Jump to content

keat

Member
  • Posts

    1,571
  • Joined

  • Last visited

  • Days Won

    25

Everything posted by keat

  1. Where is this ? I don't recall seeing it, maybe I removed it at some point in the past. Mican skin by the way
  2. Recapture is switch on, so I'm guessing they circumvented it.
  3. New accounts are created daily, but about once per week I see a pattern, which I'm guessing is some form of malicous attack, but I've no idea what. A new account will be created where the surname is identical to the christian name. In the most recent example LydiaTrucTSO LydiaTrucTSO. There's never an address in the account, no order is ever placed, it usually has a russian TLD in the email, and the IP generally points to the Netherlands, although I've seen Russia, Belarus and Ukrane, which are now blocked on my server. I've no idea what it is they are trying to do when creating an account, and as the pattern is always the same, I'm assuming it's a BOT of some sort. any thoughts as to what might be going on ? [04/Mar/2019:19:20:05 +0000] "GET /index.php?seo_path=lubrication-cleaning%2Fgrease%2Fcopper-thread-compound-500g HTTP/1.0" 200 27391 "https://www.mydomain.com/index.php?seo_path=lubrication-cleaning%2Fgrease%2Fcopper-thread-compound-500g" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99" [04/Mar/2019:19:20:06 +0000] "GET /register.html?agreed=true HTTP/1.0" 200 21478 "https://www.mydomain.com/register.html?agreed=true" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99" [04/Mar/2019:19:22:40 +0000] "POST /register.html?agreed=true HTTP/1.0" 302 - "https://www.mydomain.com/register.html?agreed=true" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99" [04/Mar/2019:19:22:41 +0000] "GET /?_a=account HTTP/1.0" 200 20048 "https://www.mydomain.com/?_a=account" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99" [04/Mar/2019:19:22:41 +0000] "GET /register.html?agreed=true HTTP/1.0" 302 - "https://www.mydomain.com/register.html?agreed=true" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99" [04/Mar/2019:19:22:42 +0000] "GET /index.php?seo_path=lubrication-cleaning%2Fgrease%2Fcopper-thread-compound-500g HTTP/1.0" 200 27462 "https://www.mydomain.com/index.php?seo_path=lubrication-cleaning%2Fgrease%2Fcopper-thread-compound-500g" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99" [04/Mar/2019:19:22:43 +0000] "GET /index.php HTTP/1.0" 200 30029 "https://www.mydomain.com/index.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 OPR/53.0.2907.99"
  4. I believe I may have done this before, but only on one site. Thanks again.
  5. Customers are lazy and won't do that They kick off when we send the goods to the incorrect delivery address (quite rightly), then blame thier lazyness on us. Can you find the image name using developer tools or page source ?
  6. Can I ask if Braintree works the same way as PayPal Express. Express will over write the delivery address in the cart to what it has on file at PayPal. Does Braintree do the same, as this cuses problems for us.
  7. I removed the prices from the table Cubecart_pricing_group and removed the customer group. Considering it used to be £3.75, I doubt it was hacked, and as for the clone product, this is definately feasible, as I quite often clone products when they are similar. I recall about 2 years ago when Orange closed a number of tld's, using PHP admin, and identified all the Orange customers adding them to a group. The intention being, that we could later identify the ones who had not updated thier email address or returned. I would have also done this en mass as an export, modify, import to save time. I wouldn't have given these customers any special prices though. Every year, we have a major pricing restructure and a number of new lines added. The boss having OCD wants all this to happen on New Years day, so I get around this by working on an exact mirror image of the site for about 10 weeks prior. Then on New Years Day, I copy over the inventory and options tables of the database. Still none the wiser how these cutomers got the old prices though. (there were about 1800 entries in the Datbase table)
  8. On one of my sites I can see sales statistics, but in another I can't. The graph appears, but shows no sales, unless I edit the database and change all the orders from processing to completed. Is there a setting somewhere which switches this feature on, or did I maybe do a code edit on the site which works. The only difference I can see, the site which works has email notify at processing, the one which dosn't has email notify at pending.
  9. Interesting. Logging in as the customer, the prices do show as £3.75 and not £4.15. It seems that he's a member of an old experimental customer group, however, I'm not aware that this group had any discounts. To be honest, I'd forgotten that the group even existed. I recall that the group was set up about 2 years ago when orange closed a number of email domains. Any ideas how these prices might have come about ? I'm also surprised that it's taken this long to come to light.
  10. No customer groups. one price fits all unless we run a promo.
  11. We had an order on the cart where a product has the wrong price. It should be £4.15, but the customer has been charged £3.75, and I can't quite figure out why or how. There are no discounts applied, the price is correct in the cart, taxes are correct etc. If I place an order, it comes out at £4.15. I can sort of explain where the £3.75 came from, but not why this product was accepted by the cart at £3.75. This is a newish product. When the product was created it was cloned from it's sister part. We used to sell it in red at £3.75, then earlier this year we introduced it in yellow but also increased the price to £4.15. This introduction and price change happened in January. It is a part in it own right and not a product option. Any thought's................. I don't mind how wild an idea it is.
  12. The store can be set to send the email when the order changes to one of two states. Pending: This is where the customer commits to buying, but doesn't then follow through to the gateway, (paypal etc). Maybe he didn't click the gateway, he backed out, maybe the gateway couldn't connect, or even the customer got to the gateway and decided not to pay or couldn't pay. Until a successful payment is made, the order will remain pending. Processing: (which is what I suspect you have set) This is where the customer completed the sale and made a successful payment. The store won't email you for both steps though, its one or the other. (Email sent at the pending stage or processing stage) With notify at processing , you run the risk of losing a sale if you don't keep an eye on the cart. (customer never paid, order still pending, no emails sent) However, with notify at pending, you run the risk that the customer could go back and change his order after you recieved the email. (the store will email one time only) In both instances, you can't fully rely on the email notification, you do need to keep an eye on the cart.
  13. inside documents section, find your home page and edit it. Inside the search engine tab should be where this is being pulled from unless you did any manual code edits somewhere.
  14. I can't see it. did you clear your browser cache ? take that back, yes I can. in the browser title, not the actual web page. Check the SEO tabs sections of your homepage.
  15. After many hours of trial and error, I wrote a hook which has worked well for two years or more. Just modify the PHP code to the minimum order value (in my case £15.00) Go to manage hooks/code snippets and then choose add a code snippet. Insert the data below in to the appropriate fields, ensure the snippet is enabled. Unique ID: [email protected] Execution Order: 1 Description: Disable checkout until Min-Max order Value is reached Trigger: class.cubecart.display_basket PHP Code: <?php $upper_val=15.00; $lower_val=0; $value = number_format($upper_val, 2); if($GLOBALS['cart']->basket['subtotal'] > $lower_val && $GLOBALS['cart']->basket['subtotal'] < $value) { $GLOBALS['gui']->setError ('Our minimum net order value is '.$value.'.'); $GLOBALS['smarty']->assign('DISABLE_CHECKOUT_BUTTON', true); } ?> Version: 2.0 Author: Keat
  16. keat

