Leaderboard

We've recently accepted Saviour into our Junior Moderator program. We intend to continue adding talent to the team moving forward. Expect to see more additions to the JMod group and Support Team as well. Congratulations to Saviour. Welcome to the team!

Please congratulate on his promotion to Support Team! Stake has been with us for quite some time now and has shown a strong desire to assist members of this community where he can, whenever he can. This determination and generosity makes him a perfect fit for our Support Team going forward and provides an excellent launching pad for potential promotion to Junior Moderator in the future. will be assisting us primarily with WordPress as he currently has several years of experience with the CMS. As always, we'll be continuing to bolster our team with new talent and capable team members. Once again, congratulations to !

Congratulations on being promoted to support, look forward to seeing you around a lot!

"Flake Train" I love it Welcome to the support team!

Congratulations and welcome aboard the Flake train!

Welcome back, glad to see you around here.

Sounds good! Feel free to upload them to our downloads system, they will be then verified by staff and published onto WebFlake.

Compatibility IP.Board 3.4.X Possibly IP.Board 3.2 and 3.3, but not sure. This skin edit WILL BREAK with IPS Suite 4.0. This tutorial will show you how to set custom forum icons without the need for a modification like Forum Icons. This is a very simple skin edit and can be done by anyone. Getting Started: In your AdminCP, navigate to Look & Feel > Manage Skin Sets & Templates > Your Skin. In the templates section, under Board Index, you'll see a file called boardIndexTemplate. Click this. Select all the code in the file and completely remove it. Replace all the code with this: The settings needed to setup the forum icons have already been done for you. There are some additional options at the top of the file. If you would like to use those too, feel free to do so. Setting it Up: Now, in your FTP client, navigate to /public/style_images/Your_Skin Create a new directory called "forum_images". On your forum, open up the forum you want to apply the icon to. Look at the URL. There will be a number, for example: forum.com/forum/2-announcements-and-updates/ You will be looking for "2" or whatever number is there (it changes per forum since every forum has a unique ID). Get the image you want to set as a forum icon (NOTE: The image must be 32x32, no larger). In your FTP client, navigate to /public/style_images/Your_Skin/forum_images. Upload the image you want to set as a forum icon to this directory. In this case, we would need to name the file "2.png" because the forum ID is 2. The picture must be in PNG format and the name must be whatever number the forum ID is (number). You're done. Refresh the page to see the icon. If the icon does not show up immediately, do a hard refresh or clear your cache. The instructions for this vary by what browser you're using. If you have any questions, concerns, or need some help, please make a post in this topic. Please note that this code has NOT been adapted for the IPB mobile skin, and never will be adapted for the mobile skin. Please see my post for more info.

After my own experience and the recent rash of new infections, I wanted to take a moment and outline a new backdoor trojan / malware that poses a significant risk to CMS users as well as anyone who seeks out third-party "nulled" or "free" content. If you’re technically minded and want as much detail as possible, check out the Whitepaper that Fox-IT has published on the CryptoPHP backdoor (50 pages or so). If not, I've put together a summary below. Going forward, I will be instructing our team to utilize more rigorous and aggressive scanning techniques to ensure the continued quality of our content here, and the safety of our users. One idea currently being discussed, is requiring all submissions to link to a valid (and current) VirusTotal scan. As you should already know, "nulled" scripts are commercial web applications that you can obtain from [pirate] websites that have been modified to work without a license key (often including WordPress plugins and themes, the target of this post). WebFlake is widely considered to be primarily a pirate community, but I believe we are bigger (and better) than that, which is why I strive for the best security here. Per Fox-IT, some nulled scripts are confirmed as being distributed via several websites of similar nature to WebFlake, with a sophisticated infection pre-installed. Fox-IT has dubbed it CryptoPHP because of the fact that it encrypts data before it sends it to command and control servers. The infection is relatively simple; inside a nulled script there’s a little line of code that looks like this: <?php include('assets/images/social.png'); ?> If you're familiar with PHP, you will immediately recognize this as looking strange: it is a PHP directive to include an external file containing PHP source code, but the file is actually an image. Inside this image file is actual PHP and the code is obfuscated (hidden through scrambling) to try and hide the fact that it’s malicious. Hopefully you have enough sense to implement additional security on your WordPress site (such as Wordfence) as, fortunately, Wordfence is aware of this infection and have since added an option to scan image files as if they are PHP code. Wordfence will detect the 'include' directive above in your PHP source, so even if you haven’t enabled image-file scanning, you will still catch all known variants of this infection (provided you are running the newest version of Wordfence). Fox-IT has determined that the purpose of the malware is, currently, to engage in black-hat SEO by injecting links to other, presumably malicious, websites into your content. However this infection is sophisticated and it communicates with command and control servers that can instruct it to do a variety of tasks including the ability to upgrade itself. So this is a classic botnet infection which turns all infected websites into drones that can be instructed to do just about anything, from sending spam email to SEO spam to hosting illegal content to performing attacks on other websites. This infection doesn't just affect WordPress but affects Drupal and Joomla too. The detection Wordfence added will actually detect the infection in Drupal or Joomla source code too if that lives under your WordPress directory. Again, you can find the full white paper discussing this new threat here and it includes quite a bit of technical detail if you're interested in that kind of thing. Please help spread the word about the danger involved in downloading or distributing third-party "nulled" content and help keep the WebFlake community safe.