Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by keat

  1. is there a way to deactivate a customer account, maybe some way to also stop him creating a new account with the same email address.
  2. We can spot the profiteers and are allowing a few of their sales through, but once we feel that they are now taking the p*$$, we are cancelling thier orders. We have 4500 product lines, with new customers signing up daily, so I don't want to make things difficult and time consuming to manage. If I could somehow limit the amount of boxes of a few products that any customer could buy, it would weed out the genuine user from the profiteer. This wouldn't stop him coming back and placing another order I guess, but he might get fed up. No plugins that you are aware of ?
  3. Due to Covid19, we are fast selling out of PPE. As our prices are defined by a printed catalogue, it's difficult for us to justify any price increases. So for instance, our Latex Gloves are at the same great price as they were many months ago. We are inundated with new customers who we've never had any dealings with, buying tons of gloves, to probably sell on at an extortionate price on auction platforms. I've seen our products which we sell for £3.95 being sold for £20+ on ebay. I want to stop this by limiting an amount a customer can purchase, so our regular customers can still get the same product at the same price. Is there any way to put a limit on a product, so a customer could only buy 10 for instance. Polite notes are being blatently ignored.
  4. I raised this maybe 2 years ago. There is something not quite right with gift cards. I don't recall exactly what, but something along the lines that the person buying the gift card is charged VAT, and then the customer spending the gift card is also charged VAT. Or maybe the customer buys a gift card, is charged VAT, and the spending value is now reduced. eg: £20 gift voucher bought, but the spending value is reduced to £16.00 due to the vat portion. The recipient, comes to spend his £16.00 and is charged VAT on top. Like I say, I don't recall exactly what the problem was, but it was enough for me to not bother implimenting it. It needs some experimentation and looking at.
  5. keat

    PHP functions

    As far as I'm aware, this has to be done at server level using php ini editor, and adding the line ' disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open ' Whether or not one can do this at a user level, I'm not sure. ?? As for creating dangerous functions. I guess when PHP was being developed, these functions were not considered dangerous, but over the years, as software develops, and hackers learn of work arounds and vulnerabilities, software becomes less safe. Windows 7 a prime example. Incidentally, these functions are not CubeCart functions, these are PHP server software functions. I disabled these in my PHP. ini, and up to press I've seen no problems with functionality.
  6. Security advisor on my server suggests: You should consider disabling commonly abused php functions, e.g.: disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list: Are all these safe to remove as far as Cubecart V6 goes.
  7. @wkd Just bear in mind what I mentioned 6 posts up. If a customer had his caps lock on, and his first and second name ended in the same letter, then he's going to get caught by BSmithers trap. From my point of view It's not often that a customer will leave his caps lock on, and what's the odds that if he did, that he might just have the same end letter in both his first and second name? However, if we lost a customer, and he was about to spend £500 (or above), then this would be more annoying than the bot. Maybe we should collectively try to find another pattern ?
  8. i've a customer base of around 35,000. I'd prefer not to load our server, or risk landing us on an RBL. Although I did briefly consider a seperate VPS just for this process.
  9. My email campaign went out this morning. I'm not seeing any problems.
  10. If anyone uses these kind of things, then I found one named 'moosend' A hell of a lot cheaper than Mailchimp. I had a few issues with my data having a few discrepancies, which I had to resolve first but didn't take long and needed doing anyway. I'll update again next week when my email campaign goes out, as to how it performed.
  11. can anyone recommend an alternative to mailchimp. It needs to be simple, intuitive and not have to jump through a thousand hoops to send a simple mailing campaign.
  12. Off topic, but i'm a little worried about online password managers. If the online account got hacked, then this would reveal all my passwords. But then the same could be said for my browser cache and bottom drawer. 17 random characters by the way, upper, lower, numbers and symbols.
  13. You had me worried there Ian. However, this wasn't my password, the code was cut and pasted from the SQL developers site. https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html If anyone could guess my root password, they deserve the right to take control of my server. (even i struggle with it)
  14. what about the time difference ?
  15. I only uncovered the error after setting the time zone in 'store settings/advanced' Prior to this the time zone was disabled. There were no errors that I recall, but the order time stamps were out by an hour. Hence the reason I applied the time zone. Is it possible to disable the time zone in store settings, but instread add an offset to correct the time stamp ??
  16. My site was updated yesterday from 6.1.7 to 6.2.6 and I had exactly these errors. I have full ssh access to our web server and ran the following command from a terminal window # mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p xxxxxx The errors subsequently stopped.
  17. what if a customer shouted. eg: ALAN WATKIN
  18. Hi Brian. Could you explain how your script works please. Could this cause problems for legitimate customers. Also, any ideas how this bot has circumvented Re-Capture ? As an experiment, I deleted and recreated my recapture key yesterday.
  19. These things still keep coming. Any ideas how or how to stop them. https://www.cabletiefan.co.uk/images/spoofed.jpg
  20. Got another one yesterday. There's a class B subnet pattern emerging 212.92.x.x Since monitoring, I've seen 114, 116 and 117 class C's. We have no customers in any of these subnets, so I blocked the subnets in my firewall for now.
  21. Unless they are doing this manually, i'd like to know how the circumvented captur. Here's another one.
  22. Instead of just deleting these, I'm now blacklisting the IP's, see if there's a pattern in there also.
  23. Looking for newsletter sign up and it doesn't appear on my home page, but the link (if I type it in manually) is still live. index.php?_a=newsletter. However, this appears to only contain an email address, so it's not this. If I log in to the cart back end, choose 'customer list', it will be in there. Sticks out like a sore thumb due to the pattern. I alredy deleted the recent entry, so there would be nothing to see. I'm using Recapture V2, maybe I should consider V3, is there any code for this ?
  • Create New...