Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. pete2007

    Hack attempt - is there a way to prevent this?

    Thank you for your reply, where about's can I limit the text for the search?
  3. Today
  4. JcMagpie

    Hack attempt - is there a way to prevent this?

    It's not just search, any form on your website that allows the visitor to enter text that is saved to your database is a backdoor for hackers. Search is easy, just remove osC search and replace it with google search nothing saved on your db by this, or limit text input to just on or 2 words. All forms should have some sort of captcha and text cleanser built in to prevent saving scripts to db. Reviews is another one that is targeted by hackers.
  5. Well talk to your host, many like Go *******dy will have limits set for number of emails sent per min/hour/day..... So deppending on how many you sent you may have been black listed. Talk to you host and find out. Personaly never been a big fan of ecarts beeing used for mass mailing too risky as you may get your domain black listed, much better to use a proper email marketing tool or services, mail "monkey" 😊 or some other you have many to select from, they are designed for this type of mass mailling work.
  6. It is a redirect so just test this by removing commeting out code in .htaccess file. Then check if it works. Also check if your normal admin login works, if it does then remove the new admin and clear cache and sessions and carfully make new admin and check again.
  7. BrockleyJohn

    How do I use function __construct in this code?

    Can you find them again?
  8. I sent a newsletter via oscommerce newsletter manager yesterday but now I am not receiving my order confirmation emails. Is it possible that my IP address and email is now blacklisted? Is there anyway to check? Is there anyway to fix the problem? Thank you in advance.
  9. I've been trying to setup a user/pass for my admin directory but every time I set this up and visit the admin panel I get pushed to the homepage. I've checked all .htaccess files and can't see anything that will redirect. Has anyone else had this problem? Is there a better way to add an extra layer of security over the admin panel? Thank you in advance.
  10. pete2007

    Hack attempt - is there a way to prevent this?

    Is there anyway we can turn off the search queries being saved to our databases?
  11. How can I stop Google adding fake names as customers. They add about 4 a day, I find this annoying.
  12. puggybelle

    Hack attempt - is there a way to prevent this?

    What did you check in your database? I really didn't know what else to look at, other than make sure the 'search_queries' table was empty after deleting the report. Then, of course, I put the maxlength limit on the search field here, there and everywhere. Now I'm thinking it should be even shorter than what I assigned. My keyword report resembled yours. I had one entry, though, that was probably eight lines of code alone. Should I check anything else? This stuff always shakes me up. - Andrea
  13. Yesterday
  14. ArtcoInc

    Hack attempt - is there a way to prevent this?

    @puggybelle I had an attack on one of my sites yesterday ... I also have a Keyword Search Report on this site. I hadn't checked it in a while, but after reading your post, I went to check it out. Guess what? Same thing here ... That's just part of one page! There are over 20 pages of this! Thank you for reporting this ... I wouldn't have thought to look at this. Malcolm
  15. greasemonkey

    Hack attempt - is there a way to prevent this?

    Sorry? Where were these huge chunks of code??????? If the code was in a file on your server - you have a HUGE issue... that is nothing to do with the file its self.
  16. puggybelle

    Hack attempt - is there a way to prevent this?

    I want to report that I had another hack attempt this week - this time, thru the Search box. Apparently, there's no limit to what can be entered in the search field. I use an old contrib that I cleaned up called Keyword Search Report and when I looked at it yesterday, it was hysterical. Huge chunks of malicious code. Wish I had taken a screenshot of it, but I was so ticked off I immediately deleted the report and checked the database. I have since edited all files containing the Search form and put a maxlength="60" in all of them. catalog > advanced_search.php catalog > includes > modules > boxes>bm_search.php catalog > includes > modules>content > header>cm_header_search.php If I'm missing something, please let me know. This hacker crap is insane! - Andrea
  17. greasemonkey

    PayPal App v5.018 Log In with PayPal is now dead

    @peterbuzzin worked perfect..... @Harald Ponce de Leon the PayPal app needs updating... as I'm sure you are aware.
  18. greasemonkey

    Login with Amazon

    @Login with Amazon I hope all is well (I tried to send a DM but it would seem your profile will not allow it).... I found this addon when looking thru the new changes made to prepare for the marketplace... A couple of things - I was sooo excited when I came across this - thinking it would work just like the "Login with Paypal" addon built into the PayPal App. I had to make a few changes to get this working with the bootstrap community edition (changing FILENAME_ and DIR_WS_MODULES to exact files paths)... however was disappointed when I did get it to work... Although it will allow login - it will not pass the customers address to OsC... It looks as though it was really meant for more of a Wordpress like site. I check the documentation here to confirm... Am I missing something? More important than this "login" feature however - I notice you have half (or probably more than half) built Amazon Pay into this addon... What would it take to get Amazon to finish this??????? @Harald Ponce de Leon this would be a GREAT addition to whatever you are working on... offering an additional payment options beyond PayPal (all the other payment apps/addons incl'ed are WAY out of date some/most even end of life). One of the most attractive features of some of the more current ecom platforms is their built in wide range of modern payment methods that are completely missing in OsC.
  19. JcMagpie

