SimChris
-
Posts
204 -
Joined
-
Last visited
-
Days Won
5
Posts posted by SimChris
-
-
We have not been infected but we run several things on our server to scan the system each day for possible infections, Trojans, malware, etc., which presumably your hosting provider should be doing periodically as well.
As Ian stated, definitely any issue with your site being compromised should be phone call to your hosting provider. Hopefully they can get that sorted for you quickly and determine what on their end allowed the intrusion.
This is also the good time to revisit all your own logins/passwords for your
1) hosting account
2) FTP account
3) CubeCart admin(s)
Make sure they are complex like zXCsgc97GSC97G# and not "fluffy23" or something like that.
You will need to change all of them anyway if your system has been "hacked" at your account level.
If the hack happened at server level, or another client on same box was compromised and infected the whole box, you will still want to change ALL your account logins for your accounts once they clean up the system.
-
Thanks for heads up Ian
... normally I don't pester on this kind of thing, but I postponed the .8 upgrade so I wouldn't have to apply manual patches to stuff since my version now does work okay (5.25) except for some cart abandonment - but I put in some more helpful instructions for clients who were getting lost on the checkout "path."
Not chomping at bit or anything - just checking in. :-)
-
HI, Al, and all ...
Q: any ETA on 5.2.9 with the payment gateway fixes for Amazon, PayPal, and Chrome SSL fix baked in. I know you said you only do updates once per month, but it's now 5 weeks, so checking in. Wanted to upgrade without having to do all the hacks manually for the fixes to current version before updating from 5.2.5 > 5.2.8/9.
Even a 5.2.8.1 would be awesome.
Thanks!
Chris
-
HI, Al
I think in this instance I am with Ian in thinking that with both the PayPal and Amazon fixes which are integral pieces of ecommerce, it "might" be worth putting out a 5.2.9 sooner than waiting another 10 -14 days. Topical to me as I've been putting off the 5.2.8 upgrade from 5.2.5 the past few days (well, since Thurs.) to see whassup with these issues so I don't have to go on a patching safari the moment after upgrade. Not horribly painful, but frankly it's probably easier to rev an update now than give bunches of folks permissions to download a patch file from github.
Thanks !
-
Okay. So, I'm presuming I should wait for 5.2.9 before messing with Amazon ?
We use the options on just about every item, so obviously big issue. Not ready to deal with Amazon add-in until mid-month (March) anyway.
The threads here regarding issue with Amazon are dated later than the mid-Feb push of 5.2.8 to stable, hence my query about the "fixes" or "patch" related to options so-called bug.
Whew!
-
Hi, Al
have all the Amazon and PayPal fixes mentioned been rolled into the current CC download zip (5.2.8)?
Topical for me since 20% of our clients use PayPal, 80% use cards via Authorize.net, and I was going to roll in the Amazon option this month.
Have been double double (well now triple) checking threads before going to 5.2.8 from 5.2.5 since we have a service business and most work is time sensitive (same day/next day/3 day), and so any payment issues mean we lose the job if they don't call and say "couldn't check out."
Thanks for keeping such a great product up to date with the many ongoing changes from the various payment systems!
Chris
-
Thanks, Ian
I did hear back from Homar today that no issues with 5.2.8 and their demo is running 5.2.8.
Thanks for the double double check.
Looks like all I need to triple check on is the Chrome "bug" (which hasn't happened to me with Win7/64 and rev 33.0.1750.117m).
Thanks!
Admin: you may "close" this topic. :-)
-
Hi, Ian
I was referring to the various support topics under "skins" in this forum mentioning the vector skin. From reading some of that, particularly reference to something I was unaware of ("lettering tool" ?); a jquery problem entry, etc. -- basically, it wasn't clear to me since I don't hang out here unless there is an update to check on or some bizarre thing happening to me, so wasn't sure what was follow up on developing stuff for just one person or "general issue." With four posts this month related to vector in skins, post 5.2.8 launch, was just "double checking" without having to digest all of those other posts, which I was late to party on for their specific issues.
