Add attachment storage

[Scott]

Tommy, just a side note to this thread's conversation... The site's URL is ibb.co (aka https://imgbb.com) and not ibb.com

[Tommy]

Jul 25, 2018 9:55:26 GMT -8 Scott said:

Tommy, just a side note to this thread's conversation... The site's URL is ibb.co (aka https://imgbb.com) and not ibb.com

Got it, thanks Scott. I have made corrections in my post.

[havetofish]

Jul 25, 2018 9:34:30 GMT -8 Tommy said:

Jul 25, 2018 8:59:22 GMT -8 havetofish said:

I think you missed the point. Its easy to understand Simple Image Uploader extension. Its just that ibb.com which hosts the images for imgbb has come up numerous times in the past for allowing infected images on their servers.

havetofish thank you for this thread. My forum also struggles with image posting issues and the easy image mod seemed like our salvation until I held off for security reasons. The fact that the ibb.com domain was (is?) listed as "for sale" in Whois was my primary concern and my question was not answered in the mod thread.

So that being said, they way I understand the malware issue you have uncovered is, with the lack of a scan on the ibb.com side, any member of my board could use the mod to upload a malware laden file to ibb.com which would then display on MY forum and possibly infect my members who view the photo in the post?

The fact that ibb.com has other malware file(s) on it already wouldn't really matter at that point right - meaning my members are not potentially affected unless the file was uploaded on our forum and accessed on our forum?

Does this sound accurate?

I used Simple Image Uploader for years on our forum. Then last year it started getting blocked by Malwarebytes and others.

Yes I have the concern you mention. Its not that all files are infected, it is if someone wanted to upload an infected file, and Ibb.co doesn't scan the files ( or is not using current detection methods ) then it could infect your users. Would maybe have to click on a thumbnail, maybe not. So, yes that is accurate.

Lets put it this way..If someone wanted to infect your forum they possibly could. Not all members use good anti-malware software to block it.

Now maybe things have changed...I don't know.

Hope that answers your question. Just trying to figure it out, since there is no other plug-in to use.

[Scott]

Jul 25, 2018 10:21:38 GMT -8 havetofish said:

... Just trying to figure it out, since there is no other plug-in to use.

FYI, there is this plugin that works similar:  Cloudinary File Upload

Here's the support thread for that plugin:  support.proboards.com/thread/642470/cloudinary-file-upload

[havetofish]

Jul 25, 2018 10:43:28 GMT -8 Scott said:

Jul 25, 2018 10:21:38 GMT -8 havetofish said:

... Just trying to figure it out, since there is no other plug-in to use.

FYI, there is this plugin that works similar:  Cloudinary File Upload

Here's the support thread for that plugin:  support.proboards.com/thread/642470/cloudinary-file-upload

Am I reading this correctly that each member would need an account?

"The way this plugin works is that they'll need to individually make an account at Cloudinary and fill in the details themselves. At first I designed the plugin to be admin only and have the members upload to the admin Cloudinary account, but I decided to open it up to all users so that they can take advantage of the dashboard that Cloudinary provides."

[Retread]

Jul 25, 2018 10:55:35 GMT -8 havetofish said:

Am I reading this correctly that each member would need an account?

Yes, you are.

Cloudinary is an extremely competent host and allows for a wide range of filetypes, not just images. But it does require each user to have an account. (Unlike the SIU plugin / Imgbb where a user account is optional.)

[Scott]

FYI, another reason the plugin was set for members to make their own account was because Cloudinary's free option has a storage cap. Having all members use one account could cause the storage option to max out.

[havetofish]

Jul 25, 2018 11:50:08 GMT -8 Scott said:

FYI, another reason the plugin was set for members to make their own account was because Cloudinary's free option has a storage cap. Having all members use one account could cause the storage option to max out.

Ok, Thanks.

This just isn't gonna work for my members needs.

[Scott]

havetofish, just wanted you to know there was an option.

There was also the suggestion earlier in this thread to have your members use an image hosting service and embed images in the posts using the insert image button. You can post instructions on how to use it. Don't under estimate your members.

In case you need it our Help Guide article on External Resources lists forum friendly image hosting services.

[havetofish]

Jul 25, 2018 12:03:19 GMT -8 Scott said:

havetofish , just wanted you to know there was an option.

There was also the suggestion earlier in this thread to have your members use an image hosting service and embed images in the posts using the insert image button. You can post instructions on how to use it. Don't under estimate your members.

In case you need it our Help Guide article on External Resources lists forum friendly image hosting services.

Thanks for the suggestion, but most of my members are so computer illiterate that 3rd party hosting is just not something they will do.

Also, Just check with Malwarebytes and the have whitelisted ibb.co, so I am gonna try and go back to Simple Image Uploader again and see what happens.

Will follow up with results.

[havetofish]

Anyone with pictures on their forum that was posted with postimage.org has probably seen nothing but placeholders since they changed the domain from .org to .cc. It is possible to display these images again if every post is edited to replace the .org with.cc.

Questions for Moderators...Is their a global way to replace these file paths on Proboards.
If I am not in the right forum let me know.

Thanks

[Brian]

Jul 25, 2018 14:10:19 GMT -8 havetofish said:

Questions for Moderators...Is their a global way to replace these file paths on Proboards.

Security > Censored Words in your admin area is the best option for this.

Replace postimg.org with postimg.cc and ensure the Exact Word checkbox is unchecked and all of the URLs forum-wide should change accordingly.

[havetofish]

Jul 25, 2018 14:23:30 GMT -8 Brian said:

Jul 25, 2018 14:10:19 GMT -8 havetofish said:

Questions for Moderators...Is their a global way to replace these file paths on Proboards.

Security > Censored Words in your admin area is the best option for this.

Replace postimg.org with postimg.cc and ensure the Exact Word checkbox is unchecked and all of the URLs forum-wide should change accordingly.

 Thanks a lot...that did it and saved me a ton of time.

[vanwoman]

Jul 25, 2018 8:59:22 GMT -8 havetofish said:

Jul 25, 2018 1:06:20 GMT -8 vanwoman said:

I've just installed Simple Image Uploader and my members love it.
I don't understand what it is about you members not being able to understand it.
If there are Malware concerns, surely a member can upload an affected image directly? Or do ProBoards scan attachments?
Back to Simple Uploader. For those that don't know, once installed a button appears on the post creation box.
Click that and you are taken to imgbb. There you select an image in exactly the same way as you would on the forum. Once you click upload, you are taken back to the forum post creation box where the code is automatically inserted for you. It's all done for you.
Is it that member don't understand the process, or they don't like to use imgbb?

I think you missed the point. Its easy to understand Simple Image Uploader extension. Its just that ibb.com which hosts the images for imgbb has come up numerous times in the past for allowing infected images on their servers.

Members have problems understanding other 3rd party hosting sites ( without an extension) or won't bother using them.

Good question though.. Does Proboards scan attachments?

I hadn't missed the point, I wasn't sure why your members didn't want to use the simple uploader and therefore imgbb. You clarified that, thanks.
Now we need to know from PB if images are scanned when uploading directly.