pickupman

Any news on PHP version upgrades on shared hosting? Would like to have ability to at least PHP5.6. The PHP5.4 available is getting quite old at this point as it was originally release 4.5 years ago.

Thanks for the article. Good read. It seems some the PCI compliance stuff seems rather rigorous, and that fact that I am not storing CC# on my account/DB. When I searched the boards, I was surprised there are not more questions regarding this.

I recently created a PCI Compliance profile with Trustwave per my agreement with my gateway. The scan of my website failed due to the version OpenSSL on server. Is this a know issue with PCI scans with TCH, or are there any plans to upgrading OpenSSL to their recommended .9.8m?

Finally!!! Right on carbonize...tried on bespin and it worked perfectly. Thanks TCH-Dick and staff for getting this fixed.

I have this same issue on the Wordpress install I have running here on TCH. All 3 are a pain to update. I believe this a file ownership issue on the user/group for apache as well as php. On another host, I have about 6 wordpress installs, and all of them update flawlessly using automatic updates. I click "Update", I don't have to enter FTP credentials, package is downloaded and installed in generally under 5 secs or so. Even the core upgrades work with ease. On my TCH account, I almost always have to upgrade manually because of this issue. As popular as a platform wordpress is, it seems a little silly that this should be an issue. Even if I have to enter FTP credentials, it seems to be really slow downloading the packages and extracting them.

Is there a way to enable "add_header all Report _REPORT_" in user_prefs. Without seeing test scores for spam messages it's hard to create custom scores to flag some of these. I've add the rule, but there is no effect.

So another words Spam Assassin is not doing us any good.

I have as well noticed over the past two weeks and increase in spam. I have checked mail headers and these blatant spams are scored as a negative score or less than 1. Here's one that popped in while I was typing this. The message was only a link to a russian domain.

Natalie, Glad to see you taking a couple of steps to protect yourself. As for a robots.txt, just prevents a search engine crawling your site/directories. That doesn't mean, someone who knows the url to just type it in. Index listing is default of Apache webserver. If a index.html, index.htm, or index.php is not found, the directory is printed. This can be handy in some cases. I have Apache running on my computer at home. I have password protected a folder, and can login and retrieve any file from that folder. Yes, I wrote the php script myself. Here's a link that outlines the same idea. MP3 Streaming Script Since you are already using php & mysql running Mambo, you wouldn't need much more to put this into place. Upload files using a script that stores the info in the DB. Use php to create a cookie, check for valid cookie. If cookie is valid, get a file name from the DB, and stream to user. Let me know if you would like some help.

Natalie, Another issue looks like you should fix, is prevent directory listing. Login into cPanel go down to the bottom under Advanced section, and click on Index Manager. Click okay to select the default folder. From the folder tree click on your audio folder. On the following screen, choose "No Indexing" radio box and hit okay. Right now if you type in your address pointing to the audio folder, all of the folders and files are shown. This allows anyone to be able to download or access all of the content under this folder. Or you can upload a blank index.html file into all of your subdirectories, so the files are not shown. In regards to using .htaccess, it seems you are on the right track. Check if your audio folder also has a .htaccess file as subdirectories override the one in your webroot. If you can't get it working using .htaccess, you may consider using php and mysql database to handle the process. For I site I am working on, a user can upload a file (ie. image or mp3). The files are uploaded to random folders and added to a database. I use a php script that calls a file id (ie. http://www.natilie-brown.com/mp3/1), checks the user/referrer, gets the file location from the DB, and then streams the file to the browser. It would be very difficult for a user to ever guess the real filename and real directory to hotlink the file. This approach is transparent to the user, and offers a level of authentication.

I am using OsCommerce cart and now the UPS (XML) Shipping module doesn't function now either. It uses curl to submit & retrieve UPS rates. The checkout_shipping.php page hangs if this module is enabled. I have enabled the stock UPS shipping module for a temporary workaround. UPS XML has worked fine for the last year or so. No code changes. phpinfo() shows curl enabled and version libcurl/7.15.3 OpenSSL/0.9.7a zlib/1.1.4.

I use a gallery script, and have directory indexing off. I don't have any remaining install scripts left. Just thought it a little odd to have all of these errors in the log.

My site was recently hacked in a creloaded script directory, and my site was reprovisioned. Prior to that, and currently I see alot of hits in the error log on url's lite /mysite/some+term.php. All are different variants, and different ip's. I have seen an increase over the last 3 months. The hack was done in an images directory, and alot the urls point into other image directories. Any ideas, or concerns for this issue, or is it common among most sites.

dhilke, I don't know why, but I found that I could only create & edit my cgi scripts from within cpanel's file manager. At first I was using notepad, and ftp'ing them to my cgi-bin and then chmod the script. Everytime I tried that, I got error 500. Try creating, copying & pasting in cpanel once.

