Jump to content

domiosc

Members
  • Content count

    122
  • Joined

  • Last visited

  • Days Won

    2

domiosc last won the day on April 11

domiosc had the most liked content!

2 Followers

Profile Information

  • Real Name
    Vicent
  • Location
    Spain

Recent Profile Visitors

2,174 profile views
  1. domiosc

    Product Display (Images)

    Another way more fast and usable than drag and drop is copy and paste, when paste bitmap the script generate the image and rename it or if paste text with url get image...
  2. domiosc

    Requested Features

    Take into account the availability field, as well as the stock per warehouse with different service times and its cut-off time (if the hour has passed, sum next business day) Every warehouse have link to stock file, url to check or api and you can set if the wharehouse work dropshipment mode or add extra shipping costs... Store1 Stock : disponibility 2H Store2 Stock : disponibility 8H Warehouse1 Stock : disponibility 24H Warehouse2 Stock : disponibility 48H Supplier Warehouse Stock : disponibility 72H
  3. domiosc

    Shipping methods

    Please consider that some carriers charge a commission (% x amount) for cash on delivery.
  4. domiosc

    Payment methods

    It makes perfect sense when shipping depends on the method of payment. For example, for cash on delivery not all shipments are available...etc
  5. Yes, it is of interest, for file exchange between systems, for stock normally.
  6. domiosc

    Marketing features

    Please differentiate the specials from the campaigns. You can have rules for discount vouchers, so that it can be used x times, up to a certain time, once per user, up to a limit ... I do not know if it is from this area, but do not forget the price escalation quantity, the special prices per client and the groups of clients with their assigned rates.
  7. domiosc

    App Store or Add-on Store or...?

    Add-on, like before 🤗
  8. domiosc

    Multiple Sales Channels

    If we have different configurable front-ends, We can use it for commercial agents or B2B sales? for example
  9. domiosc

    Translations

    I can help with Spanish
  10. domiosc

    New management and osCommerce v4

    Sounds great, let's hope that so was and it is worth starting over again, time will tell if the goal is to market with increasingly higher costs or to maintain the spirit of open source with added services. Hopefully they will attend to all the requests that we have made these years and take a turn towards an erp ecommerce with all the fields, functionalities and automated processes necessary for today's business. All this does not mean that we continue to support Phoenix, I hope Oscommerce support too maintaining forum post and apps.
  11. I do not remember where, but years ago there was a payment addon for conversions that allowed to show the complete information, both by grouping or packaging at the same time as converting the unit and the price. For example, linear meters with a price per square meter, as you defined the combination. I could even make height x width x depth to calculate areas, also with weights, for example price per kilo, sale per grams or units ... In the end what did was an equivalent conversion and displayed the information for both units of measurement allowing you to use the one you define, by setting minimums, maximums and multiples. It was used for sale in bulk and to cut. I don't know if it will still exist but somebody remembers which one I mean.
  12. domiosc

