I have since added protection to my install page with Cloudflare Access.
Surprised this isn't getting more concern or attention. Am I missing something?
Yes, hotlink protection also works in emails.
Be sure that you're using 2-factor authentication for all accounts with access to your Admin CP. This will provide more security than a CAPTCHA.
My forum has been heavily affected by this as well, and now it seems to be getting even more sophisticated.
Today, we had a security locked account doing this same behavior. The spammer actually reset the user's password, so apparently they had full access to the victim's email account and...
It's a dedicated server. Intel Xeon E-2276G, 64GB RAM, primary 1TB NVMe drive, and a 4TB HDD drive. The 4TB drive used to hold the attachments and Image Proxy files but after using @truonglv's Image Optimizer plugin I was able to compress everything and move them onto the 1TB NVMe drive. (You...
This is a very important topic and I don't think forum owners are paying enough attention to it. We are just four days away from many Imgur images being deleted and it will affect many of our sites. I am surprised there is not significantly more concern here.
Yes, this will effectively cache...
Yes, Amazon rewrites its own Return-Path so that it can monitor bounces and complaints, there is no way around that.
I don't think my previous message was correct (sorry, it has been 5+ years since I set it up and have not needed to tinker with the configuration since then). Amazon is...
I have not used Postmark, but XenForo's bounce handling works by using the return-path header, which I do believe is supported by Postmark as well as Sendgrid. This is the address you list in the XF admin control panel, and XF includes it in outgoing emails. This address is how your user's mail...
It can also encourage some "bad habits" by users. Since disabling Facebook, I've been contacted by some people who were using it exclusively to sign into their accounts — they didn't know their email addresses or passwords, and since they didn't know their email address, they couldn't recover...