Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

1 Follower

About ShopAdminNL

Profile Information

  • Real Name
  1. Live testing seems to work fine. After completing the Paypal payment the customer returns to the shop automatically. One more question, hopefully someone's got the answer: When the shop redirects the customer to the Paypal Standard (https) page it shows a little overview of the ordered items and desired shipping method. But unfortunately I see my Paypal name there instead of the shop's name. Also the quit and return link is shows as "stop and return to instead of the shop's name. Is there any way to change this? I've been searching through the Paypal account settings but couldn't find it....
  2. No worries, got this one working like a charm now! Thanks for the contri :thumbsup: I made some little twists to make it work: - changed the file names of IP_Trapped and Whitelist without caps and set chmod permissions for ip_trapped to 664 - in .htaccess in the /banned/ directory I wrote some extra security like: <Files .htaccess> order allow,deny deny from all </Files> <Files ip_trapped.txt> order allow,deny deny from all </Files> <Files whitelist.txt> order allow,deny deny from all </Files> - added 999.999.999.9999 to the cleared whitelist (what were those IPs doing there?), otherwise my own IP wouldn't get recognized (I think because of a lack of an hard Enter in the list) Now I've got this working all I have left to do is change the folder name /personal/ to /admin/ and alter this in my robot.txt
  3. I am about to install this addon to my osc 2.3.1 webshop, but there's a question I have; Could it be that search engines and/or crawlers IP addresses are also getting banned when indexing my page? I'm about to go live and announce it to some search engines, but ofcourse I would not have things like Google be banned from my site ;) And also, why are there a ton of IP addresses in the whitelist.txt already in the version I just downloaded? And one more thing about the install.txt from the addon, I see this: @@@@@@@@@@@@@@@@@@@@@@@@@@@ If you want to prevent snoopers from viewing your files in banned folder add the following to your .HTACCESS file Trap those bots and snoopers! ----------------------------- But there's no text or anything there to put in my .htaccess
  4. Hopefully this thread is still being watched ;) I've installed VTS 1.0.13 on my osc 2.3.1 and it works right out the box! Thanks! But, when I run some scans I found a lot of eval() and iframe warnings. I didn't expect so much, since it is a fairly fresh install with not that much addons yet. When looking at some of the code I think most (perhaps all) is standard programming. Maybe you guys can help me investigate some of the code? For example, public_html/shop/includes/functions/general.php has: $fmt = $address_format['format']; eval("\$address = \"$fmt\";"); Is this a correct use of the eval item? And is it also common used in .js? I see some warnings for ext/jquery/fancybox/jquery.. and ext/jquery/ui/jquery.. Also with the other scan option I found some like: shop/includes/modules/payment/authorizenet_cc_aim.php...SUSPECTED (shell execution) This goes for a few more payment options, which I don't use within my osc install. Is it safe to delete those files? Or are they no threat at all?
  5. Last night I changed the admin's folder name, also made the change in configure.php and .htaccess, all runs well right now! Also set permissions of the two configure.php to 444. Step-by-step getting closer to a well-secured osc install ;) Now I have an additional question, my shop is not installed in the root, but in a subdir called something like root/webshop/ Do I need to secure the root directory extra somehow? There are just a few files there, like 404.shtml (also 400, 401, 500 and so on), an index.html (for my start page before entering the shop), some images for index.html, a google-site-verification html and a robot.txt, no .htaccess though.
  6. I'm a little bit of a newby with osc 2.3.1, so I have a few security questions. About '5. Rename /admin/ and htpasswd it' : So is it enough to just rename the /admin/ directory name, and put this new name into the configure.php file within this new admin directory /includes/ ? Or are there more places to set the new admin directory name? Also, my configure.php files (both in catalog and in admin) are set to 644 in stead of 444, should I change this immediately? About '6. Remove references to (newly renamed) admin area in outgoing emails' : I have tried to find out where in the emails this directory is mentioned, but no matter what I try, I can't see a reference to the admin directory. I've looked to the email's source with an OSX mail client. Is this issue still active in 2.3.1? But what I do see is something like; (envelope-from <>) which contains my FTP login name. Can this be a vulnerability? Some things I do have already are: - .htaccess files in most directories - .htpasswd_osc file in the admin dir (but rights set to 664 because the rest is giving errors) - adding "if (strpos($_SERVER['REQUEST_URI'], ".php/login.php") !== false) something something" to application_top.php in the admin dir - set all directories to 755 instead of 777 - made sure the $PHP_SELF fix from this topic is added Besides some IP / anti brute force filtering, what more can I secure??
  7. Thanks! So it disables the whole shipping module (mzmt) then. In that case I would have to use another module, especially for the mailbox shipment below a certain weight. Will have a try with this! Thanks again.
  8. Hi, did you somehow manage to get this extra option to work? I'm struggling with the same problem... I use mzmt with 3 Geozones now and it works quite okay. The only thing is, I have a few items which would fit in a mail slot or box so I used weight to give those a lower shipping fee (for one Geozone now, the others are based on count). But, when it gets to the size of a proper package (weight above xxx) I would like to have only package shipment available. Is this possible??
  9. I have the same problem, the order emails only send when the customer goes back to the shop after payment, but that is optional at the PayPal website. The customer could also click the link for his Paypal account... in that case no order emails will be send. I have the automatic return option set to Yes in the paypal properties.
  10. After a PayPal payment I see the order has a new status, with a little comment like: "PayPal IPN Verified [Pending (Verified; €15,70); paymentreview]" Why is there € and not the Euro symbol? All other pages do show the correct symbol... I don't know how to fix this (besides manually in the database)
  11. Okay, but what I see in test is that the e-mail regarding the order details is only sent when the return link is clicked after paypal payment. Without that the only mails going around are the paypal e-mails. I would also like to send the order e-mail automatically (including a copy to myself).
  12. Hi, I also installed the PayPal Standard Website Payments module in my osc 2.3.1 shop. I got it all figured out so far, payments through sandbox are going okay, but I still have one issue: After completing payment the PayPal website doesn't return to my shop url automatically. The buyer has 2 options; return to the shop (needed for confirmation e-mails and close the order) or he can choose to go to his PayPal account. This last option will propably cause the order never to be completed (checkout_process.php / checkout_success.php will never be reached). And yes, I did setup a callback url (checkout_process.php) in my Paypal preferences... how to make sure the buyer will be redirected to the shop after payment?? (these tests are done in sandbox)