keat

From the customer side, i added an email to my mailing list without issue. I'm using the Mican skin if it helps.

My main site is using Mican skin. Like I say, I don't get many IPN failures, 1 in every 50, but that equates to at least 1 per day.

In an attempt to ditch 'store email at the pending stage', I've been hoping for a fix for IPN, so I can put the site in to 'store email at processing'. I don't get many failed IPN's but enough not to warrant switching the email notifications. I've just updated the PayPal Standard gateway to 1.0.5, lets seee if this helps.

I cleared the cache many times lat night as part of the update, and again this morning. I've just delved inside ini-custom.inc.php and notice that it has the following entries. ini_set('memory_limit', '256M'); ini_set('max_execution_time', '60'); Maybe one of these two entries are over riding something and allowing more memory or resources for something to run ?? Could this be related to the following entry in ini.inc.php 6.0.10 has an entry 'ini_set('memory_limit', '128M'); // Increase Memory Limit' 6.1.7 has nothing

Too late, I ran the update last night. The site appears to be fully operable, but I think I have uncovered 1 small issue this morning.

I updated from 6.0.1 to 6.1.7 last night. Whilst the site appears to be working OK this morning, I'm unable to open up 'Statistics' resulting in a 500 error. Apache logs would suggest that this is triggering multiple OWASP mod sec rules. [Tue Apr 25 08:28:11.360741 2017] [:error] [pid 544:tid 140648707495680] [client xx.xx.xx.xxx] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "37"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "event-correlation"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP76ihbjaLjsO1b4SPZQxgAAAIs"] [Tue Apr 25 08:28:11.360853 2017] [:error] [pid 544:tid 140648707495680] [client xx.xx.xx.xxx] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "39"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): The Application Returned a 500-Level Status Code"] [tag "event-correlation"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP76ihbjaLjsO1b4SPZQxgAAAIs"] [Tue Apr 25 08:36:10.948880 2017] [:error] [pid 4635:tid 140648676026112] [client xx.xx.xx.xxx] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-information disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP78ak2Y4tFUNFVw@JEwkgAAAI4"] [Tue Apr 25 08:41:57.745488 2017] [:error] [pid 5079:tid 140648749455104] [client xx.xx.xx.xxx] ModSecurity: Geo Lookup: Failed to lock proc mutex: Identifier removed [hostname "www.domain.com"] [uri "/admin.php"] [unique_id "WP79xRWqDyps6QnNHaJCjwAAAUc"] As I seem to be chasing one mod sec failure after the other, I disabled all mod sec rules, but even then I'm still unable to open up 'Statistics'. Only this time, rather than a 500 error, now I just get a blank screen, so I enabled ini-custom.inc.php to start to capture error logs, but now 'Statistics is working' Typically, no errors are generated. I enable the mod sec rules and I can still gain access to 'Statistics' Thinking, it must have been a blip, I disable ini-custom.inc.php and all of a sudden, Statistics stops working again. Subsequent renaming of ini-custom.inc.inc.php enables or disables statistics everytime. Any ideas ??

@lyndsiesal What version are you on. We are still seeing this, and it's killing us too... so frustrating and has been ongoing for 14 months or more. They say that this is fixed with 6.1.5, so I'm about to embark on updating to 6.1.7, maybe this evening. Although being told the scenario which is supposed to create the error, i'm not entirly convinced. If I see further occurances, then I guess I'll have to log a support ticket and hope that Al and his team can figure out what's causing it.

Email at pending / processing is probably my biggest gripe. We rely heavily on the store emailing us the orders. Quite often, we don't receive the IPN, I guess maybe some customers will close thier browser upon a successful payment. So for this reason, we have to use payment at pending, but this also has issues whereby a customer can go back and change his order, but the cart doesn't send a second email.

I tried a third time, it still timed out between 6.0.10 and 6.0.11. (it took about 20 minutes to time out) Then continued to the end. Whether or not, something is missing, I don't know. The site appears to operate, although the databse is full of those yellow errors. Maybe these are present in 6.0.10, but CC is not geared up to complain about them ?? And I think those CSRF errors, could have been down to me not logging in via https. I'll try again tonight on the live site.

I clearec everything down, re copied the 6.0.10 site and tried again. It failed again between 6.0.10 and 6.0.11, and completed to the end. Now the databse has no errors, but all categories appear empty. I'm at a loss.

A bit of an update on this. As I've no time coinstraints on a dummy site i left it running. After about 30 minutes, I crashed out returning an 'Internal Server Error' between 6.0.10 and 6.0.11 F5 refresh and it continued to the end. However, now the databse is riddled with 'expecting primary' and the like, and whenever i try to do anything I'm seeing lots of CSRF errors.

On Friday, I created a mirror image of my 6.0.10 site, and successfully performed an update to 6.1.7. Yesterday, I tried to run the upgrade on the actual live site, but it hung during the process between 6.0.10 and 6.0.11. Niether refresh or continue button made it progress any further. So today back in the office, I recreated the mirror and tried again, and now to dummy run is also failing at the same point. Nothing as far as I'm aware has changed on the server so why is the update now failing. I am aware of leter versions failing to update, but not aware of 6.0.10 failing to update. In all honesty, I performed a dummy run to 6.1.5 a few weeks back and held off for 6.1.6, so I know it will update Any ideas

yes

For anyone else experiences this, the settings to change in php.ini is allow_url_include , but for good measure I also enabled allow_url_fopen . Restart php. Might be worth, switching these back off when done.

