Announcement

Collapse

Sellerdeck Community upgrade

18 May: completed upgrade of the Sellerdeck Community software. Please report any issues in this post.
See more
See less

The GDPR

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Laura, Andrew - that's interesting.
    OrderScript debugging is considered in Sellerdeck desktop GDPR Recommendations and I implemented the recommendations given.
    However, after your earlier post I checked our site again and found that the error messages were starting to appear again.
    I compared our Site1 files with the URL cgi-bin files and found that the OrderScript.pl was dated 2009 and had not been updated with the later OrderScript.pl dated 03/11/2016 (unchanged after Notepad++ update) so I FTP'd the updated file over separately.
    Since doing this the file can still be accessed with the following error listed:

    Program = ORDERSCR, Program version = 43542 , HTTP Server = Apache , Return code = 999, Date and Time = 2018/05/10 13:58, Internal Errors = Error returned from SMTP server (4: https://www.spamhaus.org/query/ip/81.171.239.188)
    Do not know what this means!

    SD recommend that OrderScript debugging should only be enabled for a specific purpose and then disabled and the error file deleted afterwards.

    I also compared other *.pl file dates and found similar discreprancies for mailscript.pl, MergeDiff.pl, nph-download.pl, PerlScript.pl, referrer.pl, SearchHighlight.pl, SearchScript.pl files and various *.pm files which is surprising as the Actinic/SD version and site has been updated/refreshed many times since 2009.

    Andrew, SD - Should the most recent versions of these files also be FTP'd over?
    Last edited by Mantra; 10-May-2018, 04:41 PM. Reason: minor change

    Comment


    • #62
      Firstly, the smtp error.....

      It is saying that Spamhaus has identified your SMTP server as being infected with a botnet so it unlikely that your email will be sent or delivered.

      See https://www.abuseat.org/lookup.cgi?ip=81.171.239.188

      Who is the host?
      Elysium:Online - Official Accredited SellerDeck Partner
      SellerDeck Design, Build, Hosting & Promotion
      Based in rural Northants

      Comment


      • #63
        Don't FTP script files over. Let SD do that.

        What version of SD are you running?

        You can go into Help > Troubleshooting and then run Compare Perl Scripts - this compare your scripts against the original scripts for your version
        Elysium:Online - Official Accredited SellerDeck Partner
        SellerDeck Design, Build, Hosting & Promotion
        Based in rural Northants

        Comment


        • #64
          Originally posted by Goz View Post
          Firstly, the smtp error.....

          It is saying that Spamhaus has identified your SMTP server as being infected with a botnet so it unlikely that your email will be sent or delivered.

          See https://www.abuseat.org/lookup.cgi?ip=81.171.239.188

          Who is the host?
          Host is Claranet.

          There are some more appearing today:

          Program = SHOPCART, Program version = 39310 , HTTP Server = Apache , Return code = 999 , Date and Time = 2018/05/11 00:01, Internal Errors = There is no valid input parameters for the script! Check the referencing HTML code!
          Program = SearchSc, Program version = 41529 , HTTP Server = Apache , Return code = 999 , Date and Time = 2018/05/11 06:17, Internal Errors = The requested file (Miscellaneous.html) is outside the scope of the script. If you believe the requested page should be served please contact the site operator.

          Comment


          • #65
            Originally posted by Goz View Post
            Don't FTP script files over. Let SD do that.

            What version of SD are you running?
            Thanks, Andrew

            Version 16.0.3 RBUC

            You can go into Help > Troubleshooting and then run Compare Perl Scripts - this compare your scripts against the original scripts for your version
            Only 1 Perl Script listed as having been changed compared to sellerdeck originals:

            MailForm.pl - change for reCAPTCHA v2 update.

            I did a complete refresh (digital files and changed file boxes unticked) of the website this morning but this has made no difference to the script file date descrepancies - see screenshot attached.

            I will raise a ticket with SD support.

            Martin
            Attached Files

            Comment


            • #66
              OrderScript.pl, PerlScript.pl, Search.pm should not be on your server. They should only be in your Site1 folder on your PC.

              When performing an upload, SellerDeck generates the scripts it needs from the scripts in the Site1 folder.

              You can identify those scripts in your cgi-bin by virtue of the fact they have the script number in the filename e.g. sa000001.pm, os000001.pl etc. (although there are a couple of exceptions such as DigestSHAPurePerl.pm and JSONPP.pm but that would be dependent on which which version of SD you are using)

              I would delete everything in the cgi-bin and then perform a website refresh. (Or, if you are ultra-cautious, backup the cgi-bin first)
              Elysium:Online - Official Accredited SellerDeck Partner
              SellerDeck Design, Build, Hosting & Promotion
              Based in rural Northants

              Comment


              • #67
                Originally posted by Goz View Post
                It is saying that Spamhaus has identified your SMTP server as being infected with a botnet so it unlikely that your email will be sent or delivered.

                See https://www.abuseat.org/lookup.cgi?ip=81.171.239.188
                Thank you Andrew, I have reported this and raised a ticket with Claranet UK abuse team to investigate.

                Martin

                Comment


                • #68
                  Originally posted by Goz View Post
                  OrderScript.pl, PerlScript.pl, Search.pm should not be on your server. They should only be in your Site1 folder on your PC.

                  When performing an upload, SellerDeck generates the scripts it needs from the scripts in the Site1 folder.

                  You can identify those scripts in your cgi-bin by virtue of the fact they have the script number in the filename e.g. sa000001.pm, os000001.pl etc. (although there are a couple of exceptions such as DigestSHAPurePerl.pm and JSONPP.pm but that would be dependent on which which version of SD you are using)

                  I would delete everything in the cgi-bin and then perform a website refresh. (Or, if you are ultra-cautious, backup the cgi-bin first)
                  Andrew

                  The files identified must have been old legacy files residing in the site cgi-bin folder.

                  I took a backup just in case and deleted all files with *name .pl, .pm prefixes except the 2 files you mention leaving all files with script number in the filename and uploaded the site.

                  I will leave the complete clear out and site refresh for later as this takes an age and needs to be done at a quiet time when orders are not being generated - very early morning.

                  Thank you for your support and advice.

                  Martin
                  Mantra Audio

                  Comment


                  • #69
                    Apologies, my earlier htaccess attempt didn't work, this one seems to:

                    Code:
                    <FilesMatch "\.(fil|session|authorise|mail)$">
                    	Order Allow,Deny
                    	Deny from all
                    </FilesMatch>
                    Without htaccess in the acatalog folder:

                    http://www.graphicz.solutions/gdprcs...log/prompt.fil

                    With the htaccess in the acatalog flder:

                    http://www.graphicz.solutions/gdpr/acatalog/prompt.fil
                    Jonathan Chappell
                    Website Designer
                    SellerDeck Website Designer
                    Actinic to SellerDeck upgrades
                    Graphicz Limited - www.graphicz.co.uk

                    Comment


                    • #70
                      Originally posted by brucet View Post
                      We will ensure that users of our software and services can comply with them, and we will advise on any configuration changes that are necessary.
                      Hi Bruce... not quite true. Sellerdeck have just told me they will NOT supply me with the GDPR advice document as I do not currently subscribe to Sellerdeck cover. I am a long standing user of Sellerdeck/Actinic for over 10 years. I cancelled my Cover contract because frankly I didn't think the support I got from it was good enough. This kind of mean spirited customer relations is very disappointing.

                      Arka Tribal Jewellery

                      Comment

                      Working...
                      X