    gdpr

    In the case of the closed down comments site, I would have just deleted the email addresses and IP's (if gathered). A user name isn't particluarly identifiable, some may argue that it is, however, i'd struggle to work out who, dirty butter is. If a user is foolish enough to put his full name and address online, in a comments field in full view, then that's his own fault, you can't be expected to proactively audit this. With so much confusion about consent, some believing it's required, others believing not so, we are not seeking any consent. Microsoft, Google, Spotify, ITV, BBC even ACAS haven't specifically asked for consent to contact me, they've just sent me links to thier updated privacy policy. We don't purchase mailing lists, we learnt a long time ago that they are just harvested rubbish with little return. For this reason, we are also not seeking consent, instead choosing 'legitimate reasons' as our basis to contact our customers. We have created a new privacy policy, which is clearly linked on our web site, it's linked in all email communications from all staff, and linked on the bottom of each customer invoice. When we run our seasonal mailing campaign, there will be reference to it in there, and I guess when we send our next years catalogue, GDPR will be mentioned. It seems, more emphasis has been more about consent, than actual data protection. In fact we received an email this morning from a customer or supplier stating that they inadvertantly divulged email addresses on a recent correspondance. Without me delving too deeply, I wouldn't be surprised if the CC'd thier own privacy policy to a huge list rather than BCC. I wonder how many customers or suppliers may think that it's now illegal to call us to order something because they didn't seek our consent.
  17. keat

