Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Can't add products to block after moving to new host Rate Topic   - - - - -

 
  • cuisibella
  • Junior Member
  • Members
  • Join Date: 09-Jul 10
  • 6 posts

Posted 19 January 2011 - 03:00 PM #1

Hi there,

I need help on that one, can't figure it out.

I recently moved my store to a new host following the procedure found on the CS-Cart website. I did a fresh install then uploaded my database and copied the existing files over the new ones. Set permissions according to CS-Cart.

Everything went fine except 2 problems. I can't add products to blocks, the popup to choose products don't load and I get 'Permission denied' on the file picker.js
This file already have the permission 755. All folders have permissions 755. var, skins, images, catalog folders, subfolders and files have 777 permissions.

I also frequently get logged out for no reason on the admin side. On the customer side, if I had a product in cart and click checkout, cart come empty...if i do it a second time, item stay in cart.

I don't know if it is related but I installed the cart in a subfolder instead of the root directory in the previous install.


Thanks for your help!

 
  • cuisibella
  • Junior Member
  • Members
  • Join Date: 09-Jul 10
  • 6 posts

Posted 19 January 2011 - 09:41 PM #2

Ok, I fixed the second problem by moving the store to the root folder. Probably something to do with the URL rewrite in .htaccess.

Still can't find a solution for the first problem... any idea?

 
  • cuisibella
  • Junior Member
  • Members
  • Join Date: 09-Jul 10
  • 6 posts

Posted 19 January 2011 - 11:11 PM #3

Fixed! For those interested, problem was with mod_security PHP module.

 
  • buging
  • Member
  • Members
  • Join Date: 12-Jan 11
  • 332 posts

Posted 16 March 2011 - 02:48 AM #4

i think i'm having the same problem :sad:
can you share steps you took?

thanks!

 
  • Marticus
  • Member
  • Members
  • Join Date: 20-Jul 10
  • 63 posts

Posted 05 April 2011 - 10:53 AM #5

Yes likewise.
Any help would be much appreciated.

 
  • CS-Cart team
  • CS-Cart support team
  • Moderators
  • Join Date: 04-Apr 11
  • 3809 posts

Posted 05 April 2011 - 11:18 AM #6

Hello

Please try to check the Firewall settings on your server, disable the "Suhosin" module and the "mod_security" module in your PHP configuration, contact your server administrator about it.

Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation


 
  • Marticus
  • Member
  • Members
  • Join Date: 20-Jul 10
  • 63 posts

Posted 07 April 2011 - 08:56 AM #7

Isn't Mod_security rather vital to the security of the server?
Considering i have 10 sites hosted on this server i don't think removing a big chunk of server security is the best thing?

Is there maybe a more elegant solution that doesn't involve leaving the server open to possible attack?

 
  • CS-Cart team
  • CS-Cart support team
  • Moderators
  • Join Date: 04-Apr 11
  • 3809 posts

Posted 07 April 2011 - 10:15 AM #8

Hello Marticus,

Unfortunately, CS-Cart cannot work properly on the server with the "mod_security" and "Safe mode" modules enabled.

The mod_security feature scans all incoming posts for forbidden words or phrases that might indicate someone is trying to hack the system, and if any of them exist then Apache returns the 403 Forbidden error. Common phrases that tend to trigger mod_security include curl, wget, set, file, etc.

The enabled "mod_security" module can cause a problem when you submit any form (for example when you update profile fields information) that contains some inadmissible words like "curl", "perl", "set", etc. Mod_security responses to the data that comes from a page to the server and blocks these inadmissible words.

The words that can be blocked are different on different servers (it depends on the settings, that a server administrator sets up), so there is no ability to develop a uniform solution for this problem and the "mod_security" module should be disabled on the server for proper CS-Cart work.

Note, that CS-Cart is designed to meet the latest security requirements and one of such requirements is PCI compliance. Please refer to the following page of our website to learn more about this security standard:

https://www.cs-cart....compliance.html

Also, the following security means are supported in CS-Cart by default:
Full HTTPS/SSL support

Secure HTTPS/SSL administrative access

Secure HTTPS/SSL checkout, login and customer profile pages

Customer passwords are MD5 encrypted in database

Password-protected administrative access

CS-Cart is a secure software by itself if CS-Cart directories and files have correct permissions and there are default CS-Cart .htaccess files in the necessary directories.

You do not need to do anything special to make your CS-Cart store more secure but anyway you should follow general rules of web security - use complicated passwords, change them regularly, use anti-virus software, etc.

Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation


 
  • Marticus
  • Member
  • Members
  • Join Date: 20-Jul 10
  • 63 posts

Posted 07 April 2011 - 10:50 AM #9

Thanks for the reply

My Server admin has managed to resolved this. i think he went through and removed rules individually untill he found the right one. unfortunatelly i dont know what it was.

anyway all sorted for me.

Many thanks

 
  • CS-Cart team
  • CS-Cart support team
  • Moderators
  • Join Date: 04-Apr 11
  • 3809 posts

Posted 07 April 2011 - 11:07 AM #10

Thank you.

Sincerely yours, CS-Cart Support Team

 

User guide       |  Developer documentation  |  Core API documentation


 
  • Dean
  • Junior Member
  • Members
  • Join Date: 19-Jan 10
  • 14 posts

Posted 08 April 2011 - 02:14 PM #11

Hi,

We have also experienced this problem, and with the help of our hosts, United Hosting, we have been able to fix it. The rule ID's that we had whitelisted to clear this error were:

959007
950904
950906

Once these were done we could add products to our side blocks.

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 08 April 2011 - 02:50 PM #12

These rules should be disabled from the default mod_security ruleset

950006
959007
950904
950906
960032
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • Marticus
  • Member
  • Members
  • Join Date: 20-Jul 10
  • 63 posts

Posted 08 April 2011 - 03:13 PM #13

Thanks guys thats good to know!

 
  • quaxinvn
  • Junior Member
  • Members
  • Join Date: 22-Feb 11
  • 16 posts

Posted 20 July 2011 - 09:26 PM #14

For me, the solution was:

- Disable "Enable secure connection in the administration panel (SSL certificate is required to be installed on your server)" in General Settings. (I think this is the main fix, I would try this first).

- Having my hosting company disable these rules from the default mod_security ruleset: (this can be part of the fix but definitely NOT by itself the fix for me)

950006
959007
950904
950906
960032