Jump to content

John W

♥Ambassador
  • Content count

    963
  • Joined

  • Last visited

  • Days Won

    18

John W last won the day on December 6 2018

John W had the most liked content!

2 Followers

About John W

  • Rank
    Woof Woof!

Profile Information

  • Real Name
    John W.
  • Gender
    Male
  • Location
    Orlando, Fl

Recent Profile Visitors

22,292 profile views
  1. Some editors and such can add a BOM to the begining of files, which can screw things up. There's another thread where that happened to a certificate file.
  2. Hi, about this thead, https://forums.oscommerce.com/topic/412455-icloud-email-servers-rejecting-emails/ where did you find the icloudadmin contact? I'm facing similar issue. Thanks in advance. 

    1. John W

      John W

      I found them through the link I posted that was returned in my email from them.  Your's might be different.  Check and see, but here's the one I got.  Please visit https://support.apple.com/en-us/HT204137

      After a couple weeks, I never had the problem again.  There were some threads I found searcing google, but it's been a while.

  3. John W

    Fake accounts

    Blocking by countries can make for big lists/files which can bog things down. CSF firewall and Apache both advise that it can slow things down. Plus, not always accurate.
  4. John W

    Fake accounts

    While my code snippet was blocking all the attempts, I noticed there were increasing in the amount of attempts. I started recording the ip addresses after noticing many started with 188.138. However, after blocking 188.138.188.0/24 in my firewall, there has only been one in a few days. In checking an abused ip db, that block shows up a lot.
  5. John W

    Fake accounts

    Actually, I get his point. When I was figuring out what to use to deny these guys, I thought about the country. I only have 3 countries in my list, and the last one is Jamaica, but I very rarely sell to there. Every one of the fake accounts was using Jamaica. They put Google for company and google for tax id, so I picked the tax Id.
  6. John W

    Paypal App - Fee

    This came up in the 1980's mainly with gas stations as I remember. In the end, it was ruled they could discount cash sales, but not surcharge in any way someone using a credit card. I beleive there is a law in the US about it. Maybe the FTC did it.
  7. John W

    Fake accounts

    Out of curiosity, do they all have Google for the company name?
  8. John W

    Fake accounts

    I see Jack's point and it's one of the reasons I use the $company_tax_id, which I already had as part of SPPC addon. I haven't had any spammers use apple or At&T, but I do have legimate customers in my database using both of those. Apple as part of part of a business name and not Apple the company. However, none of them have that as their $company_tax_id, so I would feel safe using it there. I don't know if it's worth adding that field to do this, but since it already exist, I'm using it. Every spammer account that I know of is using Google for company and google for tax id.
  9. When I use the test server, I use it in live mode. It acts like the normal secure2 server, but in the sandbox. I get a confirmation email and daily report just like secure sever. Someone said they had a problem with ssl also. The secure sever is supposed be https://secure2.authorize.net/gateway/transact.dll It has a 2 after secure and there are 3 instances. A.net switched to the Akamai routing network a few years ago and the link was changed. I don't know if they will keep the old active as they bounced back and forth on that.
  10. You can go search through the A.net info, but here's a piece of their info on md5. " Note that the MD5 Hash option exists for transaction responses sent by means of the Advanced Integration Method (AIM) or the Card Present (CP) implementation methods. However, these methods use Secure Sockets Layer (SSL) to ensure that the transaction response is legitimate, and so it is not as useful for AIM or CP merchants. " That comes from this link, but you can find several on their developer site. https://support.authorize.net/s/article/What-is-the-MD5-Hash-Security-feature-and-how-does-it-work
  11. You can get the current cert at this link. https://github.com/AuthorizeNet/sdk-php/blob/master/lib/ssl/cert.pem I think all we have to do is remove the MD5 code. Aim never needed this in the first place. Of course, someone could contact A.net to verify. On my test account, I have removed the code and it works fine. I never used MD5.
  12. I think all we have to do is remove the MD5 code. Aim never needed this in the first place. Of course, someone could contact A.net to verify. On my test account, I have removed the code and it works fine. I never used MD5.
  13. John W

    Fake accounts

    If they are using Google for the company name, then you can add the code I posted early in this thread and change company_tax_id to company and it will block all of those. I get a couple a day sometimes, but they are blocked.
  14. On my test site using my AIM module on their test server/sandbox it works with all the MD5 code commented out of the aim module. I never had anything entered for it and all the md5 code was contingent on something being entered. I think the md5 code was carry over from when Harald did the SIM module, but I'm guessing. I also downloaded their SDK for the api and have played with that a little on my test site with Netbeans. Netbeans is helpful because it parses the code and can take you right to a class or method without having to hunt for it. Since they have about 500 files in this api, NB is really helpful. I used their sample code to get it to work from my test site. I think we could reuse a lot of the aim module code and convert it to use the api.
  15. People might want to read this post below on the a.net support forum. From what i remembed the md5 is only needed for SIm. I've been searching through all the developer info and working on the forums. It's been a long time since I poked around here. Check this link https://support.authorize.net/s/article/Do-I-need-to-upgrade-my-transaction-fingerprint-from-HMAC-MD5-to-HMAC-SHA512-and-how
×