be on the same versioning system and share the same version number, and every release will include every application (although you will only have access to the applications you have purchased, of course). What we will do as we implement new features is implement new functionality suite-wide from the start. If we were to add a new feature to 4.0, we would not add the functionality to the forums and then roll this change out to other applications as they see updates. Instead, we will be implementing changes suite-wide from the start, which has several benefits:

From a user standpoint, the software will be more consistent. You won't have situations where a feature is available in Application X but not in Application Y.
From a technological standpoint, we will be forced to implement functionality in an optimal manner where it can be utilized by all areas of the suite. There will be less application-dependencies for features that are intended to be suite-wide. There will be much, much less duplicated code as features will be designed from the start to work in multiple areas.
Point #2 above will also benefit modders - APIs will be much more robust, yet more generic and reusable, for features implemented suite-wide rather than features implemented for one application and then shared across others.

Beyond changing our approach to functional changes in the software itself, we will also be focusing on consistency while redesigning the interface, and throughout every facet of development of 4.0.

Want to hear more specifics?
We have recently launched our new development blog where we will routinely be posting about the nitty-gritty of our day to day development duties here at IPS. While this blog is not at all intended to be specific to the development of 4.0, you will find us posting about upcoming changes and decisions made in 4.0 quite regularly. We welcome you to follow The Development Channel blog if you are interested in reading about these changes. If not, don't worry - any major announcements will be blogged about here in our company blog as well in due course.

If you aren't sure, just to be clear....development of 4.0 is definitely underway. A lot of planning and discussion took place prior to ever writing a single line of code for 4.0, however we are definitely working on 4.0 now and you will likely see blog entries about upcoming changes before long. Stay tuned!

IPS Development Channel Blog

Tue, 12 Feb 2013 01:32:00 +0000

We have launched our new blog The Development Channel to allow our development staff to more frequently update our clients on everything that goes on behind the scenes. From the technical aspects, to fun insights, and new feature announcements you can follow The Development Channel to follow our software being made.

Auto-Upgrader

Thu, 06 Dec 2012 14:21:00 +0000

Last year, we added an auto-install/upgrade tool into our client area. The tool would upload the latest version of the IPS Community Suite to your server automatically.
The way it worked was after submitting the request, you were entered into a queue, and a program on our server uploaded the files, and emailed you when it was done so that you could run the upgrader script. It normally took about 30 minutes.

30 minutes is pretty good. For someone without the technical knowledge to upgrade, it's a great alternative to asking for a support agent to do the upgrade for you (especially just after a release when everyone is doing just that). However, many users still prefer to do the upgrade themselves (after all, if you can download the source files and upload them to your server in the same time, what's the point?).

We decided we should try and get that time down. We also wanted the process to be much more seamless - so you click "Upgrade", get a loading screen, and then are taken immediately to the upgrade script when it's done, rather than waiting for an email.

Interested to see how fast we managed to get it? Take a look for yourself:
Watch Video

In addition, the system can now handle communities that have renamed their admin directory seamlessly without issue (it previously reset to /admin), and the system will automatically detect which encoding of IP.Nexus to use for your server, if applicable (previously it would only use Zend).

We really hope the Auto-Upgrader will provide a much easier way for you to keep your community up-to-date with the latest features and enhancements.

If you've not already upgraded to IP.Board 3.4, why not go and try it out now? To access the tool, simply go to the Purchases area of the client area, select the community you want to upgrade and click the big "Upgrade Now" button.

IPS Converter Updated and Switch Promotion

Tue, 04 Dec 2012 22:16:00 +0000

We are happy to report some really dramatic improvements to the IPS Converters. If you have been considering switching to IPS from another community software now is the time.

Performance Improvements

One area for improvement we focused on was the overall time it took to do a conversion. Doing a conversion is always going to be a time consuming process as it involves translating all of your data from your old format to IPS format. But we have made two big improvements:

MySQL queries, where possible, now do one 'extended' query rather than thousands of smaller queries. This means your data is fetched in one, large batch and stored rather than many smaller batches.

The member conversion routine has been sped up dramatically. Some test conversions are seeing an 80% speed increase on members alone.

Example statistic: 15 million post community converted 1000 posts a second and about 800 topics a second. Converted completely in 4 hours. The old converter could take more than a day to do the same. That's a huge improvement!

Software Specific Improvements

vBulletin Subscriptions now directly import to IP.Nexus
Gallery 5 support
Photopost 8 support
XenForo 'likes' converted.
XenForo personal conversations converted.
vBulletin conversions now use the same forum/topic/post/member IDs on IPS Community Suite. This is great for SEO.

Feedback Appreciated

We are continuing to work on improvements to our converters. If you perform a conversion please submit a ticket and let us know of any issues you might experience so we can assist you.