I found that the dashes (-) in the sa-learn command line where incorrect in TCH-Bruce's post. They were a longer ascii dash in the post, but should be a standard dash between [0] & [=]. Output is working example: Learning SPAM: .................... Learned (6) messages (15 examined). >#!/usr/bin/perl use CGI::Carp qw(fatalsToBrowser); my $salearn = "/usr/bin/sa-learn"; $|; print "Content-type: text/plain\n\n"; print "Learning SPAM:\n"; print `$salearn -p /home/tchaccount/.spamassassin/user_prefs --mbox --spam --showdots /home/tchaccount/mail/myspam 2>&1`; print "\n\n"; print "Learning HAM:\n"; print `$salearn -p /home/tchaccount/.spamassassin/user_prefs --mbox --ham --showdots /home/tchaccount/mail/myham 2>&1`; print "\n\n"; exit;

Thanks David. Script ran and output: Should there be any other output? I have about 500 spam mail.

You may want to edit your post. >print `$salearn -p /home/tchaccount/.spamassassin/user_prefs –mbox –spam –showdots /home/tchaccount/mail/myspam`; How does printing output to the screen process any data? I have tried editing the script manually to but keep getting errors. I also get error 500 also.

I changed the lines above the tep_mail in /catalog/admin/order.php and deleted the line: tep_mail($check_status['customers_name'], $check_status['customers_email_address'], EMAIL_TEXT_SUBJECT. ' #' . tep_db_input($oID), nl2br($email), STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, $extraheaders, $header); You just need to replace oldeparsonage.com with your domain. I do not get any points from SA now. I tried whitelisting before figuring this out, which didn't work to well. I added a multipart email, so that the email is sent both plain text and html. For your the email your customer receives when placing the order see below. Any questions on how it works/means email me. Thanks, Joe >// some local variables $from_name = STORE_NAME; $from_email = STORE_OWNER_EMAIL_ADDRESS; $to_name = $check_status['customers_name']; $to_email = $check_status['customers_email_address']; // headers need to be in the correct order... $headers = "From: $from_name<$from_email>\n"; $headers .= "Reply-To: <$from_email>\n"; $headers .= "Message-ID: <002301c4381d$bbe6ee90$6400a8c0@oldeparsonage.com>\n"; $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-Type: multipart/alternative; boundary=\"----=_NextPart_000_0008_01C45901.EEDC2260\"\n"; $headers .= "X-Sender: $from_name<$from_email>\n"; $headers .= "X-Mailer: PHP4\n"; //mailer $headers .= "X-Priority: 3\n"; //1 UrgentMessage, 3 Normal $headers .= "Return-Path: <$from_email>\n"; $subject = "Order #" . $oID; $Message .= "This is a multi-part message in MIME format.\n\n"; $Message .= "------=_NextPart_000_0008_01C45901.EEDC2260\n"; $Message .= "Content-Type: text/plain; charset=\"iso-8859-1\"\n"; $Message .= "Content-Transfer-Encoding: quoted-printable\n\n"; // your plain text message goes here $Message .= STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_ORDER_NUMBER . $oID . "\n" . "\n" . EMAIL_TEXT_DATE_ORDERED . ' ' . tep_date_long($check_status['date_purchased']) . "\n" . "\n" . "Order information is available by using the link below:\n" . HTTP_SERVER . DIR_WS_CATALOG . "account_history_info.php?order_id" . "=3D" . $oID . "\n" . "\n" . $notify_comments . sprintf(EMAIL_TEXT_STATUS_UPDATE, $orders_status_array[$status]); $Message .= "\n"; // End plain text message here $Message .= "------=_NextPart_000_0008_01C45901.EEDC2260\n"; $Message .= "Content-Type: text/html; charset=\"iso-8859-1\"\n"; $Message .= "Content-Transfer-Encoding: quoted-printable\n"; $Message .= "\n"; // your html goes here -- It didn't appear properly without // the weird markup that outlook added after sending $Message .= "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; $Message .= "<HTML><HEAD>\n"; $Message .= "<META HTTP-EQUIV=3D\"Content-Type\" content=3D\"text/html; =charset=3Diso-8859-1\">\n"; $Message .= "<META content=3D\"MSHTML 6.00.2800.1400\" name=3DGENERATOR>\n"; $Message .= "<STYLE></STYLE></head>\n"; $Message .= "<BODY><FONT face=3DVerdana size=3D2>\n"; $Message .= "<img src=3D\"http://www.oldeparsonage.com/logosmall.jpg\"><br>\n"; $Message .= "<br>\n" . "<hr>" . "<br>\n" . EMAIL_TEXT_ORDER_NUMBER . $oID . "<br>\n" . "<br>\n" . EMAIL_TEXT_DATE_ORDERED . ' ' . tep_date_long($check_status['date_purchased']) . "<br>\n" . "<br>\n" . "Order information is available by using the link below:<br>\n" . "<a href=3D\"" . HTTP_SERVER . DIR_WS_CATALOG . "account_history_info.php?order_id" . "=3D" . $oID . "\">" . HTTP_SERVER . DIR_WS_CATALOG . "account_history_info.php?order_id" . "=3D" . $oID ."</a><br>\n" . "<br>\n" . $notify_comments . sprintf(EMAIL_HTML_STATUS_UPDATE, $orders_status_array[$status]); $Message .= "</FONT></BODY></HTML>\n"; $Message .= "\n"; // this ends the message part $Message .= "------=_NextPart_000_0008_01C45901.EEDC2260--\n"; $Message .