Jump to content

gabrieluk's Content

There have been 73 items by gabrieluk (Search limited from 03-Apr 19)



Sort by                Order  

#66569 [solved] Possible Pay Pal Bug

Posted by gabrieluk on 10 January 2010 - 06:59 PM in Issues & Troubleshooting

I changed cert_key_pem.txt to api_certificate.pem.txt. Voila! Done!


Hi Roban,
could you provide a step by step how to fix this?as i use only paypal this is a must....
thanks



#66115 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 05 January 2010 - 12:54 PM in Web Hosting

Hello,





Is there someone here, in CS-Cart community, who heared / seen, or can testify or affirm any attempt (or the increasing) of hacking?

An user of CS-Cart?

An official of a hosting company?

An official support technician of CS-Cart?



Lee Li Pop


HI Pop's,
I think that Spiral is the person that knows what is going on.He is an expert in security,AND HE KNOWS,the vulnerabilities.I was looking his threads and you can see that he has knowledge.I think the point here is how to produce this patch to cover vulnerabilities as soon as we can!!!!OTHERWISE i think i will be forced from my host to REMOVE cs cart or update it,as i'm putting the security of my whole server at risk,using SP4.as i DON'T WANT TO UPGRADE(as others,i belive) the solution will be only one.change ecommerce software(thing that i don't want to do either,as i love Cs cart)



#66082 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 05 January 2010 - 02:12 AM in Web Hosting

hello,
i was so curious to understand the relation of this vulnerabilities with the hosting provider,that i wrote a thread in the forums of my provider.For a reason of privacy i wont reveal the name of my host
"my host" vs CyberLNC
hi there,
i have an ecommerce software in my account,Cs Cart.I use an older version of the software,as it is the best version.Some concerns about security have been risen in CS forums.They said CyberLNC is a very good host provider,wich has it's own security measures,so the host itself blocks the lack of security from the software.My question is if "my host" is at the same level of security as CyberLNC.
I went to their website and i found this:
* Highly Secure RedHat Linux Servers
* Hardware Firewalls
* Cisco Guard DDOS Protection
* Tipping Point IPS/IDS Protection
* Multiple Internet Backbone Connections
* Gigabit Speeds from Server to Internet
* Geographically Redundant DNS
* Multiple Client Backup Solutions


ANSWER:
"Going by the information on the website, yes. Software/script wise we run a highly tweaked installation of mod_security across all of our shared servers. This blocks out a large number of attacks but obviously, not all. If there was such a solution exploited scripts would be a thing of the past.

Running out of date/vulnerable scripts on a shared web server is not acceptable. You are putting every other customer on that server at risk. If you site is exploited it could be used to attack other servers, host phishing pages, send huge volumes of spam email etc. The result would likely be poor peformance or downtime for other users on the server."

"It is also worth noting that cyberlnc use Softlayer as their provider. This means all of the servers, hardware firewall, DoS mitigation devices etc are not actually owned, managed or directly accessible by them"



#66224 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 06 January 2010 - 02:38 AM in Web Hosting

In the grand scheme of things, the security issues with CS-Cart 1.3.5 is not really that significant!

Hi Spiral,
I tought i like the things you said ,but nowwwww it's too much.
This is NOT what you told me in another thread!!!!!WTF
Who has brains now?hun?you?



#66247 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 06 January 2010 - 09:33 AM in Web Hosting

I'm feed up,this is(hopefully) my last post in this thread.Cs cart sp4 is a good'n old GOLDEN PIECE OF CODE.I think i have brains,and it's not for coincidence that many people here stick with the past(especially brainless developers like me....).
Conclusion:
The FALSE ALARM is nothing more than A MARKETING STRATEGY TO PERSUADE PEOPLE TO SIGN UP WITH A "SAFE" HOST PROVIDER.
Is all i got to say....(but i think all the brainless people got that anyway!!!)



#66808 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 13 January 2010 - 02:20 PM in Web Hosting

You mean................:rolleyes:

Attached Thumbnails

  • Noman vs Spiral.jpg



#66012 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 04 January 2010 - 11:09 AM in Web Hosting

Spiral, you have made the above statement with nothing to back up your claim that CS 1.3.5 sp4 has a "number of unresolved security vulnerabilities". Please help us out. What are these security issues so I can work to get them resolved? I'm sure others in the community would love to know what they are too. This way we can all work to get them resolved.

I am sorry to say that at this point I just am not convinced that CS 2.? is the answer...at least quite yet. I hope to try out 2.11 soon on a new site, but still will not try it on one of our traffic sites yet. So basically, I plan to keep 1.3.5 sp4 until at least 2011 on a couple of our sites. I have already invested quite a bit in our current sites and do not want to blow that all out of the water for a version that seems to be on continuous "beta" test. So if there are security issues I want to work to get them resolved.