    Header Tags SEO

    Please add social icon for whatsapp
  13. The hosting company say is all secure... and the vulnerable is the website... Index.php modify and copy to random folders: The .ico file: And random files name with 8 letter.php type : Each time the names are different and the routes are random, but the same procedure. after a simple scan I got this recomendations:
  14. I belive this is the sequence, because is repeat various times, I confirm next time inyect files: 65.254.39.186 - - [07/Jun/2020:16:27:13 +0200] GET / HTTP/1.0 302 220 - - 65.254.39.186 - - [07/Jun/2020:16:27:14 +0200] GET / HTTP/1.0 403 12 - - 65.254.39.186 - - [07/Jun/2020:16:27:14 +0200] GET / HTTP/1.0 302 220 - - 65.254.39.186 - - [07/Jun/2020:16:27:15 +0200] GET / HTTP/1.0 403 12 - - 65.254.39.186 - - [07/Jun/2020:16:27:15 +0200] GET /user/ HTTP/1.0 302 229 - - 65.254.39.186 - - [07/Jun/2020:16:27:16 +0200] GET /user/ HTTP/1.0 403 211 - - 65.254.39.186 - - [07/Jun/2020:16:27:16 +0200] GET /user/login.php HTTP/1.0 302 238 - - 65.254.39.186 - - [07/Jun/2020:16:27:17 +0200] GET /user/login.php HTTP/1.0 403 220 - - 65.254.39.186 - - [07/Jun/2020:16:27:17 +0200] GET /user/mail.php/login.php?fooled HTTP/1.0 302 254 - - 65.254.39.186 - - [07/Jun/2020:16:27:18 +0200] GET /user/mail.php/login.php?fooled HTTP/1.0 403 229 - - 65.254.39.186 - - [07/Jun/2020:16:27:18 +0200] GET /user/includes/local/README HTTP/1.0 302 250 - - 65.254.39.186 - - [07/Jun/2020:16:27:19 +0200] GET /user/includes/local/README HTTP/1.0 403 232 - - 65.254.39.186 - - [07/Jun/2020:16:27:19 +0200] GET /images/ HTTP/1.0 302 227 - - 65.254.39.186 - - [07/Jun/2020:16:27:19 +0200] GET /images/ HTTP/1.0 403 209 - - 65.254.39.186 - - [07/Jun/2020:16:27:20 +0200] GET /images/ HTTP/1.0 302 227 - - 65.254.39.186 - - [07/Jun/2020:16:27:20 +0200] GET /images/ HTTP/1.0 403 209 - - 65.254.39.186 - - [07/Jun/2020:16:27:21 +0200] GET /includes/header.php HTTP/1.0 403 221 - - 65.254.39.186 - - [07/Jun/2020:16:27:21 +0200] GET /advanced_search_result.php?keywords=%25%25&search_in_description=1&submit=Search&categories_id=98&inc_subcat=1&manufacturers_id=&pfrom=&pto=1e309&dfrom=&dto= HTTP/1.0 302 413 - - 65.254.39.186 - - [07/Jun/2020:16:27:21 +0200] GET /advanced_search_result.php?keywords=%25%25&search_in_description=1&submit=Search&categories_id=98&inc_subcat=1&manufacturers_id=&pfrom=&pto=1e309&dfrom=&dto= HTTP/1.0 403 228 - - 65.254.39.186 - - [07/Jun/2020:16:27:22 +0200] GET /advanced_search_result.php?keywords=%25%25&search_in_description=1&submit=Search&categories_id=98&inc_subcat=1&manufacturers_id=&pfrom=&pto=1e309&dfrom=&dto= HTTP/1.0 302 413 - - 65.254.39.186 - - [07/Jun/2020:16:27:22 +0200] GET /advanced_search_result.php?keywords=%25%25&search_in_description=1&submit=Search&categories_id=98&inc_subcat=1&manufacturers_id=&pfrom=&pto=1e309&dfrom=&dto= HTTP/1.0 403 228 - - 65.254.39.186 - - [07/Jun/2020:16:27:22 +0200] GET /robots.txt HTTP/1.0 302 230 - - 65.254.39.186 - - [07/Jun/2020:16:27:23 +0200] GET /robots.txt HTTP/1.0 403 212 - - 65.254.39.186 - - [07/Jun/2020:16:27:23 +0200] GET /robots.txt HTTP/1.0 302 230 - - 65.254.39.186 - - [07/Jun/2020:16:27:24 +0200] GET /robots.txt HTTP/1.0 403 212 - - I change my username for user, it seems that the log is cut, but if use this query get with advanced_search_result.php: 1054 - Unknown column 'INF' in 'where clause' select count(distinct p.products_id) as total from products p left join manufacturers m using(manufacturers_id) left join specials s on p.products_id = s.products_id left join tax_rates tr on p.products_tax_class_id = tr.tax_class_id left join zones_to_geo_zones gz on tr.tax_zone_id = gz.geo_zone_id and (gz.zone_country_id is null or gz.zone_country_id = '0' or gz.zone_country_id = '195') and (gz.zone_id is null or gz.zone_id = '0' or gz.zone_id = '3479'), products_description pd, categories c, products_to_categories p2c where p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '3' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and (p2c.categories_id = '98') and ((pd.products_seo_keywords LIKE '%%%%' OR pd.products_name like '%%%%' or p.products_model like '%%%%' or m.manufacturers_name like '%%%%' or pd.products_description like '%%%%') ) and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) <= INF) I don't remember where, I think in phoenix club, someone already commented something about this search ?keywords=%25%25 It may not be this, for the moment I have only blocked the ip, if the same happens from another ip ... I will try to delete advanced_search_result.php
  15. The files are injected, I think there is some vulnerable version 2.2 old file, because this osc is update from 2.2 to phoenix. Surely I will have to do a new installation if I do not find the file is affected, I will be checking the access logs and error logs to see if it gives me any clues.
×