Welcome to SocialEngine User Community! This is an idea exchange area for SocialEngine users. Ask questions or post your feature requests here. This isn't an official support channel, so if you need support, please open a support ticket

Post Something!

Recent Activity

New Members

Online Now

2 guests

Cloud Tips & Suggestions

    • 4
    Get your website scaled better for Touch devices.
    It is really a simple trick, just add some meta to your site header..



    This will scale content better. However, there is a problem with iphones, they do not scale them enough. But on ipads it works like a charm.
      • 2
      Arnfinn Ingebrigtsen An updated version:
      These 3 lines is for adding your homescreen logo to diferen devices.
      <link rel="apple-touch-icon-precomposed" media="screen and (resolution: 163dpi)" href="Add your png url here" />
      <link rel="apple-touch-icon-precomposed" media="screen and (resolution: 132dpi)" href="Add your png url here" />
      <link rel="apple-touch-icon-precomposed" media="screen and (resolution: 326dpi)" href="Add your png url here" />

      Then the meta that is also in header:
      <meta content='width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=no;' name='viewport'>

      Then the Script for it(also in header:
      <script type="text/javascript">
      (function(doc) {

      var addEvent = 'addEventListener',
      type = 'gesturestart',
      qsa = 'querySelectorAll',
      scales = [1, 1],
      meta = qsa in doc ? doc[qsa]('meta[name=viewport]') : [];

      function fix() {
      meta.content = 'width=device-width,minimum-scale=' + scales[0] + ',maximum-scale=' + scales[1];
      doc.removeEventListener(type, fix, true);
      }

      if ((meta = meta[meta.length - 1]) && addEvent in doc) {
      fix();
      scales = [.25, 1.6];
      doc[addEvent](type, fix, true);
      }

      }(document));
      </script>

      This is e better version, but if you have sidebars/menus, I do not recommend using it, as the sidebar will be the first thing to appear and not the content.
      • 2
      Arnfinn Ingebrigtsen You are very welcome :) I will post an update on this later, working on it so it displays better on iphone.. :)
      • 2
      Drew Frey Thanks [6223,Arnfinn Ingebrigtsen] ! As always, helping everyone out. Appreciate it.
    • 6 more comments
    • 4
    Solid Web Developer (Yug Technosoft)
    I have used this guy several times over the years, mainly with SE products. If you need help with PHP, HTML, or all others things related he can be contacted at contact@yugtechno.com, just let him know that SportzHype sent you.

    I wanted to pass this along to anyone who might need help with there site at a reasonable cost. Thanks and good luck to you all!
      • 1
      Drew Frey Thanks [5892,SportzHype] . Does anyone else have any favorable experiences with developers that have done some work for your SE Cloud site?
    • 2
    Should Admins Have The Ability To Manipulate Votes?
    What are your views?
      • 3
      Jung Kim No, this is dishonest. You can feature a post for more visibility or use CSS to make featured posts more prominent.
      • 3
      s.ziyad NO !
      • 2
      monti Should he be "able" to do it? yes. Should he do it? no.
      But if you own the site, you should be able to do whatever you want.
    • 10 more comments
    • 1
    # Incapsula or # Cloudflare - What Should You Use
    Protecting Your Website – CloudFlare or Incapsula?

    I get this question a lot whenever I talk with clients or give presentations, “How do I prevent my website from being hacked?”. Many actually confuse the service we offer at Sucuri as a preventive service. Good thing we don’t advertise preventive services.

    That’s right, our service sits in the detection and remediation realm. By the nature of what we do there are preventive components that we implement, but our service has always been about detection, and more importantly remediating the mess. For any InfoSec professional working in the security domain you can understand this approach; you have long learned that prevention is ideal but detection is key and that’s based around the understanding that prevention, like detection, will never be a 100% solution.

    That being said, I came across a recent report by Philip Tibom of Sweden titled Incapsula vs. CloudFlare (PDF Download). It was published October 15th, 2012 and in it he chronicles his experiences with both platforms over the last 6 months. If you’re not familiar with either then you’re really not that concerned with your security posture, and that’s ok of course but unfortunate none the less.

