Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

1 Follower

Profile Information

  • Real Name
  • Gender
  • Location
    Suffolk England
  • Website

Recent Profile Visitors

18,665 profile views
  1. mhsuffolk

    Help with Worldpay

    In includes/modules/payment/rbsworldpay_hosted.php find line 36 approx if ( MODULE_PAYMENT_RBSWORLDPAY_HOSTED_TESTMODE == 'True' ) { $this->form_action_url = 'https://secure-test.worldpay.com/wcc/purchase'; } else { $this->form_action_url = 'https://secure.worldpay.com/wcc/purchase'; Change the bottom URL keeping it between the ' ' to the new one supplied by worldpay. The top one is the test site, have they supplied one for that?
  2. PayPal is OK for the larger trader as the rates drop down. My website would fall into PayPal's 2.9% rate and during quiet times 3.4%. I use Stripe at 1.4%, which is a significant difference. That is my problem with PayPal. Small traders are penalised heavily.
  3. " It seeks to open up payment markets to new entrants leading to more competition, greater choice and better prices for consumers." Tell PayPal that then and see if they can become competitive. This is another example of unelected bureaucrats imposing their will on EU countries, look at GPDR and the cookie regulations if you want other examples.
  4. By September 2019, EU and UK banks will be requiring a secondary password check by mobile phone for online transactions over £27 or 30 euro. Whilst accepting the fact that probably the majority of transactions are performed using a mobile, there are many millions that are not. If you live, or are in, a poor or no signal area then you are stuffed. Appallingly the suggested alternative is to use PayPal! Another chance for their extortionate fees and kangaroo court mentality to cripple a small business. This impacts all EU online traders and will probably come to the US eventually. Further details in this news article. BBC News Article
  5. mhsuffolk

    PCI Report Shows Issues

    You are correct, it was for IIS. Is this for linux .htaccess? ------------------------------------------------------------------- To configure nginx to send the X-Frame-Options header, add this either to your http, server or location configuration: add_header X-Frame-Options sameorigin;
  6. mhsuffolk

    PCI Report Shows Issues

    What confuses me is that they have 1.2 but 1.0 and 1.1 are still listed in server info. When I run a test in ssllabs only 1.2 is detected but Security metrics detected all 3 versions
  7. mhsuffolk

    PCI Report Shows Issues

    Thanks for that. I have also found this on developer.mozilla.org. Could it be used in template_top? "To configure IIS to send the X-Frame-Options header, add this to your site's Web.config file: " <system.webServer> ... <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="sameorigin" /> </customHeaders> </httpProtocol> ... </system.webServer>
  8. mhsuffolk

    PCI Report Shows Issues

    I have had a read and cannot decide where the remedy should go. Can something be added to template_top.php so the whole site is covered?
  9. mhsuffolk

    PCI Report Shows Issues

    CE Frozen on PHP 7.2 I have just had a PCI scan by Security Metrics. It has identified four main issues. I feel that items 1 to 3 are an issue with my host but I think 4 may be OSC. May I have a second opinion please before I contact my hosting company. 1. ISC BIND 9.x.x < 9.9.10-P1 / 9.10.x < 9.10.5-P1 / 9.11.x < 9.11.1-P1 Multiple Vulnerabilities Resolution: Upgrade to ISC BIND version 9.9.10-P1 / 9.9.10-S2 / 9.10.5-P1 / 9.10.5- S2 / 9.11.1-P1 or later. Note that BIND 9 versions 9.9.10-S2 and 9.10.5- S2 are available exclusively for eligible ISC Support customers. Data Received: Installed version : 9.9.4-RedHat-9.9.4-61.el7_5.1 Fixed version : 9.9.10-P1 ------------------------------------------------------------------- 2. TLS Version 1.0 Protocol Detection (PCI DSS) Resolution: All processing and third party entities - including Acquirers, Processors, Gateways and Service Providers must provide a TLS 1.1 or greater service offering by June 2016. All processing and third party entities must cutover to a secure version of TLS (as defined by NIST) effective June 2018. Data Received: TLSv1 is enabled on port 2087 and the server supports at least one cipher. (Note, the server has TLS 1.2 and Stripe , which will only work with 1.2, is fine but both 1.0 and 1.1 are also listed in server info. ------------------------------------------------------------------------ 3. Weak DH Key Exchange Supported (PCI DSS) Resolution: Consult the software's manual and reconfigure the service to use at least 2048-bit DH parameters. Alternatively, disable DH and use only Ellipticcurve Diffie-Hellman (ECDH) instead. --------------------------------------------------------------------------- 4. Web Application Potentially Vulnerable to Clickjacking Resolution: Return the X-Frame-Options or Content-Security-Policy (with the 'frameancestors' directive) HTTP header with the page's response. This prevents the page's content from being rendered by another site when using the frame or iframe HTML tags. Data Received: The following pages do not use a clickjacking mitigation response header and contain a clickable event. Followed by a long list of affected pages encompassing several products, categories and even login.php but by no means all my products.
  10. Checked back in the logs and it was AhrefsBot. I have found various on line opinions as whether to allow or not. Any thoughts?
  11. Just bin PayPal, Amazon does not use it and they manage quite well! PP are just too expensive for a small trader, I use Stripe instead now, no appreciable change in sales.Customers who always used PP now use Stripe and I gain 2%
  12. Thank you, I will do that but why has it suddenly appeared? The shop has been running since 23rd September and it is not until 11th November that I get an error. I have just realised, that file is part of the Store Mode addon that I have, but I have not invoked it for weeks???
  13. mhsuffolk


    Update to verbose . Have made your suggested change and all appears OK now.
  14. My CE Frozen site has been running on PHP 7.2 for several weeks. I have just spotted these in the error log. I have changed nothing, has something unusual run? [11-Nov-2018 19:57:12 Europe/London] PHP Warning: Use of undefined constant DIR_WS_LANGUAGES - assumed 'DIR_WS_LANGUAGES' (this will throw an Error in a future version of PHP) in /home/*****/public_html/index_maintenance.php on line 15 [11-Nov-2018 19:57:12 Europe/London] PHP Warning: require(DIR_WS_LANGUAGESenglish/index_maintenance.php): failed to open stream: No such file or directory in /home/*****/public_html/index_maintenance.php on line 15 [11-Nov-2018 19:57:12 Europe/London] PHP Warning: require(DIR_WS_LANGUAGESenglish/index_maintenance.php): failed to open stream: No such file or directory in /home/*****/public_html/index_maintenance.php on line 15 [11-Nov-2018 19:57:12 Europe/London] PHP Fatal error: require(): Failed opening required 'DIR_WS_LANGUAGESenglish/index_maintenance.php' (include_path='.:/opt/alt/php72/usr/share/pear') in /home/*****/public_html/index_maintenance.php on line 15
  15. Short of trawling through all the files on Github, is there a set of instructions somewhere to identify which files have changed, or is it easier to download a complete current Edge and do a global file compare in Meld or Winmerge.