keat

Premium Member
  • Content count

    869
  • Joined

  • Last visited

  • Days Won

    4

keat last won the day on February 27

keat had the most liked content!

Community Reputation

8 Neutral

About keat

Profile Information

  • Gender
    Male
  • Location
    Leeds UK

Recent Profile Visitors

3,549 profile views
  1. My main site is using Mican skin. Like I say, I don't get many IPN failures, 1 in every 50, but that equates to at least 1 per day.
  2. In an attempt to ditch 'store email at the pending stage', I've been hoping for a fix for IPN, so I can put the site in to 'store email at processing'. I don't get many failed IPN's but enough not to warrant switching the email notifications. I've just updated the PayPal Standard gateway to 1.0.5, lets seee if this helps.
  3. I cleared the cache many times lat night as part of the update, and again this morning. I've just delved inside ini-custom.inc.php and notice that it has the following entries. ini_set('memory_limit', '256M'); ini_set('max_execution_time', '60'); Maybe one of these two entries are over riding something and allowing more memory or resources for something to run ?? Could this be related to the following entry in ini.inc.php 6.0.10 has an entry 'ini_set('memory_limit', '128M'); // Increase Memory Limit' 6.1.7 has nothing
  4. Too late, I ran the update last night. The site appears to be fully operable, but I think I have uncovered 1 small issue this morning.
  5. I updated from 6.0.1 to 6.1.7 last night. Whilst the site appears to be working OK this morning, I'm unable to open up 'Statistics' resulting in a 500 error. Apache logs would suggest that this is triggering multiple OWASP mod sec rules. [Tue Apr 25 08:28:11.360741 2017] [:error] [pid 544:tid 140648707495680] [client xx.xx.xx.xxx] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "37"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "event-correlation"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP76ihbjaLjsO1b4SPZQxgAAAIs"] [Tue Apr 25 08:28:11.360853 2017] [:error] [pid 544:tid 140648707495680] [client xx.xx.xx.xxx] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "39"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "event-correlation"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP76ihbjaLjsO1b4SPZQxgAAAIs"] [Tue Apr 25 08:36:10.948880 2017] [:error] [pid 4635:tid 140648676026112] [client xx.xx.xx.xxx] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-information disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP78ak2Y4tFUNFVw@JEwkgAAAI4"] [Tue Apr 25 08:41:57.745488 2017] [:error] [pid 5079:tid 140648749455104] [client xx.xx.xx.xxx] ModSecurity: Geo Lookup: Failed to lock proc mutex: Identifier removed [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP79xRWqDyps6QnNHaJCjwAAAUc"] As I seem to be chasing one mod sec failure after the other, I disabled all mod sec rules, but even then I'm still unable to open up 'Statistics'. Only this time, rather than a 500 error, now I just get a blank screen, so I enabled ini-custom.inc.php to start to capture error logs, but now 'Statistics is working' Typically, no errors are generated. I enable the mod sec rules and I can still gain access to 'Statistics' Thinking, it must have been a blip, I disable ini-custom.inc.php and all of a sudden, Statistics stops working again. Subsequent renaming of ini-custom.inc.inc.php enables or disables statistics everytime. Any ideas ??
  6. @lyndsiesal What version are you on. We are still seeing this, and it's killing us too... so frustrating and has been ongoing for 14 months or more. They say that this is fixed with 6.1.5, so I'm about to embark on updating to 6.1.7, maybe this evening. Although being told the scenario which is supposed to create the error, i'm not entirly convinced. If I see further occurances, then I guess I'll have to log a support ticket and hope that Al and his team can figure out what's causing it.
  7. Email at pending / processing is probably my biggest gripe. We rely heavily on the store emailing us the orders. Quite often, we don't receive the IPN, I guess maybe some customers will close thier browser upon a successful payment. So for this reason, we have to use payment at pending, but this also has issues whereby a customer can go back and change his order, but the cart doesn't send a second email.
  8. I tried a third time, it still timed out between 6.0.10 and 6.0.11. (it took about 20 minutes to time out) Then continued to the end. Whether or not, something is missing, I don't know. The site appears to operate, although the databse is full of those yellow errors. Maybe these are present in 6.0.10, but CC is not geared up to complain about them ?? And I think those CSRF errors, could have been down to me not logging in via https. I'll try again tonight on the live site.
  9. I clearec everything down, re copied the 6.0.10 site and tried again. It failed again between 6.0.10 and 6.0.11, and completed to the end. Now the databse has no errors, but all categories appear empty. I'm at a loss.
  10. A bit of an update on this. As I've no time coinstraints on a dummy site i left it running. After about 30 minutes, I crashed out returning an 'Internal Server Error' between 6.0.10 and 6.0.11 F5 refresh and it continued to the end. However, now the databse is riddled with 'expecting primary' and the like, and whenever i try to do anything I'm seeing lots of CSRF errors.
  11. On Friday, I created a mirror image of my 6.0.10 site, and successfully performed an update to 6.1.7. Yesterday, I tried to run the upgrade on the actual live site, but it hung during the process between 6.0.10 and 6.0.11. Niether refresh or continue button made it progress any further. So today back in the office, I recreated the mirror and tried again, and now to dummy run is also failing at the same point. Nothing as far as I'm aware has changed on the server so why is the update now failing. I am aware of leter versions failing to update, but not aware of 6.0.10 failing to update. In all honesty, I performed a dummy run to 6.1.5 a few weeks back and held off for 6.1.6, so I know it will update Any ideas
  12. For anyone else experiences this, the settings to change in php.ini is allow_url_include , but for good measure I also enabled allow_url_fopen . Restart php. Might be worth, switching these back off when done.
  13. I'm trying to update a copy of my 6.0.1 site to 6.1.7 but get the following error. Failed to download latest version, please attempt manual upgrade. [21-Apr-2017 09:57:28 Europe/London] PHP Warning: file_get_contents(https://www.cubecart.com/download/6.1.7.zip) [<a href='http://docs.php.net/manual/en/function.file-get-contents.php'>function.file-get-contents.php</a>]: failed to open stream: no suitable wrapper could be found in /home/xxxxx/public_html/admin/sources/maintenance.index.inc.php on line 174 I've already perfromed a dummy run to 6.1.5, so I know it works. I updated to EasyApache 4 with php 5.6 earlier this week in anticipation of this update, maybe it's related ?? Line 174 shows: $contents = file_get_contents('https://www.cubecart.com/download/'.$_GET['upgrade'].'.zip'); edit: Looks like a PHP config change is required.