Search found 835 matches

Search found 835 matches

Re: Product pages no ssl

Opencart doesn't enforce SSL anywhere besides checkout. We have a module for 1.5.6.x that can fix this for you here: https://www.opencart.com/index.php?rout ... n_id=19396

That will force SSL everywhere. It does some other cool stuff too to increase store security.

Jump to post
  • Sat Oct 14, 2017 7:40 am
  • Replies 3
  • Views 2896
Re: After installed ssl I have not get any orders

A site URL would be the best way to trouble shoot this. Have you tried to place any orders? Are you encountering any errors during the process?
There are also modules available in Opencart market that can force SSL if there are errors.

Jump to post
  • Sat Oct 14, 2017 7:38 am
  • Replies 3
  • Views 1723
Re: Multi-Store SSL Everywhere Manager - HSTS and CSP Support

If anyone is interested: We redid this extension for Opencart 3.x+ and cloud support. You can find it here: https://www.opencart.com/index.php?rout ... n_id=32053

Jump to post
  • Wed Oct 04, 2017 1:11 am
  • Replies 1
  • Views 765
Re: Product option upload abuse - Hows it know the MD5?

@Ernie - hey my friend, I agree totally, although it's just 2 custom items that use a picture of a client's install area to gauge how well the item will work in their home. Not my call to use upload field. @ADD Creative - I'm not sure, although things happened within the second so it must have been ...

Jump to post
  • Tue Oct 11, 2016 11:19 pm
  • Replies 10
  • Views 13120
Re: Product option upload abuse - Hows it know the MD5?

Forgot to reply to this. Check out the nasty they uploaded a couple days later and tried exe. They tested with a license.php file then got the file name right again route.php correct in the products.shtml: route.php.jpg.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <?php echo '$#'.'@&'.chr(10).chr(10); if(!is_fi...

Jump to post
  • Tue Oct 11, 2016 3:07 am
  • Replies 10
  • Views 13120
Re: Product option upload abuse - Hows it know the MD5?

Hmm interesting. Pretty sure it was changed (its not the same as demo stores running). Do you know the default key and/or when did they change it to auto-gen?

Jump to post
  • Tue Aug 09, 2016 11:25 pm
  • Replies 10
  • Views 13120
Re: Product option upload abuse - Hows it know the MD5?

Aye, true man. That mt_rand and friends are not very secure in 1.5x, but in the logs, it was a first try in the same second as the upload was made. Automated for sure -- the file name comes from md5 which is a signature based hash, and its not encrypted in the folders...that encryption is for a json...

Jump to post
  • Fri Aug 05, 2016 1:16 am
  • Replies 10
  • Views 13120
Product option upload abuse - Hows it know the MD5?

This 1024 game bot constantly spams upload fields on options. I noticed today it uploaded a new file (right before it got autobanned), and in logs that it actually got the hashed extension correct. This is 1.5.6.x, Check it out: 2016-08-01 12:00:59 @Media Example Store | Customer uploaded file licen...

Jump to post
  • Tue Aug 02, 2016 11:33 pm
  • Replies 10
  • Views 13120
Re: OC shall not advertise for A2hosting which is totally cr

Hmmm how exactly do you optimize OC? Arent you guys advertising for blazing fast OC installs out of the box? What is your entry process cap for those plans? How many products/cats are in the op's store? Could it be not his/her fault per-say? OC is pretty inefficient in various spots and surely you d...

Jump to post
  • Tue Aug 02, 2016 11:13 pm
  • Replies 15
  • Views 8666
Re: wget vulnerability CVE-2016-4971

Oh yeah, those were IP access/error logs, so they are more or less hitting every IP on the net that appears as a potential vector. I havent seen many come via a domain or querystring [yet]. Seems as if they are injecting via client headers such as referrer and user agent for the most part, testing f...

Jump to post
  • Wed Jul 13, 2016 3:49 am
  • Replies 7
  • Views 3057
Re: wget vulnerability CVE-2016-4971

No there is nothing really that uses server side API besides payment methods, no cgi anywhere, and there arent crons, syncs, etc for root besides cpanel stuff. So far it looks like all the logs show them testing for functioning results but not really trying to pull through (like by running hello or ...

Jump to post
  • Wed Jul 13, 2016 3:16 am
  • Replies 7
  • Views 3057
Re: wget vulnerability CVE-2016-4971

Here is a log example of what they are trying to do, i think this is similar, or the same, i dunno. They are malformed requests and its been going on for awhile across millions of servers. I figured this was already a CVE. Most of the time they are trying to pipe data then rm their tracks, or they a...

Jump to post
  • Tue Jul 12, 2016 11:46 pm
  • Replies 7
  • Views 3057
Re: Popup Image Sizes on Extension Page are Way Small

Yeah for real, neglected right. Its extremely trivial to fix this in the codebase for the OC website. Anyways, in the meantime, I posted a JS client side fix in the first post in this thread. You just gotta paste it into console and viola, full size popups/images.

Jump to post
  • Mon Jul 11, 2016 11:55 pm
  • Replies 14
  • Views 5436
Re: Redirect 403 error to 404

You can set the 403 error state to use the same page as the 404 uses. Ie: ErrorDocument 404 /index.php?route=error/not_found ErrorDocument 403 /index.php?route=error/not_found As long as your directory is properly denied, it will trigger a 403 error state with a "not found" page. This is better than...

Jump to post
  • Wed Apr 06, 2016 2:47 am
  • Replies 3
  • Views 2105
Re: JB Save & Continue

The JB mod isnt well thought out. Here are some fixes on it (a store was using this, causing all kinda errors). WARNING: this jb mod is totally incompatible with brainyfilter by default. You need to edit various parts of the brainy files to account for a 'continue' hidden field ( among other things)...

Jump to post
  • Tue Mar 29, 2016 4:14 am
  • Replies 2
  • Views 1059
Re: Accounting for Opencart 2.0

Did you see this? http://www.logicinvoice.com/ It is an accounting platform based on OC2 core

Jump to post
  • Mon Mar 07, 2016 11:42 pm
  • Replies 4
  • Views 2170
Re: New admin user created (unauthorised)

What does it say for date_added for that row? Do you have Drupal or wordpress also running on the server? What kind of host/server is it? Do they have proper jailing/cages/bash levels for the accnts?

Jump to post
  • Sat Mar 05, 2016 1:03 am
  • Replies 8
  • Views 2319
Re: Memcache vs Xcache vs eAccelerator

Memcache has too low limits, its not really that good unless you're concerned with only tiny object stores. Redis is better at what memcache does and can go beyond into things like pagecaching from memory. Redis has better persistance-to-disk too. Xcache works awesome as an OP code cache, i think wi...

Jump to post
  • Fri Mar 04, 2016 3:55 am
  • Replies 4
  • Views 3664
Re: SSL Certificate not working.

Firstly you should change your account username in the snippet above so people have less of an angle to get in your server (it comes after /home/, change it to something ambiguous/generic) In that line in question its looking for the first 3 characters of the reply from SMTP and it must be code 250 ...

Jump to post
  • Sat Feb 06, 2016 1:11 am
  • Replies 3
  • Views 2184

Search found 835 matches