So, from what you've posted kindly in reply, it looks like I will just need to make a minor fix to the CC 5.2.8 /classes/ssl.class.php file and should be fine.
Thanks! exactly what I needed to know.
Interesting that with changes to CC portal/server I no longer get notice in 5.2.5 "your theme is out of date." Guess it no longer phones home to see version number.
Happy Saturday to other weekend warriors ;-)
-
Hi, folks,
long time no talk and all that.
Was about to do the good ol' manual upgrade to 5.2.8 from 5.2.5 on Sat a.m. 3/1 and noticed a bunch of chatter about the Vector skin.
For those using CC 5.2.8 and Vector, is there a specific problem with 5.2.8 and Vector in general, or were the various issues in posts I'm seeing specific to various custom setups?
Upshot:
no modified CC 5.2.8 + Vector skin latest edition -- working or borked ?
I put in a ticket to the Vector folk asking them about this but it does take them 2-3 days to reply (but they do eventually).
Thanks for any heads up. Don't want to bork my shop as I'm in midst of updating plans/pricing for March.
Chris
-
Hi, folks
we now need to address the issue of the spammers/hackers setting up accounts with same first/last name.
'MyName123 MyName123'
From the thread I'm not clear if there was a final working solution to add a single snippet of code to the store to solve this?
Since the current store has an import snippets feature, couldn't this be a workable add on for Al to make available?
Capturing IP address at register would be helpful, also for future versions of CC.
Pardon me for being confused today :-)
-
We have a complex site with sales/content areas 14 years old (back to 2000), with shtml, then a couple of wordpress areas with php, then the ecommerce system in its own directory ( /ecom/ ). And we did 301 redirects from the pre 2010 store which was at /order/ ).
Google has had no problem with having multiple sitemaps
1) entire site, includes store with the referential links from main pages; added to webmaster tools manually and tested ok
2) wordpress specific sitemap (e.g., blog); added to webmaster tools manually, then auto-ping on update
3) cubecart sitemap with auto-ping to Google; and added to our webmaster tools manually and tested ok
Google can sort out each and all pages from that kind of mess just fine. But your needs may vary.
Google Webmaster Tools has very good info when it has any kind of error for EACH sitemap.
We ran into an issue where using the same video on more than one page, and our sitemap tool pulled the same descriptor; so we stopped submitting a video sitemap.
We ran into an issue with "turning off" a page in CubeCart 5, and Google telling us the page was missing when trying to spider -- and, doh! I forget to update sitemap in store when I removed the holiday specials page ;-)
Hope that helped somebody.
-
Google recently changed their algorithms to more specifically focus on "answering a question" vs "keywords" as in the past. We've been doing SEO since 1995 (seriouisly), and the main things you need to focus on now:
1) clear explanations of your products and services containing the keywords you most want to be found under
2) possibly add blog to your site where you can "speak" about your products, and your industry, adventures
3) make sure your XML sitemap is found in Google Webmaster Tools for your site; you may need sitemap for main site, but also for store, if in two different sections
4) check your Google Webmaster Tools account for notes about bad links, page errors, missing content (when you retire a page, you need to 301 redirect to new page or ensure your have useful 404 page)
5) your site will be deprecated in search if it has a "bad user experience," (UX), meaning if it's too slow. Use Google PageSpeed Insights (free), or GTMetrix to test your site, and ensure your images are optimized, you use appropriate headers for expiration times, caching, etc. -- Google is putting a huge emphasis on mobile compatibility and the "speed" your page loads. A desktop score of under "75" out of 100 would be "bad" by today's standards, for example. (FOR EXAMPLE: our store landing page has a Google Pagespeed score for desktop 93/100 and 80/100 for mobile).
6) finally - inbound links; quality links from organic sites mentioning your site and linking to it -- not paid links, not link exchanges, not "spammy" anchor text on black hat sites -- all of that would get you a "warning" from Google. Good links help. Bad links hurt and now hurt bad.
