Recent content by DeltaHF

I have since added protection to my install page with Cloudflare Access. Surprised this isn't getting more concern or attention. Am I missing something?

Good catch. I just tested it out and it does not ask for 2-factor authentication on the install page.

Yes, hotlink protection also works in emails. Be sure that you're using 2-factor authentication for all accounts with access to your Admin CP. This will provide more security than a CAPTCHA.

Adequate hotlink protection should be enough to prevent this from happening.

Wow. How did you discover this?

My forum has been heavily affected by this as well, and now it seems to be getting even more sophisticated. Today, we had a security locked account doing this same behavior. The spammer actually reset the user's password, so apparently they had full access to the victim's email account and...

Thank you for a great add-on!

It's a dedicated server. Intel Xeon E-2276G, 64GB RAM, primary 1TB NVMe drive, and a 4TB HDD drive. The 4TB drive used to hold the attachments and Image Proxy files but after using @truonglv's Image Optimizer plugin I was able to compress everything and move them onto the 1TB NVMe drive. (You...

Just add i.imgur.com to the "Censoring" word filter in your admin control panel.

Assuming you have a typical XF server configuration, they are stored on the same server as your XF installation.

This is a very important topic and I don't think forum owners are paying enough attention to it. We are just four days away from many Imgur images being deleted and it will affect many of our sites. I am surprised there is not significantly more concern here. Yes, this will effectively cache...

What do they do?

Yes, Amazon rewrites its own Return-Path so that it can monitor bounces and complaints, there is no way around that. I don't think my previous message was correct (sorry, it has been 5+ years since I set it up and have not needed to tinker with the configuration since then). Amazon is...

I have not used Postmark, but XenForo's bounce handling works by using the return-path header, which I do believe is supported by Postmark as well as Sendgrid. This is the address you list in the XF admin control panel, and XF includes it in outgoing emails. This address is how your user's mail...

It can also encourage some "bad habits" by users. Since disabling Facebook, I've been contacted by some people who were using it exclusively to sign into their accounts — they didn't know their email addresses or passwords, and since they didn't know their email address, they couldn't recover...