• Content count

  • Joined

  • Last visited

About Joriz

  • Rank
    IPB Newbie

Recent Profile Visitors

8,464 profile views

Joriz's Activity

  1. Joriz added a comment on a blog entry: IP.Board 3.3.x, 3.4.x Security Update   

    Also didn't notice that this was a new update due to the same title.
    It's a shame that IPB doesn't update the version number when a security update is released. By this you can easily check if you're running the latest version.
  2. Joriz added a post in a topic: SSL certificate to the IP.Chat server   

    Looking forward to see IPS4 Chat with SSL.
    We also modified our url structure in PublicOutput.php to make the chat work via http:// and many other pages via https://
    Please notice if you make your forum work via a secure connection (https://) that visitors in most cases will get mixed content warnings in their browser because many external elements such as added images by the members are hosted at third parties who don't support SSL.
  3. Joriz added a post in a topic: I think I dun goofed.   

    Can you provide some more information? Can you see with the debugger in your browser what is actually happening when you try to login?
    Please notice you can also report bugs in the bug tracker .
  4. Joriz added a comment on a blog entry: IP.Board 3.3.x, 3.4.x Security Update   

    It seems that the changes in core.php in IPB 3.3.x break embedded videos from YouTube, Vimeo, etc...
    The iframe part seems to break all embedded media video's when you edit a post with a media video.
    if ( $fixScript ) { $txt = preg_replace( '#<(\s+?)?s(\s+?)?c(\s+?)?r(\s+?)?i(\s+?)?p(\s+?)?t#is' , "&lt;script" , $txt ); $txt = preg_replace( '#<(\s+?)?/(\s+?)?s(\s+?)?c(\s+?)?r(\s+?)?i(\s+?)?p(\s+?)?t#is', "&lt;/script", $txt ); $txt = preg_replace( '#<(\s+?)?i(\s+?)?f(\s+?)?r(\s+?)?a(\s+?)?m(\s+?)?e#is' , "&lt;iframe" , $txt ); $txt = preg_replace( '#<(\s+?)?/(\s+?)?i(\s+?)?f(\s+?)?r(\s+?)?a(\s+?)?m(\s+?)?e#is', "&lt;/iframe", $txt ); } Please notice that a check for script is always good and a script should never be embedded in a user post.
  5. Joriz added a comment on a blog entry: IP.Board 3.3.x, 3.4.x Security Update   

    Some issues with the new classPost.php and classPostForms.php on IPB 3.3.4. I get white pages and are not able to post.
    I compared the files and just applied some fixes I felt necessary. Most webservers also check for exploits and XSS when making use of mod_security, Suhosin and other security additions.
  6. Joriz added a post in a topic: Fastest software to date?   

    Great to hear that the community forum is the biggest test for IPS4. Even with cache disabled everything seems to work fine and fast from the Netherlands.
    So I'm really looking forward to experience the new software at full speed with more optimizations and caching enabled.
  7. Joriz added a post in a topic: Thank you for moving to 4.0   

    Looks great. Can't wait to update my own community to IPS4, although we also need to do a lot of testing and rebuilding hooks and modules before we can also enjoy IPS4.
  8. Joriz added a post in a topic: The New Account Security question   

    Why do I need to change my password to login via the forget password procedure and why do I have to add 'security' questions? This almost seems there has been a leak. Is there something IPS is not telling me?

    If you guys really value security you should look at Two-step Authentication (eg. Google Authenticator) . It is very easy to integrate in your website and it is actually an extra layer of security because somone actually has to fysical steal a device from you such as your phone or token generator and have to know your password to login. This is very unlikely.

    What is likely someone guessing or just Google'ing or check your Facebook for the 'security' answers. It is really easy to find stuff as which movie I like (is on my Facebook) and what my mothers name is. That's why I use fake questions and fake answers and just write them on a piece of paper (also not that secure).

    I hope IPS really take a second look at the security. All those horror stories about peoples there Apple/Paypal or Twitter account being hacked has been done thanks to social engineering and just simply Google'ing the answers to security questions. I really think security questions give a false sense of security!

  9. Joriz added a post in a topic: [Feature request] Add a "date" timezone sensitive BBcode   

    Converting dates isn't that easy for most people. With daylight saving time and such.
    So I like your idea even when most of our visitors are in the same timezone.
  10. Joriz added a post in a topic: SSL option for Chat essential   

    Thank you for confirming SSL in version 4 :)
  11. Joriz added a post in a topic: SSL option for Chat essential   

    Thank you for your response Bfarber. Do you have an update if it is (soon) possible to get the chat compatible via SSL?
  12. Joriz added a post in a topic: AdSense Crawler   

    Sorry for the bump. But I think the following works. I'm currently testing it.

    https://board-url/index.php?app=core&module=global&section=login&do=process POST ips_username=GoogleBot ips_password=the password you set for the bot auth_key=880ea6a14ea49e853634fbdc5015a024 rememberMe=1
    As far I understand the auth_key is always 880ea6a14ea49e853634fbdc5015a024 for guests.
  13. Joriz added a post in a topic: SSL option for Chat essential   

    Don't think this is the right solution. We switched to IP.Chat because it is more reliable and better integrated in Invision Power Board than our previous chat solution.

    That won't actually help. Our website already works 100% via SSL including the chat page. BUT the actual chat requests to for example are still unencrypted.
    I would love to see the chat service encrypted. If it was possible to host completely on our own servers it would have been available via encrypted connection for a long time.

    Thanks for the positive reply. I understand that IP.Chat is a relatively new service. A lot of the software of Invision Power Board has changed.

    But also a lot on the Internet and the world has changed. Now you can get free unencrypted WiFi at buses, trains, pubs, etc...
    Also more and more companies and government agencies are interested in data for data mining purposes. Of course we can discuss if it is a good or bad thing that everybody can listen to what we are saying in a private chat, but than we can just keep talking about all kind of Orwellian stories.
    The point is that it is rather easy to integrate SSL security in such a great service. So it would be great to hear some kind of ETA. I would rather want to see this within a few months than within a few years.
  14. Joriz added a post in a topic: SSL option for Chat essential   

    Is there any ETA when SSL becomes available for IP.Chat?

    It is unacceptable for us that 99% of our website works via SSL except the chat. From my experience the installation of a SSL certificate can be done within 1 hour and hardly cost any money.
  15. Joriz added a post in a topic: Be more like Facebook chat   

    Sorry but I don't like that.

    I more like a user friendly chat which many users can easily use on small and big screens. I don't like such a small windowed chat for community chats.

Status Feed

  1. Fedmas » Joriz

    Vriendjes :$

  2. Joriz

    is using IPB :)