    Admin page not logging secure, not displaying correct

    I would go back to your host and tell them to look again. This is a common issue when hosts make changes to server paths without telling the users, go to /public_html/youradmin/includes/template_top.php and check the path to your jquery .js and .css files that is what is causing the plain admin page. You will probably find the path in your template top no longer matches waht is in your config or on your actual server. Quick test view your admin page in browser code view and see if you can open the file by clicking on the link should look something like this <link rel="stylesheet" type="text/css" href="https://yoursite.com/ext/jquery/ui/redmond/jquery-ui-1.10.4.min.css"> <script type="text/javascript" src="https://yoursite.com/ext/jquery/jquery-2.2.3.min.js"></script> <script type="text/javascript" src="https://yoursite.com/ext/jquery/ui/jquery-ui-1.10.4.min.js"></script>
  20. Hotclutch

    Admin page not logging secure, not displaying correct

    sounds like your site is running in https when it was not before, you will have to search the forum to setup your configure files correctly.
  21. Hey guys, Something happened over last weekend. I was able to get orders and receive orders no problem. Then on Monday, if you tried to place an order, it said unable to connect to database.php. I got with my hosting company and they corrected this for me. I am able to connect and place orders. It looks fine. Now when I go into the admin part of it, it is no longer secure. It also displays incorrectly. It is like the css file is missing but I don't want to mess with anything until I get some advice. I have 2 websites with my hosting company and my other site is doing the same thing on the admin side. My hosting company said this is a developer issue and to get with them. I do all my stuff so I am a guy. Being nothing changed on my end, I am at a loss. Here is what I am running currently. Oscom 2.3.4 with some add ons. Web php version 5.6.30 Attached is what my admin page looks like. Once I log my credentials, it says my form is not secure. Press ok and it takes me to my odd looking admin panel.
  22. Jack_mcs

    HoneyPot Captcha

    The error is caused by a mistake in the changes for older shops that can't use modules. I don't have a V2.3.4 shop to test but I think it can use modules so you should not be using that code. But for those that have the problem, change the following. But note, if your shop uses the module, making this change will cause problems. insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now())"); to insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now());
  23. MrPhil

    HoneyPot Captcha

    should be now()); insert Any idea how it got corrupted?
  24. MrPhil

    How do I use function __construct in this code?

    I've noticed a few instances where class Glotz has a function Glotz() and an empty (dummy) __construct(). I'm wondering if the dummy __construct was a mistake -- now no code is being run when the object is created.
  25. Boldman

    HoneyPot Captcha

    V2.3.4 PHP 7.0 Static analysis: 3 errors were found during analysis. Ending quote " was expected. (near "" at position 690) Unexpected token. (near ""); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now());" at position 339) Unexpected beginning of statement. (near ""); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now());" at position 339) SQL query: insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now())"); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now()); MySQL said: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"); insert into configuration (configuration_title, configuration_key, configur' at line 1
  26. Jack_mcs

    HoneyPot Captcha

    What is the error? What version of oscommerce are you using? What version of php are you using?
  27. Boldman

    HoneyPot Captcha

    Jack, In 2 last lines in the SQL given gives my database an error: insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) values ('Exclude IP\'s', 'MODULE_HEADER_TAGS_HONEYPOT_EXCLUDE_IPS', '', 'A comma-separated list of IP\'s that are not blocked by the create account checks.', '1', '108', now())"); insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Bad Words', 'MODULE_HEADER_TAGS_HONEYPOT_BAD_WORDS', '', 'Enter a comma separated list of words that are not allowed.', '1', '109', 'tep_cfg_textarea(', now()); Syntax ?
  28. BrockleyJohn

    How do I use function __construct in this code?

    Fom php7, to avoid throwing the deprecated notice, you can only have the method "classname" if you also have the method "__construct". The equivalent of php4 constructors is to implement method __construct and coding it to invoke method classname with the same parameters. This means you can call it explicitly if you like later on. However this is a bad idea as the global approach as it's a lot of extra code for no purpose and it masks the very few cases where it's actually required. A better general approach is to change the name of the constructor from classname to __construct and test it from all the places it's used. It's only needed where the method is used to reinitialise an already instantiated object (maybe object_info.php, it's been a while). I didn't implement any changes that couldn't be tested, so classes that are no longer used were not php7-proofed but do not throw errors in end-to-end osc testing. There are a very small number of these. If I recall the discussion correctly they were left in in case they are used in addons. In my view, the fix in these particular cases is to delete the class file altogether. It'll save a couple of k diskspace and a small maintenance overhead.
  1. Load more activity
×