= "\n"; mail($check_status['customers_email_address'], $subject, $Message, $headers); Here is my setup for /catalog/order_process.php. This code creates a plain text/html message when they confirm their order. >// lets start with the email confirmation $email_order = "This is a multi-part message in MIME format.\n\n"; $email_order .= "------=_NextPart_000_0008_01C45901.EEDC2260\n"; $email_order .= "Content-Type: text/plain; charset=\"iso-8859-1\"\n"; $email_order .= "Content-Transfer-Encoding: quoted-printable\n\n"; //Begin plain text message $email_order .= STORE_NAME . "\n" . EMAIL_SEPARATOR . "\n" . EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "\n" . EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id' . '=3D' . $insert_id, 'SSL', false) . "\n" . EMAIL_TEXT_DATE_ORDERED . ' ' . strftime(DATE_FORMAT_LONG) . "\n\n"; if ($order->info['comments']) { $email_order .= $order->info['comments'] . "\n\n"; } $email_order .= EMAIL_TEXT_PRODUCTS . "\n" . EMAIL_SEPARATOR . "\n" . $products_ordered . EMAIL_SEPARATOR . "\n"; $size = sizeof($order_totals); for ($i=0; $i<$size; $i++) { $email_order .= strip_tags($order_totals[$i]['title']) . ' ' . strip_tags($order_totals[$i]['text']) . "\n"; } $email_order .= "\n" . EMAIL_TEXT_DELIVERY_ADDRESS . "\n" . EMAIL_SEPARATOR . "\n" . tep_address_label($customer_id, $sendto, 0, '', "\n") . "\n\n" . EMAIL_TEXT_BILLING_ADDRESS . "\n" . EMAIL_SEPARATOR . "\n" . tep_address_label($customer_id, $billto, 0, '', "\n") . "\n\n"; if (is_object($$payment)) { $email_order .= EMAIL_TEXT_PAYMENT_METHOD . "\n" . EMAIL_SEPARATOR . "\n"; $payment_class = $$payment; $email_order .= $payment_class->title . "\n\n"; if ($payment_class->email_footer) { $email_order .= $payment_class->email_footer . "\n\n"; } } //End plain text message // html section begins $email_order .= "------=_NextPart_000_0008_01C45901.EEDC2260\n"; $email_order .= "Content-Type: text/html; charset=\"iso-8859-1\"\n"; $email_order .= "Content-Transfer-Encoding: quoted-printable\n"; $email_order .= "\n"; // your html goes here -- It didn't appear properly without // the weird markup that outlook added after sending $email_order .= "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; $email_order .= "<HTML><HEAD>\n"; $email_order .= "<META HTTP-EQUIV=3D\"Content-Type\" content=3D\"text/html; =charset=3Diso-8859-1\">\n"; $email_order .= "<META content=3D\"MSHTML 6.00.2800.1400\" name=3DGENERATOR>\n"; $email_order .= "<STYLE></STYLE></head>\n"; $email_order .= "<BODY><font face=3DVerdana size=3D2>\n"; $email_order .= "<img src=3D\"http://www.oldeparsonage.com/logosmall.jpg\"><br>\n"; $email_order .= "<br>\n" . "<hr>" . "<br>\n" . EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "<br>\n" . EMAIL_TEXT_INVOICE_URL . ' ' . "<a href=3D\"" . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id' . '=3D' . $insert_id, 'SSL', false) . "\">" . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id' . '=3D' . $insert_id, 'SSL', false). "</a><br>\n" . EMAIL_TEXT_DATE_ORDERED . ' ' . strftime(DATE_FORMAT_LONG) . "<br><br>\n\n"; if ($order->info['comments']) { $email_order .= $order->info['comments'] . "\n\n"; } $email_order .= "<b>" . EMAIL_TEXT_PRODUCTS . "</b><br>\n" . "<hr><br>\n" . $products_ordered_html . "<hr><br>\n"; $size = sizeof($order_totals); for ($i=0; $i<$size; $i++) { $email_order .= strip_tags($order_totals[$i]['title']) . ' ' . strip_tags($order_totals[$i]['text']) . "<br>\n"; } $email_order .= "<br>\n<b>" . EMAIL_TEXT_DELIVERY_ADDRESS . "</b><br>\n" . "<hr><br>\n" . tep_address_label($customer_id, $sendto, 0, '', "<br>\n") . "<br><br>\n\n" . "<b>" . EMAIL_TEXT_BILLING_ADDRESS . "</b><br>\n" . "<hr><br>\n" . tep_address_label($customer_id, $billto, 0, '', "<br>\n") . "<br><br>\n\n"; if (is_object($$payment)) { $email_order .= "<b>" . EMAIL_TEXT_PAYMENT_METHOD . "</b><hr>\n" . "<br>\n"; $payment_class = $$payment; $email_order .= $payment_class->title . "<br><br>\n\n"; if ($payment_class->email_footer) { $email_order .= $payment_class->email_footer . "<br><br>\n\n"; } } $email_order .= "</font></BODY></HTML>\n"; $email_order .= "\n"; //this ends html markup // this ends the message part $email_order .= "------=_NextPart_000_0008_01C45901.EEDC2260--\n"; $email_order .= "\n"; // some local variables $from_name = STORE_NAME; $from_email = STORE_OWNER_EMAIL_ADDRESS; $to_name = $order_customer['customers_name']; $to_email = $order_customer['customers_email_address']; // headers need to be in the correct order... $headers = "From: $from_name<$from_email>\n"; $headers .= "Reply-To: <$from_email>\n"; $headers .= "Message-ID: <002301c4381d$bbe6ee90$6400a8c0@oldeparsonage.com>\n"; $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-Type: multipart/alternative; boundary=\"----=_NextPart_000_0008_01C45901.EEDC2260\"\n"; $headers .= "X-Sender: $from_name<$from_email>\n"; $headers .= "X-Mailer: PHP4\n"; //mailer $headers .= "X-Priority: 3\n"; //1 UrgentMessage, 3 Normal $headers .= "Return-Path: <$from_email>\n"; $subject = "Order #" . $insert_id; mail($order->customer['email_address'], $subject, $email_order, $headers);