I'm trying to update a copy of my 6.0.1 site to 6.1.7 but get the following error. Failed to download latest version, please attempt manual upgrade. [21-Apr-2017 09:57:28 Europe/London] PHP Warning: file_get_contents(https://www.cubecart.com/download/6.1.7.zip) [<a href='http://docs.php.net/manual/en/function.file-get-contents.php'>function.file-get-contents.php</a>]: failed to open stream: no suitable wrapper could be found in /home/xxxxx/public_html/admin/sources/maintenance.index.inc.php on line 174 I've already perfromed a dummy run to 6.1.5, so I know it works. I updated to EasyApache 4 with php 5.6 earlier this week in anticipation of this update, maybe it's related ?? Line 174 shows: $contents = file_get_contents('https://www.cubecart.com/download/'.$_GET['upgrade'].'.zip'); edit: Looks like a PHP config change is required.

ta

I don't have crawler errors for 'Sale Items' either, I have crawler errors for ' http://www.cabletiesonline.co.uk/index.php?searchStr=&act=viewCat ' which if you follow it takes you to 'Sale Items'

All the sites were V3, I'll have to scour the documents to see if there's a link embedded anywhere. Unfortunately, webmastertools gives nothing away to the location of any links. http://www.cabletiesonline.co.uk/index.php?searchStr=&act=viewCat I ran a query in the database for the string /index.php?searchStr=&act=viewCat and can't find this embedded in any products or doc contents, so I've no idea where this is being generated. Intersting that I tried this on Dirty Butters site and it does the same. Drop the string ' /index.php?searchStr=&act=viewCat ' directly after the URL and it will resolve to 'Sale Items' so it's not just mine.

Is it worth deleting and then re-uploading the foundation skin ?

Lots of references to electrical-products, but all followed by the rest of the url. Nothing I can see pointing only to /electrical-products. There is one link pointing to electrical-products.html I wonder if the end user computer is doing something as I can't seem to replicate the error.

Not a great deal. ##### START CubeCart .htaccess ##### ### File Security ### <FilesMatch "\.(htaccess)$"> Order Allow,Deny Deny from all </FilesMatch> ### Apache directory listing rules ### DirectoryIndex index.php index.htm index.html IndexIgnore * ### Rewrite rules for SEO functionality ### <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / ##### START v4 SEO URL BACKWARD COMPATIBILITY ##### RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule cat_([0-9]+)(\.[a-z]{3,4})?(.*)$ index.php?_a=category&cat_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule prod_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule info_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=document&doc_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule tell_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule _saleItems(\.[a-z]+)?(\?.*)?$ index.php?_a=saleitems&%1 [NC,L] ##### END v4 SEO URL BACKWARD COMPATIBILITY ##### RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)\.html?$ index.php?seo_path=$1 [L,QSA] </IfModule> ### Default store 404 page ### ErrorDocument 404 /index.php ## Override default 404 error document for missing page resources ## <FilesMatch "\.(gif|jpe?g|png|ico|css|js|svg)$"> ErrorDocument 404 "<html></html> </FilesMatch> ##### END CubeCart .htaccess ##### RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://mydomain.co..uk/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://mydomain.co..uk$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.co..uk/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mydomain.co..uk$ [NC] RewriteCond %{HTTP_REFERER} !^https://mydomain.co..uk/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://mydomain.co..uk$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.mydomain.co..uk/.*$ [NC] RewriteCond %{HTTP_REFERER} !^https://www.mydomain.co..uk$ [NC] RewriteRule .*\.(jpg)$ https://www.mydomain.co..uk/logo2.bmp [R,NC]

I'm seeing a number of errors in my Apache logs, which I'm guessing are asscociated with the SEO part of the cart. eg: [Wed Apr 12 09:00:51 2017] [error] [client x.xxx.xxx.xx] File does not exist: /home/mydomain/public_html/electrical-products, referer: https://www.mydomain.co.uk/electrical-products/electrical-terminals/crimp-terminals-blue/blue-butt-connector-4-0mm-crimps-terminals.html I', assuming that it's complaining about /home/mydomain/public_html/electrical-products. If I type mydomain.co.uk/electrical-products, then I see a 404 error. If I type mydomain.co.uk/electrical-products.html, then i'm transported to eletcrical products. Any ideas ?

I just looked at the link. Whilst it looks great, the free session would last me about 8 hours. And the lowest paid verion would probably last me about a month,...... tops. I guess all well and good, if I could sign up for one month and experience the issue. I'll probably wait for 6.1.6 and see if it continues after this.

I still have this, infcat, I got one last night, but I intend to update the site to 6.1.5 before progressing. Before this, I intend to update PHP and apache, so I have a few evenings work in front of me (when I can get motivated)

I spotted a crawl error on my webmaster tools account, so followed the link and it takes me to a category, that doesn't appear to exists. This is same on 3 different sites. /index.php?searchStr=&act=viewCat appear to take me to a category called sale items which is empty.