    I would argue that CloudFlare is likely winning the popular vote, entering into the most partnerships and making the most noise, but Incapsula is perhaps the most effective based on the report. The two services are software as a service (SaaS) based solutions targeting the preventive side of the house; yes these would be the first-line of defense solutions so many folks are looking for.

    They fall into the latest category of Web Application Firewalls (WAF) coming to the market designed to address the pandemic problem that is website attacks and web malware distribution. They are designed to slow down, if not completely, prevent the attacks from ever occurring; in essence doing away with your need for a detection / remediation service, right?

    If that were only the case..

    THE REPORT
    The report is much more in depth than I will outline here; here is a complete list of the questions he sought to answer:

    DNS changes – How does it affect your security?
    SQL injection protection – How well does it work?
    XSS (Cross Site Scripting) protection – How well does it work?
    Remote File Inclusion protection – How well does it work?
    OWASP Top 10 Vulnerabilities – Are they protected?
    SSL – Does it work? Is it easy?
    Control panel – How does it help you protect your site?
    Spam bot / Bad bot protection – Is it effective?
    PCI Compliance – Does the WAF meet the requirements?
    DDoS protection – Is it included?
    Here though I was specifically interested in three areas:

    SQL injection attacks
    Cross Site Scripting (XSS) attacks
    Remote File Inclusion Attacks (RFI)
    I chose these three areas as they make up a very high majority of the attack vectors attributed with most websites, specifically those built on Content Management Systems (CMS) like WordPress, Joomla and Drupal.

    SQL Injection Attack
    A quick definition of this attack:

    A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. Source: OWASP

    His test scenario included 30 different SQLi variations against a personal site in which he purposely introduced SQLi vulnerabilities. He actually made a very good video, which I watched, and which I recommend you watch as well. He goes through the process of enabling and disabling both services and showing you sample attacks so that you can see it in practice. Some of his points around the result pages are pretty insignificant, with exception to one:

    Once we have filled in those two words and requested access, we are free to post any SQLinjection we like without getting stopped!

    What he is referring to is the splash page that CloudFlare presents the browser after an attack. On it they provide you a CAPTCHA to verify you are human, once that is filled out, all subsequent attempts are allowed through unchallenged. If this is in fact true that is very dangerous. I have not tested this but do plan to in the coming months.

    In terms of the results: Incapsula blocked all 30 attacks and CloudFlare blocked 1

    Both tests were done on the same application; the only difference was when the application was turned on and off.

    Cross Site Scripting (XSS)
    A quick definition of this attack:

    Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. Source: OWASP

    This is by far probably one of the more prevalent attack vectors today, impacting many of today’s websites. In short its the ability to pass actions to your browser that allow an attacker to make use of browser technologies like JavaScript, ActiveX and AJAX; allowing actions to take place without you ever knowing. These can be very dangerous, they can be used for a variety of actions like drive-by-download attempts, session / cookie hijacking and key / screen logging.

    Similar to the SQLi scenario, he used his personal site with built in vulnerabilities. He also made use of 15 different XSS test cases leveraging the well known XSS Filter Evasion Cheat Sheet by OWASP.

    In terms of the results: Incapsula blocked all 12 attacks and CloudFlare blocked 0

    Remote File Inclusion (RFI) Attack
    A quick definition of this attack:

    Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code. Source: The Web Application Security Consortium

    If you’re trying to get your head around this type of attack try thinking about last year’s TimThumb outbreak. This was the type of attack conducted against the file. Unfortunately this attack is more common than many realize and can be found in a number of other files.

    In his example he pulled the example for his test right off wikipedia. Amazing how readily available some data is. The rest of the test scenario in this case was not as comprehensive as his XSS and SQLi tests; this one only included one scenario.

