imaginarynumber

Thanks Bruce Admittedly my drupal was out of date but not SMF or Zencart. I cannot see anything in the drupal logs that looks untoward. Surely a drupal hack would leave the drupal infected and not the (static) site index page which is at the top of the file hierarchy?

I contacted support but they couldn't access the main index file logs. It looks like the raw logs available for that date in cpanel have been overwritten and as I don't have root access to var/log/messages I have no way of finding and blocking the offending ip address (as suggested by tech support). So someone has managed to insert malicious code into a my index.html page after changing the chmod and I have no idea how or who? Nor if they will do it again.... ___________________edit_______________________ Thanks Dick There are zencart, SMF and drupal installs on the site, in sub folders. Could any of those be used to infect files at the public_html root?

Hi My site was unacessible for a while this morning (GMT)- when I eventaully managed to get to the home page Avast threw up a iframe KU warning. The file was changed at 19/01/2010 at 18.29 The inserted code is script removed I havent checked all of my other accounts yet and the file permissions are changed to 755. I was unable to edit out the code via cpanel and so renamed it via my ftp client. I have restored an old copy with 644 permissions. The last access ip address in cpanel is mine. Is it just my site that has been attacked or the whole palpatine server? Any suggestions? Thanks in advance _____________________________________________edit__________________ Have just been through my reseller account and this seems to have been the only site hacked.

Thanks for the reply Bruce. What about my suggestion for the blog page or an alternative page that lets us know what is happening? I guess that you wouldn't want a flood of emails to let you know that all of the servers are down whilst you are trying to resolve things but from our point of view it would be reassuring to know what is happening.

http://www.shopping-cart-migration.com/shopping-cart-migration-options/112-oscmax-to-zencart-migration For a paid for service but I expect that there are free ways of migrating. I have been with zencart from the outset but also play with virtuemart (glitchy) and magento (prefers root access)

Will today's outage- approx 18.00 hrs GMT- be covered in the blog??? The blog was one of the only sites that was accessible- could it be used to let customers know what is happening in future? Additionally the status page said that nearly all of the servers were running ok- I guess that means that the servers were up and running but should inaccessible servers be reported as ok? I am not questioning your probity but if all the servers are inaccessible is it fair to report each of the servers as having 100% uptime? Please do not think that I am TCH bashing- I have been and still am a very happy customer. It is worrying though when you know that there is no way to find out what is happening I would have posted this in the family section but the password has changed since my last visit. Many thanks.

Hi all I would like to redirect all traffic from http://www.mysite.com/survey to https://www.mysite.com/survey I have added the following line to the root htaccess file RewriteRule ^survey/?$ "https\:\/\/www\.mysite\.com\/survey\/" [R=301,L] but it does nothing at all, I have also tried the above without the escape characters. Do I need to add anything to the htaccess file in the survey folder as well? Thanks in advance

http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_47&products_id=325 haven't used it myself but it seems to be ok The problem with ip address blocking is that you might have to enter hundreds per day from robot machines- this will also prevent the owners (read: customers) of those machines from legitimately accessing your site sorry about the tardy reply good luck

Hi there I ended up blocking a bucket load of ip addresses and eventually found that i was getting almost a thousand spams per day. Given that the ip adresses kept changing I decided to use an antispam bot "captcha". As soon as I installed it the spam stopped instantly. The type of captcha will depend on the type of contact form that you use (or cms). If you are being spammed by a robot and do nothing it will only get worse Good luck

At the risk of bumping.... I tried virtuemart (VM) this weekend using the joomla with VM option from the VM site. Looks great (I love Joomla) but I binned it after two days of trying to deal with glaring bugs. Support is very poor. The forum site was down on day one and most people seem to wait months for an answer and often end up answering their own questions. It is a shame because it looks so promising. Already use zen-cart and am waiting for support to set up pdo_mysql so that I can have a play with Magneto.

Andy et al You are stars- thank you- I knew nothing about http://ip2cidr.com/ and CIDRs. Cheers

hi Thomas Thanks for the reply. How far can you go??? By that I mean, will 195.5.*.* be for the exclusive use of ukrtel.net or would 195.*.*.* be the whole of ukraine and perhaps surrounding nation states? These are a few of the ip address that resolved back to ukrtel.net 92.113.29.119 94.178.48.89 91.124.242.198 So as you can see they seem to cover al lot of ranges which is why I wanted to block pool.ukrtel.net

Hi all I have a stooopid spammer that thinks that they can use one of my forms to spam other people- they are oblivious to the fact that the reply from us just says "thank you for your interest" and that the hyperlinks that they throw in are not forwarded. Their ip address constantly changes so I guess that they are on a dial up. I am getting bored of blacklisting on an individual ip basis I am happy to blacklist anything from pool.ukrtel.net - the site is for a holiday home in florida and the client has never had a real enquiry from Ukraine. How do I do this in cpanel- when i try it says that it cannot resolve the address. Thanks in advance

hi all glad to see that roundcube is offered along with the other two webmail options. When i select it though I just get a blank page... show i be doing something in whm or cpanel- cant see anything that looks like it needs to be enabled???? tnx in advance

thanks all i have been here before but forgot my log in details

Given that they can pull back funds from your account up to 6 months later perhaps "unfair/do as i say not as I do" grown up might be more acurate. We have had experience of £1500 being pulled after 2 weeks because they thought it might be fraudulant, they then proceeded to charge us commission even though we had to get the customer to take a refund and then pay us by bacs because world pay and his spanish bank wouldn't talk to each other. To make things worse we decided to cover the money that he lost because of exchange rate movements. In all it probably cost us £100 because they are stoooopid!!!!

I agree with bruce that a ssl would be a good idea but you do not have to have one. Many payment gateway providers eg Worldpay, redirect the customer in the final stages of checkout to their own site. This means that they are doing the card processing not you and thus as such you do not need the ssl. In this situation the advantage of the ssl is that when the customer opens their account with you the user info (name address etc) is sent securely. Be carefull when ordering your ssl. They are not all created equal!!!! If you plan to use one of the higher level google checkout api then go to the google checkout forum and ask for advice re acceptable ssl. the basic google checkout and paypal do not require ssl but you will not be able to add bells and whistles such as variable shipping. there are many free ecommerce solutions, my fav is Zencart. For more advice read through their forums. Our site uses zencart (without ssl- i have paid for a ssl but haven't had the time to install it). The site is not pretty- still need to play with the layout and features but it will give you an indication of a basic zen cart set up http://www.bichonhotel.co.uk/shop if ever you do opt for ssl then be aware that your site will need to be moved to a new ip address so there will some down time. In that respect you are better off doing it from the off. good luck

The basic google button is, err.... very basic if you want to have more options then you will need to look at (free) ecommerce options such as Zen cart or oscommerce. Otherwise you will just have to create lots of different google checkout options for each permutation, which might confuse customers. The other gotcha is that if you want google to parse the info back to you once the customer has completed the order you will need an ssl. That is to say your stock levels will not be upgraded without ssl. We use zen cart with both WorldPay and Goggle Checkout payment options. The advantage of worldpay is that you do not need a ssl. You will however need to open a grown up merchant account via your business account. Set up costs can be free if you are a member of trade organisations such as the Federation of Small Businesses (uk). If you do go for zencart then download the latest version rather than using the version in cpanel. A new up to date install on your site is easier than upgrading. http://www.zencart.com It is a bit of a learning curve but not too bad Goodluck