Currently we can have every single link nofollowed, or none at all. Can we have the ability to at least allow links posted by admins or specified groups to be followed?
My help forums are part of my own site, and when answering questions I more often than not post a link to a relevant article on my main site. I don't want these links to show up as not trusted, they are my links and I whole heartedly trust them.
Having said that, I'm not keen on setting my forums so that every single link is followed for obvious reasons. I need to be able to make my own links normal, and links by members "nofollow". I can always manually nofollow a link if appropriate.
There must be hundreds of thousands of admins and moderators on forums who post links to trusted places or pages created by themselves who want the freedom to have those links be genuine recommendations of those pages. The current all or nothing option is a bit of a blunt instrument.
Yes clarification would be a good compromise. I'm definitely not stupid and I got confused. People are often busy and scan messages for the gist of it.
I don't agree that you can't allow such messages to be dismissed though. People don't need that amount of mollycoddling. If they are responsible enough to be running and controlling a forum, with all the complicated settings and decisions to make then they are more than capable of dismissing a message. If possible an "Are you sure" confirmation window requiring a second click should be enough. It seems a blunderbuss approach to display a message for potentially weeks after the user has fixed the problem. Also, what if they start to tune it out and another important message needs bringing to people's attention and they don't read it?
Hi Michael. I can see how technically it can mean that, I think it isn't really that clear. As ip.board is capable of checking files (as it does with many of the security tools) it isn't clear enough that the system isn't reporting the security issue because it's detecting the vulnerable file version - especially as the message only appears after a second or so which gave me the impression it was checking.
It would be a big improvement if the warning was much clearer in declaring it is just an automatic (dumb) warning that will continue to warn even when the security fix has been carried out.
Thanks for your reply Ryan. When I refresh the page, or revisit the dashboard from elsewhere, the page loads without the message and the message appears after about a 1 second delay. This gives the impression the dashboard is checking which version of the file I have and reporting on it.
If the message is just automatically blasting out the warning unaware if the security issue has been fixed or not surely it should contain information that this is the case? Otherwise why wouldn't many people become confused and wonder if they've applied the right patch or if something's gone wrong?
The message should either say it has detected the board is running with the vulnerable file, or it should say after the warning, "You can ignore this warning if you have already updated the file".
Either something's wrong with the security patch notification system or it's totally misleading.
I logged into my control panel just now and got the following warning
IP.Board Bulletin It has come to our attention that a security issue is present in IP.Board. We strongly recommend that you follow the link below for instructions on how to patch your community if you have not already done so.
I immediately downloaded the correct patch (V 3.3.4) and uploaded the new file to /admin/sources/base whereupon the message disappeared when I refreshed the page. Very pleased with myself I was just about to move on when seconds after disappearing the warning re-appeared.
Bugger, I thought, I must have done something wrong. So I double checked everything and replaced the file again. Same thing happened, so this time instead of overwriting the file I deleted it first, then uploaded the new one but the warning still reappeared.
After triple checking everything I had to conclude either the new file hasn't fixed the security issue - or (more likely) the warning is not actually detecting I have the vulnerable file at all and just blindly repeating the warning despite it being fixed by me.
Is the warning system faulty? Is the file not fixing the issue? Or is it simply that the warning appears to users as though it's detected the vulnerable file but in fact it's no idea and is just slavishly reporting the issue oblivious to the fact it's being sorted?
I appreciate it must be frustrating when non programmers expect things can be done easily but you do have to explain why something is impractical to be fair. It will be great if you can come up with something.
My main concern has always been about the ambiguity of the "There is no new content" statement given to users. The link promises to let users "View New Content" but it reports only on a specific type of content determined by where a user last visited yet gives a seemingly categorical "No new content" result instead of specifying no new "articles" or no new "forum posts" etc. It assumes all users know how the system works, but people who aren't knowledgeable about how ip works may well just see the no new content statement and leave.
Hi I would expect it to access the boxes one at a time and present the results. If I go to the View New Content page it checks where I was last time (forums or articles etc) and fetches the latest content to match. If it shows content from say the forums and I click on Articles in the left filter box it instantly fetches any new articles. I'm not understanding why it can't simply forget worrying about where I was last time and just fetch new forum posts, display them and then either fetch new articles and display them underneath or at least count how many there are and display "x new articles" which can be clicked and fetched instead of just stating there is no new content.
Looks interesting thanks. My concern would be though that many people visiting an ip.content ip.board would just click the "View New Content" link and see "No New content" when there is.
I still don't understand what could be so difficult about this. There are only really two forms of content 99% of people would be interested in, new forum posts and new articles. If I've created a couple of new articles most people clicking the View new Content link who had been looking in the forums the last time they visited will see there is NO new content - but there is - my 2 new articles.
Conversely anyone who read an article last time they visited will be told there is no new content when there is in fact several new posts on the forums.
All the system has to do is when someone clicks the "View New Content" link is produce a page with the new forum posts and the new article posts. At the very least it could work they way it currently does but at least advise there are no new articles/forum posts but there are some new forum posts/articles instead of relying on (and forcing)people to realise they have to change the preferences on the left side.
Thanks ZackL. I do have the spam prevention on. Thanks for the heads up on how to look at the individual settings for allowing status updates.
My point is though, why would it be considered OK to let non verified members post status updates? Surely the whole point of forcing a verification system is that by default, unless verified correctly, any new member is a suspected spammer?
Also, do you have any idea how they managed to post html links in their status but me and Eric can't? I have a full administrator account and I cannot put a link in my status yet these unverified members could.
I'm not 100% sure Eric, it's possible tech support turned off the ability to use html in the status for everyone when they turned it off for unvalidated members. I can't see why they would have thou so it's possible what you say is correct.
All I know for sure is that by default, anyone, or any spambot can register as a member, they can leave their account unvalidated, but fill in their status with spam links to porn sites as they did on my ip.board (with ip.content) and if set to show status updates (as mine was) these spam links will be displayed on the home page.
Technical support confirmed to me that this is how it is set up by default, which is totally unacceptable.
Funnily enough Eric I've had exactly the same problem, tried to put a link in myself. I tried BB and HTML but neither work. When I brought the spammers to tech support's attention they sad the ability to post html in a status by unvalidated members is turned ON by default. They turned it off for me and I can't find how to turn it on for myself.
However, I'm pretty disappointed that no one has from IPS has replied to this thread because the idea that it's OK to let spam accounts post html links in their status when they can't even validate is surely a security concern that needs fixing?
I'm running ip.board & ip.content, and recently noticed 2 sets of nasty spam links displayed on my front page via the Recent Updates display.
I was bemused to see that both these status's were from "members" who had not validated. I was also surprised to find out from tech support (who give great service by the way - thanks) that by default, unvalidated members are allowed to post any rubbish in their status, which will then be displayed in all its glory on the front page.
By default, unvalidated members are not allowed to do most things and rightly so. Why are they allowed to circumvent sensible precautions by posting html links in their status?