    gdpr

    email today from ACAS, with no reference to me consenting or opting in. Hopefully, everything will be back to normal on Monday. Hello In line with GDPR, we have updated our privacy policy which can be viewed on our website We look forward to contacting you in the future, however if at any time you would like to stop receiving communications please unsubscribe using the links provided within our emails.
  18. keat

    smells fishy

    i found him in my raw access logs.
  19. We've had messager through one of our contact forms, which smells like a scam to me. Is there any way of finding the IP address of the web session at the time the message was sent?
  20. That was indeed my bugbbear with 'Print Order Form' We had to have orders email at pending because POF never progressed beyond that stage. Email at pending is flawed in the respect that the customer can go back and change his order after the cart has sent admin an email. The cart doesn't send another email after the click through.. This was causing confusion in the office when a customers cart didn't match his payment. We have a large number of credit account customers who use POF. Since that small code change about 2 years ago, we now have orders to email at processing, and the issue with basket changes has now gone.
  21. keat

    gdpr

    FYI Not one mention of requiring my consent. At Spotify, we want to give you the best possible experience to ensure that you enjoy our service today, tomorrow, and in the future. It is also our goal to be as open and transparent as possible with our users about the personal data we collect to provide that service, how it is used, and with whom it is shared. We are contacting you today to let you know that we will be making some changes to our Privacy Policy, which will be effective from May 25th. These changes will reflect the increased transparency requirements of the EU General Data Protection Regulation (known as the ‘GDPR’). We have always strived to provide you with clear and simple information about the personal data we collect and use and how we protect your personal data in our Privacy Policy. Today we are simply announcing enhancements to the Privacy Policy which clarify and provide additional information about: your privacy rights and how to exercise them; how we collect, use, share and protect your personal data, and the legal bases we rely on to process your personal data. Over the next few weeks, we will also be rolling out new tools which include a new Privacy Center at Spotify.com and a new Privacy Settings page in your Account to help you more easily understand and manage your privacy choices, including a new ‘Download my Data’ button. Please click here to read the revised Privacy Policy, which will be effective from May 25, 2018. We have also prepared this blog post which summarizes the key changes to the Privacy Policy in more detail. If you have any questions, please contact us using the Contact Form. Thank you for using Spotify. Enjoy the music!
  22. https://www.cabletiefan.co.uk/webimages/pof.rar here is the entire print order form foilder. v1.01 I guess also, this might cure your question from ealier about print order form emailing the transaction to the end user.
  23. BSmither once sent me the code changes for this. Try this but make a backup first. in modules/gateway/print order form/gateway.class.php around line 68 find: $order->logTransaction($transData); Replace this with // $order->logTransaction($transData); // $transData may get modified later around line 255 find: $GLOBALS['cart']->clear(); } } Replace this with: /* NEW */ $transData['status'] = 'FProc'; $transData['notes'] = 'Forced to Processing. ' . $transData['notes']; $order->orderStatus(Order::ORDER_PROCESS, $cart_order_id); /* */ $GLOBALS['cart']->clear(); } /**/ $order->logTransaction($transData); // $transData may have been modified earlier }
  24. if you download the skin folder to your local PC, then using Notepad++ you can search the entire contents of the folder for the offending string.
×
×
  • Create New...