Jump to content
Latest News: (loading..)
frankl

Time to get secure (if you haven't already)

Recommended Posts

@@Omar_one Not sure what version you are using but I have this in my template_top.php file....

 

<link rel="icon" type="image/x-icon" href="images/favicon.ico"/>

 

and I moved my favicon.ico to the images folder....at least I think that is what I did.

 

Dan

Share this post


Link to post
Share on other sites

@@Omar_one

 

@@Dan Cole

mysite.com based on oscommerce 2.2 rc2a

and testshop based on oscommerce 2.3 bs Edge

 

Did you add the link to template_top.php?

 

Dan

Share this post


Link to post
Share on other sites

@@Omar_one  If you use FireFox can you check with your inspector tool?  Other browsers probably have something similar.   If not, do you have a URL we can look at?

 

Dan

Share this post


Link to post
Share on other sites

thank you @@Dan Cole

adding the link on mysite.com/index.php fixed the problem ..

 until there  is some kind of  that link there for favicon.ico  .

and it was working before adding SSL ..

but i still have this one

Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol.

 

 

and still the same looking on search bar (the browser)

post-339096-0-03022500-1480003671_thumb.png
Edited by Omar_one

Share this post


Link to post
Share on other sites

@@Omar_one  I'm confused...if you are still seeing that error it's not working....what do you see in https://www.whynopadlock.com/

now.

 

Regarding the Poodle issue you need to take that up with your ISP.

 

Dan

Share this post


Link to post
Share on other sites

@@Omar_one

 

Omar, you need to contact your web hosting provider to fix that. If they won't fix it, change hosting provider.


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites

@@Omar_one  Also be sure to check the rest of your site...you might have other pages that link to insecure images or other content.

 

Dan

Share this post


Link to post
Share on other sites

I agree, Poodle has been out more than a year and SSLv3 should not be used at all.  It's a very quick fix for them to do, but it should have been done already.  You really want a server supporting TLS 1.2 at this point.  Most credit card processors won't even allow that connection level.  Some require only TLS 1.2.


I'm not really a dog.

Share this post


Link to post
Share on other sites

Actually, they should remove weak cyphers beyond just dissabling SSL V3.  If your host doesn't know how to do that stuff you really should consider a change. 


I'm not really a dog.

Share this post


Link to post
Share on other sites

@@John W   @@Dan Cole @@frankl Thank you for your help

I will  contact my web hosting provider to fix that..

 

there is something when I edit the config (catalog) the login not work so no orders

  define('HTTP_COOKIE_DOMAIN', '.www.mysite.com');
  define('HTTPS_COOKIE_DOMAIN', '.www.mysite.com');

but its working when i change it to

  define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
  define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');

:thumbsup:

Share this post


Link to post
Share on other sites

@@Omar_one  Interesting....mine is set like this....

 

  define('HTTP_COOKIE_DOMAIN', '');
  define('HTTPS_COOKIE_DOMAIN', '');

 

I have no idea what determines how it should be set, besides whether it works or not.

 

Dan

Share this post


Link to post
Share on other sites

@@Dan Cole

But now the testshop not working .... can't login to the admin just blank page ...

catalog the links not work good(category menu), And the in the product_info the product images not working good they are all big...

 

maybe because the testshop isn't in the root..maybe some change in .htaccess file will help?

Edited by Omar_one

Share this post


Link to post
Share on other sites

If I try to change the view list or categories menu navbar(where is more then one)  its redirecting the page to www.mysite.com/testshop/#

Share this post


Link to post
Share on other sites

@@Omar_one I had a problem like that recently with the modular navbar.  I uninstalled one of the dropdown list modules...ie currency or my account and reinstalled it....the problem when away....I don't know if that will work for you or not but it's an easy thing to try.

 

Dan

Share this post


Link to post
Share on other sites

I have hopefully updated my BS site. I already had an SSL certificate so changed all HTTP in both of the configure files to HTTPS.

 

I also added the redirect for the htaccess file as posted back in this thread.

 

I then created new sitemaps using the addon that I use, and then added these new sitemaps to google and bing webmaster tools after deleting the old ones.

 

My site loaded correctly but on testing showed a few errors about insecure images. I went through all the additional pages that I have added and changed all HTTP to HTTPS on internal links and images.

 

Now I appear to have a green padlock showing on every page of the site as far as I can see in firefox, chrome and edge. Not tried any others. I have created new accounts and new orders on those accounts and all seems to be working fine. Some of my sites back links also work from other sites so I can only assume that the redirect is working. You can also enter with or without the https and the site goes to the correct page.

 

Time will tell what impact the change has.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

@@14steve14 Those are the steps I would follow Steve...I think you'll be fine....let us know if you see a temporary drop in page ranking or not.

 

Dan

Share this post


Link to post
Share on other sites

@@Dan Cole

I can't fix it because I got blank page when I login to admin on the mysite.com/testshop/admin

 

maybe because the testshop isn't in the root..maybe some change in .htaccess file will help?

Edited by Omar_one

Share this post


Link to post
Share on other sites

@@Omar_one Search the forums here....I haven't had that problem but I remember reading/seeing a lot of posts about it.  It seemed to be a common issue for awhile.

 

Dan

Share this post


Link to post
Share on other sites

I have just had a customer ring me and say that when using Chrome there was an exclamation mark rather than a green padlock on a site that I changed to all HTTPS. As he talked me through what he was doing, the green padlock disappeared and changed to an exclamation mark when logged in. Clicking the exclamation mark led me to a page where I was told that there was mixed content.

 

I then looked at the page source and indeed there was a plain http This is the bit of code it is in

<div class="panel panel-default">
  <div class="panel-heading">Manufacturers</div>
  <div class="panel-body"><form name="manufacturers" action="http://www.mywebsite.com/index.php" method="get"><select name="manufacturers_id" onchange="this.form.submit();" size="1" style="width: 100%" class="form-control"><option value="" selected="selected">Please Select</option><option value="36">4Ground</option><option value="29">Albion Alloys</option><option value="31">Am-Tech</option><option value="14">Ancorton Models</option><option value="24">Antex</option><option value="10">Dapol</option><option value="28">DAS</option><option value="33">Elmer's Adhesives</option><option value="13">Expo tools</option><option value="35">Humbrol</option><option value="2">Javis</option><option value="25">Milliput</option><option value="7">Model Craft</option><option value="19">Other</option><option value="4">Plastruct</option><option value="32">Railwayscenics</option><option value="1">RS Electrics</option><option value="34">Seawhite</option><option value="17">Silverline</option><option value="12">South Eastern Fineca..</option><option value="23">Superquick</option><option value="6">Swann morton</option><option value="16">Toolzone</option><option value="27">Velleman</option><option value="5">X-Acto</option><option value="20">Xuron</option></select></form></div>
</div>

Now that is coming from the manufacturers box. When I disable the box the error goes away. This is only happening in Chrome.

 

Where is that link being pulled from as I cannot find any code in includes/modules/boxes/manufacturers.php or the template file, or the language file that may be creating this http link. Any help gratefully received.

 

I am using Bootstrap oscommerce.

Edited by 14steve14

REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×