    In terms of the results: Incapsula blocked 0 and CloudFlare blocked 0

    FINAL THOUGHTS
    While Incapsula failed a few tests in the XSS attacks and failed the one RFI, based on his study, Incapsula appears to be the ideal solution for your everyday website owner looking for a preventive service. Understand that I have not tested these platforms for myself and am simply paraphrasing the findings in the a 23 page report.

    The report is well laid out and looking past the grammatical / a structural issue provides exceptional content that has not been provided elsewhere. It’s also important to note that the study only looked at the security components of both services. It did not attempt, or intend, to compare any of the various other features both providers offer.

    As it stands right now, based on what I have read and the sound judgment offered in the report, if someone were to ask me the same question today, I would say that Incapsula is the ideal solution from a preventive measure.

    From # http://tonyonsecurity.com/2012/11/13/
      • 1
      SocialTime here is Incapsula X-CDN : http://chinatravelcommunity.net/
      • 1
      SocialTime yeap. since 2011 i have using both of them.
      • 1
      Paul Thank you for the post, very informative and useful.
    • 3
    Livechat - Online Chat Solution for SocialEngine Cloud
    Chatwing can be an alternative and online chat solution for bloggers and websites to offer live chat on sites and provide a great interactive experience for users.
    • 1
    SEO Tips
    I have worked a lot with marketing on other sites, and I would like to share some secrets to you, maybe you know them already but here goes.

    To get visible in search engines, you should add meta info to your site. Specially Search word meta.

    Then you should submit your site to all the big search engines

    After that we have to do link building.
    You can do very much here. Comment on blogs,posts etc with a signature.
    Use backlinks tools that you find on google.
    and last but not least, use pinging tools.

    These are some of the better ways to market your self without using money.

    I have just started to do this with my website..

    If you have any tips, post them here :D
      • 1
      Arnfinn Ingebrigtsen [1007,VoiceBee] Thank you, Hope you get good results on them ;)
      • 1
      SocialTime No matter whatever you do, the most important is content. if your site have good and unique content google will find you.
      • 1
      Arnfinn Ingebrigtsen Here is an example on how this works.. Basic google search. humor humorous face it
      I end up on the first page at the bottom. This is not optimized yet, so in about 2-3 months I will be up on the top half when google is done looking for backlinks on that search term.

      If you brake the term up, you have humor-humorous-face-it 4 words that is very hard to be found on, but it works for me. Just because of few backlinks.

      I have worked on a webpage for a bowling alley here in norway, if you search bowling in stavanger, the first hit is the webpage I have produced. There is about 10 bowling alleys in this district. We have not used a dime on marketing just backlinking and meta. And they have a good domain also.

      Why I am telling you all of this is, because you do not need to pay for advertisement. You can do it all for free. Just remember those few things to start the process.
    • 11 more comments
    • 2
    Godaddy domains and SEC
    I found out that godaddy has problem with dns when it comes to naked domains( http://yourdomain.com), and SEC. In your admin panel on sec, you need to make it http://www.yourdomain.com and not http://yourdomain.com.

    Godaddys dns settings are bad, and you need to set the records of www to SEC and then you need to forward your naked domain to www. Yes it is stupid, but that is the only way to have your site stable on sec.
      • 1
      awwal that is gud
      • 1
      spade5702 There is a simple way to make this work. Go into you Godaddy DNS Manager and..

      Create two separate CNAMES

      (1) CNAME: www POINTS TO: yourname.socialengine.com
      (2) CNAME: http POINTS TO: yourname.socialengine.com