Special Switch Promotion

If you are considering switching to the IPS Community Suite we would welcome you as a new IPS client. We are happy to provide 10% discount on new license purchases using the coupon code SWITCH at checkout. This coupon code is valid until 15 December 2012.

With the recent release of IP.Board 3.4 now is a great time to take another look at IPS!

IP.Board 3.4 Dev Update: Anti-spam Enhancements

Tue, 20 Nov 2012 13:13:00 +0000

It's an unfortunate fact that when you run a successful site, you attract unwanted users posting spam on your site. IP.Board has always been incredibly pro-active in preventing spam users from signing up by making use of built in tools such as the question and answer challenge, spam monitoring service and CAPTCHA systems.

I'd like to take a moment to talk about some enhancements we've made in IP.Board 3.4.0 to help prevent unwanted posts and spam.

Spam Monitoring Improvements

We've further enhanced the spam monitoring service in IP.Board 3.4.0 by adding a new option: "Do not permit the user to register an account". This reduces the amount of clean up you need to do after a new wave of attempted spam user sign-ups.

Furthermore, the "flag a member as a spammer" tool optionally deletes posted content rather than simply hiding them further reducing the amount of work needed to maintain your community.

We have also totally reworked our spammer-detection logic behind the scenes to make the spam monitoring service detect spammers more quickly. In addition to internal changes, we are also looking at direct integration with services like Project Honey Pot and others. The great thing about the spam monitoring service is that we can make improvements on our side that are instantly beneficial to your community.

keyCAPTCHA Integration
IP.Board has made good use of the popular reCAPTCHA service to limit the number of "bots" that sign up to your forum with the intent of posting spam. The idea being that a slightly jumbled selection of letters is easy enough for a human to read but more difficult for a computer program. However, some do find that the CAPTCHA images are becoming increasingly complex to keep up with more intelligently written programs to defeat them.

KeyCAPTCHA takes a novel approach to this problem by using images instead of letters and numbers. You simply arrange a few large pieces of a very simple puzzle to complete an image.

You don't need to be completely accurate when building the image, either.

This is now an option in the IP.Board Admin CP. Should you wish to enable it, you'll need to register an account with keyCAPTCHA. The link for this is contained in the setting form and is very straight forward.

As always, we look for new ways to help make running your community a little easier and we look forward to helping you keep those spammers at bay!

Securing your community

Sat, 17 Nov 2012 05:56:00 +0000

There has been much confusion over the recent exploit reported to us and subsequently patched. I would like to personally apologize for any confusion and inconvenience caused. We have conducted a review and made appropriate changes to our policies to ensure a smoother release and notification schedule for any future incidents.

With that said, it is very important to note that while an IP.Board vulnerability did exist, its impact would have been minimal, if not non-existent on servers that have their PHP installations properly secured. I would like to touch on a couple of basics to minimize the effects of future vulnerabilities not only in IP.Board, but any other PHP application you may be using on your website.

open_basedir

It's very important that you (if you manage your own web hosting server) or your web host enable open_basedir. In a shared hosting environment without open_basedir, an attacker has the ability to exploit a vulnerability, perhaps on another customer's account, then use that vulnerability to scan for other customers on the server. From there, they could gain access to config files containing database details, write malicious files to world-writeable directories and a host of other ill-willed activities. Enabling open_basedir "locks" all internal PHP functions such as readfile() to the specified path, which is generally a temporary directory and your home directory.

disable_functions

While open_basedir is a very positive step in securing your PHP scripts, there are unfortunately instances in which it can be bypassed and this is how the recent IP.Board vulnerability gained ground so quickly. For example, the exec(), system() and passthru() functions allow a command to be issued directly to the operating system to view key system files, navigate through other users' web root directories, install 'remote shell' scripts into other users' directories, etc. without any regard to other restrictions such as open_basedir. For this reason, disable_functions should be set to disable system level functions. For example, this is a recommended disable_functions:

disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system

You or your host may need to tweak to suit, but at a minimum, execution commands should be disabled.

Following the above, you will not necessarily create a fool-proof environment, but you will have additional reassurances that you or your host have taken appropriate measures to better secure your PHP applications.

For those that run a cPanel/WHM server you may enable open_basedir by visiting WHM and clicking the "PHP open_basedir Tweak" link under "Security Center" then clicking enable.

You may modify the disable_functions line by visiting WHM and clicking "PHP Configuration Editor" under "Service Configuration" then clicking "advanced" and searching for "disable_functions"

If you are unsure or do not have the necessary permissions to carry out these tasks, please do contact your host. You are free to link them to this blog entry as well.

I hope this helps better explain the recent security concern and what you can do to help protect yourself and your users in the future. As always, please feel free to contact us with any questions or concerns you might have. Thank you for your cooperation and understanding.