Hope that helps. :-)
-
Forgot to say; once I have a viable "proper configuration file" for CC, I'll share it here. It did really speed things up a lot, especially the home/landing page loaded almost 3x faster!
FYI, for GoDaddy I believe mod_pagespeed is "off" by default. You can switch on by editing htaccess file to "enable" those "filters" you want active. With my setup I have to do it the other way around, with "all on for all sites" but then trim or off by site or directory.
-
Hi folks
as part of the fun with our new webserver installed over holiday, we're testing using Google's mod_pagespeed with Apache (aka "GPS"). The benefit is that it can speed up sites by managing caching, minification of JS/CSS, optimization of images, etc.
The results have been a bit mixed, and tweaking continues.
However, we did run into one issue with CubeCart 5 and folks using Mac OSX Mavericks and Safari where when they went to add an item to cart nothing would happen.
I thought it was strictly related to javascript but turning off all the JS optimizations for store had no impact on the issue that customer brought to my attention on Saturday Jan 4, 2014.
I'm only sharing this here for those who may use an "edge" hosting provider, or GoDaddy, or many others now implementing this technology. For the moment I have turned off mod_pagespeed for CubeCart using an htacess file in the CC directory (so it will work for rest of site).
In doing some research I think this is related to the https connection and mod_pagespeed rewriting some items which the store needs to use to cache or enable a form element to push data to dbase or cookies, getting borked.
This will not impact most of you right now, but GPS is moving from an edge solution to a production solution and many hosting companies are starting to implement due to the popularity of php/dynamic based sites (e.g., WordPress) vs classic static pages (e.g., shtml/html) and having something of an "all in one" solution for common issues with optimization, and developed by the Google "overlords." ;-)
Happy New Year! :-)
-
Oops. Never mind.
Found it. When using "Vector" skin (aftermarket), the file is /templates/box.navigation.php
-
Hi, was trying to search for past item on this topic, but of course 'flood control' blocks anything past second search (sigh).
While we do have a few items "reduced" in price, we don't want to have a menu item "sale items" since we sell services and not t-shirts.
I can't seem to find a way to simply "disable" the "sale items" from the main menu when generated. Using the Fusion custom skin, but seems like there might be someplace specific to CC 5.2.5 I can disable that?
Seems to confuse clients going to that item "first" when looking for service, but then losing the data from the service category pages then calling me with dumb questions answered on the specific service offering menu page. So, time to get rid of it for our purposes.
A "don't use sales item menu" checkbox would be great for next version of CC :-)
Thanks all. Probably something I need to comment out someplace, obviously.
Chris
-
Hi all ...
I was dealing with other issues related to the move to new hardware over holiday, configuring mod_pagespeed, and also an issue with phplist where an old setting in php had memory set to 256MB vs 256M and it carried over from old box to new with migration and so was doing 256 bytes and so phplist wouldn't send stuff. Whew. I'll be circling back to this issue on our server to sort out the port 587 vs port whatever in a bit. Mail has gotten trickier when using php in the nextgen setups with all email needing to be SSL, and it looks like even with phplist we're going to have to switch from port 110 for bounces over to 995.We have phplist working for newsletters and whatnot. Next will be CC5.2.5 to see if we can use SMTP properly.
Thanks bsmither (as always) and Al for your generous time on providing help.
Will post update once I have a free brain cell. I worked every day the past 15 days, and last night went to bed at 10 slept until 11 today. Brain dead. (call the waaambulance!) ;-)
More later ...!
-
Update:
looks like port 25 closed for security purposes on new servers.
Using port 587 which is ESMTP Postfix.
Needs a STARTTLS to run.
-
One suggestion for future update, under store time settings,
EST/EDT
PST/PDT
Los Angeles
New York
and echo current server time in store panel and just go with that?
would be useful for setting store time.
-
Groovy. Just as an aside, we're running another app for client mailing lists "phplist" which works perfectly fine for sending emails; we're on Linux, and Postfix as Qmail is security hole.