I figured it out after reading some rfc's // some local variables $from_name = STORE_NAME; $from_email = STORE_OWNER_EMAIL_ADDRESS; $to_name = $check_status['customers_name']; //This variable needs to be changed based on what file it's calling from $to_email = $check_status['customers_email_address']; //This variable needs to be changed based on what file it's calling from // headers need to be in the correct order... $extraheaders = "From: $from_name<$from_email>\n"; $extraheaders .= "Reply-To: <$from_email>\n"; $extraheaders .= "Message-ID: <002301c4381d$bbe6ee90$6400a8c0@oldeparsonage.com>\n"; $extraheaders .= "MIME-Version: 1.0\n"; $extraheaders .= "X-Sender: $from_name<$from_email>\n"; $extraheaders .= "X-Mailer: PHP4\n"; //mailer $extraheaders .= "X-Priority: 3\n"; //1 UrgentMessage, 3 Normal $extraheaders .= "Return-Path: <$from_email>\n"; Mail($to_name, $to_email, $subject, $message, $from_name, $from_email, $extraheaders, $headers)

I have just setup osCommerce with paypal as my payment gateway. I have all of my modules working properly. I received my first order through osCommerce, however it was Paypal email that notified me. After enabling my SpamBox, I saw that email coming throught osCommerce where receiving high points for this error: "3.3 MSGID_FROM_MTA_SHORT Message-Id was added by a relay". I looked at the email header and it looks like this: Received: from nobody by server38.totalchoicehosting.com with local (Exim 4.24) id 1BNiUn-0003di-Pt for jomcfred@oldeparsonage.com; Tue, 11 May 2004 20:25:17 -0500 To: "Joe Frederick" <jomcfred@oldeparsonage.com> Subject: testt From: Olde Parsonage <'orders@oldeparsonage.com'> MIME-Version: 1.0 X-Mailer: osCommerce bulk mailer Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <E1BNiUn-0003di-Pt@server38.totalchoicehosting.com> Date: Tue, 11 May 2004 20:25:17 -0500 X-Spam-Exim: uph3SWpzdCbRAUuy8fxBlHxB How can I configure osCommerce to sendmail and add tch server info, so that it isn't spam?