surrfman

Have tried a myriad of proposed solutions to remedy not getting a sent email after an order is placed. Have ensured that Paypal is coming back to my shop, have tried a dozen different emails and combinations, have tried the one contribution from the add-ons (no joy.) The only common mode realized is that once a change in admin panel is made, the emails send, for either a certain amount of calendar time or after a certain number of sends, I don't know which, just a logical theory.

any input would be muchly appreciated,

Timmy C

Opening the .htaccess files, I see a hash tag at start of every line in file. Is this normal or has someone (hacker) messed with the file(s)?

  If so should i clean them up or remove and generate new?  What problems could I run into deleting & going with new files?

  Thanks a bunch,

    Timmy C

Fancier Invoice... is there a way to remove URL from printed invoice?

Printed line shows the current name of your admin folder, not good if someone wants to hack your shop.

Thanks,

   Timmy C

Why is it nothing ever seems to be as easy as said it will be?

changed the admin/includes/configure.php file to reflect the FS_admin and the WS_admin lines to show new admin folder name, uploaded to server.

changed admin folder to new admin folder name.

changed .htaccess file to indicate new admin folder name.

pull-up browser, attempting to log-in to admin, returns 404 error.  url line shows store url/admin. browser is still looking for the admin folder.

what else needs to be done or am I missing something?

   Thanks a bunch,

Timmy C

My 2.3.1 store was hacked, my anti-virus called the hack "web injection 5" when trying to pull-up in browser. Restored from back-up so problem is stable at this time. Started reading the dizzying amount of info on securing, not sure what to do first, and even next?  My host offers the "Site Lock" brand of scanning for changed files, is this a good road to travel? Also I see changing the admin folder name. Other than just changing name, is there any other files that need to have tweaks to understand admins' new name?  I have htaccess and htpassword running.

Seems the hacker, mostly looked at files as I compared the hacked files ( shown by date and time file was looked at or attempted to be changed,) with a bone stocker from clean 2.3.1 files. Found one file that had extra code inserted in admin.

Also, I see talk about having a hack redirect paypal payment. I found a 2.2 add-on, is there an add-on or a procedure for 2.3.1 to secure this. I tried add-on that gave an email to store owner extra email that a hack has taken place, but it seems to have stopped the extra order email from coming through when order is placed. It only notifies, doesn't stop or block.

Any Input would be appreciated.

Timmy C