Amen:rolleyes:



#66202 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 06 January 2010 - 12:17 AM in Web Hosting

Spiral,

No offence dude, but still nothing from you so, I will just ignore any result of your security scanning and hundreds of words regarding 1.3.5 SP4.

Make some effort and read your lines below and stop changing words to make things softer. Empty statements...

What you just described is the automatic default alert message generated from one of my own security scanning applications...

Incidentally, CS-Cart 1.3.5-SP4 is one that does indeed have a number of unresolved security vulnerabilities ...

...upgrading would be a good move

I have personally witnessed, at different web hosts, over 50 sites hijacked and all used as spam servers for no other reason than they each were running CS-Cart 1.3.5-SP4 ...

Another 27, also running the same version, got their customer credit card data or other information stolen as well by injected code modifications...

and there is a URL reference in the major public security advisory databases...
I have personally seen a large number of sites on CS 1.3.5 SP4 hacked...

YES, 1.3.5 SP4 does indeed have some very major security problems ...

1.3.5 sp4 in and of itself but you will need to make a number of modifications to deal with several poorly written code areas that are now being activity exploited heavily ...

I have observed how this has been exploited has either to be utilize the CS-Cart program as a spam distribution relays...

I have also located all the areas of code that are currently being exploited by hackers ...


I saw Elvis...

Spiral could be a good politic,SPIRAL FOR PRESIDENT!!!!!!!(he knows how to adapt sentences...)HURAYYYYYYYY!!!!!!!!!!!!!!!!!!
(sorry guys ,the pressure is getting into my nerves....let's break the ice...)
:mad: :( :) :D



#65986 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 03 January 2010 - 11:39 PM in Web Hosting

regardless if you use it, the addon should be removed ;)

Please can anyone point the right way to get rid of this addon?
Thanks in advance



#68935 Seo add on not working

Posted by gabrieluk on 31 January 2010 - 08:51 AM in SEO

Hi,
i'm trying to turn on sef url's.My server has mode_rewrite on,i set up everything correct in the admin,updated.There's the default .htacess in my cs folder(/shop).
I tried to comment out "RewriteBase",it didn't work.I tried RewriteBase /shop,but it also does not work.I tried also RewriteBase http://mydomain.com/shop but i got an error 500...
Any tips what is going on?



#69381 Setting up SEO

Posted by gabrieluk on 04 February 2010 - 02:13 AM in SEO

hi,
i want to turn on seo addon,but i don't know why is not working.I read all this thread several times,knowledge base and threads related to .htacess also.I need some advanced advice please....everything check.mod_rewrite On,cs cart and .htacess in the /shop folder,htacess modified to RewriteBase /shop.
this is my .htacess

DirectoryIndex index.html index.php

<IfModule mod_rewrite.c>
RewriteEngine on
# Some hostings require RewriteBase to be uncommented
# Example:
# Your store url is http://www.yourcompany.com/store/cart
# So "RewriteBase" should be:
# RewriteBase /store/cart
RewriteBase /shop
RewriteCond %{REQUEST_FILENAME} !\.(png|gif|ico|swf|jpe?g|js|css)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php?sef_rewrite=1 [L,QSA]

RewriteCond %{REQUEST_FILENAME} .*\/catalog\/.*
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteRule . index.php?sef_rewrite=1 [L,QSA]

</IfModule>

note that in the root folder (public_html/) there's a joomla install wich is running sef url's with no problems.Also i contacted my host and they said the only place i could get help was with the software developers...

Copy of .htacess in the root folder:

# @version $Id: htaccess.txt 13415 2009-11-03 15:53:25Z ian $
# @package Joomla
# @copyright Copyright © 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##

#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

#
# mod_rewrite in use

RewriteEngine on
AuthUserFile "/home/funkyshe/.htpasswds/public_html/passwd"
AuthName "We are updating the shop,please come back tomorrow.Sorry for any inconvenience"
RewriteCond %{HTTP_HOST} ^funky-sheila\.co.uk
RewriteRule (.*) http://www.funky-sheila.co.uk/$1 [R=301,L]

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode **** to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)

# RewriteBase /

########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section
Any tips?:rolleyes:



#69500 Setting up SEO

Posted by gabrieluk on 04 February 2010 - 08:47 PM in SEO

Hi,
I just used as a sub folder,not sub domain...
I just created a sub domain now for the folder shop(www.shop.mydomain.com) to try your suggestion,but i'm having some problems regarding the sub domain.... for some reason dysplays like this now

Do you know wich changes should be done in config.php to set up cs for the sub domain?
I did this:
// Host and directory where cs-cart is installed on usual server
$cscart_http_host = 'www.shop.funky-sheila.co.uk';
$cscart_http_dir = '/';
should i have to modify here also: $db_host = 'localhost'; ?
I don't know if i have to change something in DB as well.
Thanks for the tips...sef might work now...
---------------------------------------------------------------
edit:
i just reverted the changes,as i don't know what could happen with google's index.The error was like,i think,a .htcacess sef rewrite issue.
you know when it doesn't display images?just links see screen shoot