      and if you haven't done so already, make sure you set up a new A Record that points to 184.72.33.159:
      HOST: @ POINTS TO: 184.72.33.159
      • 1
      Kimmie I concur.
    • 3 more comments
    • 1
    profile questions Gender & Country
    can we edit the standard profile questions gender and country
    1. add couple to gender
    2. remove no required countries and add additions like England, Scotland, Wales
    • 1
    I'm between a rock and a hard place.
    I've recently signed up to SEC and have 8 days left of my trial period. I've looked at phpfox and their social network solution is a out of the box and ready to go one needing a little tweaking to serve my purpose. I need to move quickly as know a significantly large (niche) group of people who are wanting to leave Facebook and phpfox (together with a Facebook type theme) would make the transition for my users quite simple and user friendly and will give them the 'feel' they are used to. I've also looked into hosting via AWS. However, I like the SEC idea but feel that the development side still has a long way to go to enable me to offer a FB type network to my potential customers. Any suggestions are most welcome.
      • 2
      s.ziyad If you are sure that you have large enough niche you can exploit by a facebook style product two advices - 1) Take SE PHP and an already existing FB styled theme - then go on building on it. 2) Buy hosting from the worlds fastest hosting framework you can afford and hire a tech person who can tweak hosting and code for you for 2 years. 3) sorry there is a 3rd advice - work on your project day and night for 2 years without expecting any funfair. | there are many Social scripts of SE PHP price range - same quality - BUT its only the SE guys who keep up with a consistent commitment to their product.
      • 2
      Carlos Oporto I think that Social Engine Cloud is more for a Pinterest type Social Network. Facebook works in a different more private way where you can´t see all the content of other members. In any case I don´t think that you can make a site can compete with Facebook with an already existing product like PHP Fox, VBulletin 5, or any other.

      Facebook is a multimillion dollar invested company with a propiertary framework and a lot of really great engineers working. So it would be better to make "niche" social curated network, there is room for that now.
      • 1
      Shane Liddell Well, my trial period is over and it's decision time. Due to the somewhat slow developments here, I've decided to go the other route with self hosting on AWS. I cannot see SEC being ready for my purposes for some time as it's still very early in their development days. I believe that SEC will be ready for what I need, probably back end of this year at the earliest, but more realistically mid to end 2014. They need to get developers involved to develop plug-ins, templates etc, etc, now. Purely a business decision on my part and I cannot wait!
    • 8 more comments
    • 6
    Development.
    I am developing a lot for this platform, and I am going to continue doing so.
    My latest addition is a webapp that I started on. This app is not supposed to be a user managed webbapp, it is going to be a read,share and commenting system. No posting..

    It is in very early stages, but it is working. However, it is a long way to go. This webbapp will be easy to implement into any theme.

    The other thing that strike me, is that this platform does not need to be a social network, it can be built into any sort of website, so the next thing I am going to create in the theme front, is a blog theme.

    This should be really easy to do, but I need to figure out some stuff. So I am in the sketching process of that now :D
    • 1
    Is SE Cloud Ok for long run?
    Hi All,

    I'm very new to SE, recently, I misunderstood the concept of SE PHP VS SE Cloud and thus made a wrong purchase on SE PHP. I really want to know the risk of using SE cloud here in my country.

    - If there will be no more SE cloud or I want to move the databases such as images, videos, and member activities and everything in it to my website server in my country, will this be possible?

    - Not sure if SE cloud limits the storage, bandwidth, or anything?

    Thanks in advance for the answers
      • 1
      (deleted) Get the right hosting and SE PHP is great.I also have SE PHP about a year, but shut it down due to unreliable hosting.So now I try this...still like SE PHP more
      • 1
      Shawn NO you made the right purchase for what your trying to do. Thus embrace your php version because the potential in features higher and Is way more cost effective in the end.
      • 1
      Eugene 1. You won't be able to move anything since you don't have access to database, videos and member activities.
      With current version of API it will be possibly to get basic member info and some of activities. However you will need hire developer to write script that will get this data from SECloud.
      2. No information about limits at this point. If I remember correctly right after the launch SE team mentioned that in future there might be few different packages based on limits you have mentioned. So this point is hard to predict.

      What kind of community are you planning to build? Maybe SE PHP was not a wrong purchase after all.
    • 10 more comments
    • 3
    Are there any chat system for SE CLOUD?
    Are there any chat system for SE CLOUD?
      • 3
      Alex Benzer Cometchat is working on an official integration. Is that the kind of thing you're looking for?