Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


keat last won the day on October 12 2019

keat had the most liked content!

Community Reputation

23 Excellent


Profile Information

  • Gender
  • Location
    Leeds UK

Recent Profile Visitors

7,390 profile views
  1. What version are your running. I found this, which relates to custom_oid missing, not sure if it's related. https://forums.cubecart.com/topic/53991-database-error-message-in-admin/https://forums.cubecart.com/topic/53991-database-error-message-in-admin/
  2. How did you get on with your WAF ? I use CSF firewall, along with OWASP and Comodo Mod security, and was still seeing these. Not seen any for a month though now, maybe they went away :-)
  3. I raised this maybe 2 years ago. There is something not quite right with gift cards. I don't recall exactly what, but something along the lines that the person buying the gift card is charged VAT, and then the customer spending the gift card is also charged VAT. Or maybe the customer buys a gift card, is charged VAT, and the spending value is now reduced. eg: £20 gift voucher bought, but the spending value is reduced to £16.00 due to the vat portion. The recipient, comes to spend his £16.00 and is charged VAT on top. Like I say, I don't recall exactly what the problem was, but it was enough for me to not bother implimenting it. It needs some experimentation and looking at.
  4. keat

    PHP functions

    As far as I'm aware, this has to be done at server level using php ini editor, and adding the line ' disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open ' Whether or not one can do this at a user level, I'm not sure. ?? As for creating dangerous functions. I guess when PHP was being developed, these functions were not considered dangerous, but over the years, as software develops, and hackers learn of work arounds and vulnerabilities, software becomes less safe. Windows 7 a prime example. Incidentally, these functions are not CubeCart functions, these are PHP server software functions. I disabled these in my PHP. ini, and up to press I've seen no problems with functionality.
  5. Security advisor on my server suggests: You should consider disabling commonly abused php functions, e.g.: disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list: Are all these safe to remove as far as Cubecart V6 goes.
  6. I've see this, but I can't find any reference on the forum. I seem to think it might have been related to: Store Settings > Features > Force Order Completed Emails. An email is sent intitally when the status changes to pending or processing (which ever you have selected), And then another is sent when the status changes to complete.
  7. I added an item to my basket, clicked on the cart icon (top right), this took me to the create a profile page. I didn't progress beyond this point, but didn't see any issues. Samsung Galaxy S9
  8. I saw a similar message on the Cpanel forum thats all. I had a recent issue with a PHP setting 'allow_url_fopen', which was disabled in PHP, this stopped me opening URL's In the left hand column on the admin side, go to PHP info at the bottom When the PHP info appears, just check allow_url_fopen is switched on. It's a long shot, but worth a look. If this is disabled, you might need to ask your server people to enable in in PHP.ini
  9. A long shot, but did you post a message on the Cpanel forum ??
  10. May I ask why PayPal isn't an option. ? I use PayPal without any issues. I also use SecPay (now Pay360) which is faultless. But you would rneed a merchant Id for Pay 360 (so a few hoops to jump through)
  11. @wkd Just bear in mind what I mentioned 6 posts up. If a customer had his caps lock on, and his first and second name ended in the same letter, then he's going to get caught by BSmithers trap. From my point of view It's not often that a customer will leave his caps lock on, and what's the odds that if he did, that he might just have the same end letter in both his first and second name? However, if we lost a customer, and he was about to spend £500 (or above), then this would be more annoying than the bot. Maybe we should collectively try to find another pattern ?
  12. keat

    recapture2 issue

    I may have found it. allow_url_fopen was disabled in php.ini Now something in the back of my mind tells me that I've seen this before.
  13. keat

    recapture2 issue

    I disabled OWASP mod security and it's the same, so I've ruled that out. I've deleted and recreated a re-captur key incase it was IP or hostname specific. Still the same.
  14. I've recently moved a number of my sites to another server and discovered an issue when trying to run Re-CaptureV2. I get an error reporting that the validation code is incorrect. I'm pretty much convinced that it's either Owasp or a PHP module, but I'm stumped, as my current PHP and ModSec config appears to be the same config as my other server. Any ideas ?? [Thu Jan 16 10:31:19.423076 2020] [cgi:error] [pid 21100] [client xx.xx.xx.xx:51486] AH01215: PHP Warning: file_put_contents(e331d.sql.ada5551fd984837d35a554bce7ca270f.cache) [<a href='http://docs.php.net/manual/en/function.file-put-contents.php'>function.file-put-contents.php</a>]: failed to open stream: Permission denied in /home/mysite/public_html/classes/cache/file.class.php on line 230: /usr/local/cpanel/cgi-sys/ea-php71, referer: https://www.mysite.co.uk/register.html [Thu Jan 16 10:31:19.423141 2020] [cgi:error] [pid 21100] [client xx.xx.xx.xx:51486] AH01215: PHP Warning: Cache data not written. in /home/mysite/public_html/classes/cache/file.class.php on line 233: /usr/local/cpanel/cgi-sys/ea-php71, referer: https://www.mysite.co.uk/register.html In the meantime, ive disabled Recapture.
  • Create New...