I have been reading some issues online with Plesk 11 where SMTP "stops working" after update, and on send generates
Server Error 530
Must issue a STARTTLS command first
server mail.xxxx.tld
protocol SMTP
Port 587
Secure (SSL) No
So the issue with SMTP seems to be that for port 587 a STARTLS command is needed. Not sure if store does that or not, or the copy of phpmailer you're setup with or config'd.
For authentication obviously it needs to ping before send with POP3 before SMTP "on" -- right? Hence the username/password.
Sendmail works perfectly fine. IMAP pop email from PC works fine (port 993). PHPList using phpmailer also, works fine.
Only having issue with store not being able to send via SMTP through any mix of settings from store panel.
A secure TLS/SSL option would be nice for port 587 also. Or, even a config file which could be hand coded with local settings.
Will mess with it some more here.
Hi, AL ... having the latest version with a debug mode would be super duper awesome! :-)
I need to double double check port 587 is actually setup on the new server for our main ecom domain (sigh .... luckily this stuff generally only needs sorted once then I can ignore for four years ... went though all kinds of stuff last year tweaking old server for the most arcane pci-dss stuff - tried to copy all that to new box for consistency ... and this one is the last remaining "me so clueless" moment ...)
Stupid Win7/IE11 won't let me copy/paste into this forum now (sheesh).
New version of phpmail also adds a pop before smtp test for devs, which is nice.
-
Tried the bsmither hack to mailer.class.php and both 465 and 587 with no result.
-
Hi, folks
long time CC user; moved to new server still trying to iron out some wrinkles. Self hosted (we have 'the power'), but ran into one gotcha which is unable to send email via SMTP.
All the usual suspect settings
Use SMTP
Port 25
mail.ourdomain.xyz
smtp username = orders
password = ****
use SMTP authentication = YES.
Trying a test email (newsletter "just a test" and also "recover lost password') do not seem to get the mail out. There is no store "error log" for unsent email either it seems (e.g., via debug, or store error log).
We have dedicated IP for domain also which makes life simpler.
Has anybody else sorted this one out? Port 25 appears open for the site/domain/server, but nothing going out. Create a new port to use SSL/TLS and hack the mail file per Bsmithers other post.... or ?
We obviously want to use SMTP to have @ourstore emails in header vs having apache(at)ourdns.xyz which look really dumb on a dedicated store/site/SSL setup.
Linux/PHP5.4/CentoS 6.5(final)/Plesk 11 latest.
Is there any email error log for store, or just the server side stuff?
-
Just anecdotal the issues we were having with Windows 7/ IE 11 in November seemed to be fixed by early December updates to Windows 7, to IE11, and a major DOT-NET update which is used by both Office and IE, I believe. That big update to Windows in early Dec. fixed all the weirdness we were seeing with IE/Win7.
-
Hi, would rather not add download as clients would then expect to download something to complete project or call me asking if they need to download that; when instead we have a link as checkout is completed to go to a project form to submit project "what to do next" in the skin mods. And they really don't need another email due to store sending "order received" then "order approved" then they get a confirm email when filling out the project form. But good idea, there ;-)
Note in CubeCart 5.2.5, which I presume you're also using, products default to weight "0.00" unless explicitly changed to something. Stock level is off (" X ") for each item in our system.
At this time the simplest fix was to use the "free shipping" module with no minimum cost or weight. So folks can give me money without crying too much, which is the main issue I was having. Having a "zero shipping" option in checkout and on the receipts isn't too painful for this version of the store. It works, and that's good enough for the time being!
Happy New Years!
error message "this e mail is already in use"
in Technical Help
Posted
We removed the checkbox we had enabled to state a client was "required" to create an account so they can do guest purchases.
We added big notice that guest purchases are possible except if the email address was previously used to create an account, in which case customer must login to their account to place order if using that email. Please call if you need password reset.
About all we could do on that for now.
Waiting on 5.2.9 to move from 5.2.5.