Attached Thumbnails

  • shopsubdomain.jpg



#69604 Setting up SEO

Posted by gabrieluk on 05 February 2010 - 03:08 PM in SEO

hi Indy,
thanks a bunch,it works now!it was just the "/"

but there's 2 things i don't understand...why you said is WRONG to make the folder and AFTER asign a sub domain for that folder,if it works?

the folder containing the sub domain,/shop ,is still acessible,altough it displays now with the "/" error.Correct me if i'm wrong.Any sub domain created via cpanel,example:
www.shop.mydomain.com can be acessed trough it's own folder www.mydomain/shop?!?!?!?!?!!?or i have this folder acessible just for the fact i created first the folder and after the sub domain?:P



#69611 Setting up SEO

Posted by gabrieluk on 05 February 2010 - 03:35 PM in SEO

Also,do you know about cannonical urls for the sub domain....
should i redirect shop.funky-sheila.co.uk to www.shop.funky-sheila.co.uk ?

thanks for the help



#65576 site hacked

Posted by gabrieluk on 30 December 2009 - 01:37 AM in v1.x Security

I run my site in the -------- servers,using 644 for files and 755 for all folders...I just downloaded Security Update CS-20080901from the files section in the help desk,and i read all the forums regarding security.One post that called my attention was http://forum.cs-cart...ead.php?t=14197
apart that,i couldn't see any other major vulnerability...Am I wrong CS experts?(even because i know many cs customers are using sp4)And if i would consider the rewriting proposed and extra security layer,how much it would cost ?and it would be enough to cover major vulnerabilities?



#65573 site hacked

Posted by gabrieluk on 30 December 2009 - 12:09 AM in v1.x Security

hi,
i have a cs cart that was hacked.i found a strange folder in cpanel file manager.I would like to know if there's any exploits for the version 1.3.5 sp4 that i should manually fix.`thanks for any help,as i have to put the shop back on again but i'm concerned.
thanks



#63977 site not loading

Posted by gabrieluk on 12 December 2009 - 01:42 AM in General Questions

now is loading...i realize that i observed this before,it looks like it comes and goes...maybe a server problem?any clues that could cause this "loading problem" combined with not loading the live help ?



#63972 site not loading

Posted by gabrieluk on 12 December 2009 - 01:20 AM in General Questions

hi there,
the site was working fine,till something happen.I don't know why ,the site doesn't fully load,and the image of the live help is not loading as well.
link to the issue
www.funky-sheila.co.uk/shop



#64133 site not loading

Posted by gabrieluk on 13 December 2009 - 11:01 PM in General Questions

i think is just a problem with my connection,someone told me that
Tel/WiFi tends to get cached at the gateway, so it could be the connection or the gateway or both........
i'm using a three mobile 3g usb stick pay as you go



#64026 site not loading

Posted by gabrieluk on 12 December 2009 - 01:13 PM in General Questions

You notice the same issue in your website?



#68055 thunbnail image

Posted by gabrieluk on 25 January 2010 - 01:18 AM in General Questions

hi there,
i'm a bit confused.....there's 3 pictures about a product:
the very small one,that you find first.After clicking in the product,you have a second picture a little bigger inside the product description itself.And then,you have the third one,that you have when you "click to enlarge".
Wich one is considered the thunbnail the first or second?Also i don't know if the detailed image is the second or the third image?:confused:



#75103 thunbnail image

Posted by gabrieluk on 21 March 2010 - 02:15 AM in General Questions

i got it.the thunb created in the category page is automatically created when updating from a csv file



#65821 We do not want 2.0.10...

Posted by gabrieluk on 02 January 2010 - 12:07 AM in General Questions

YEP! We will stay put with 1.3.5 sp4 until 2 has all the "bugs" worked out. The problem is CS keeps coming out with so many changes that they appear to never fix bugs from previous releases. I had considered upgrading the first quarter of next year, but I'm just not sold on CS2 being ready for rookies like myself to battle through it.

Hi Clips,
I agree with you.Is best to have an older version of software ,but that actually works,no fancy java,smarties...blablabla.Windows XP is a good example of an stable,older software.
I would like to share with you the only concern i have about 1.3.5 sp4:SECURITY.Are you in to it?Because i'm not.I think the only danger of using SP4 is vulnerabilities.Please let me know what u are doing in your shop about SECURITY.Also,i would like to propose to CS to call ALL 2.0 versions as BETA(testing in progress),and the other would be give REAL VALUE for the golden piece of code that sp4 IS.Please create a list with all the security fixes for this version,as it is the only one that actually works flaweslly.