ShopSite Forums

[Rick5150]

My site was hacked by a phishing account and the host shut it down. I upgraded all of the programs that I could, and deleted the offending files. Now that the site is back up, there were settings I had to change as they were reset somehow - such as the Frontpage extensions (not related to this issue) and .htaccess files were changed as well.

When I go to the shopping cart, the display shows the correct https prefix for the URL, but the credit card information is not. When I review the ORDERS page, it shows these error messages:

Card Security: Low
To view your orders securely, you should use SSL security in ShopSite.

When I go to PREFERENCES>HOSTING SERVICE the check boxes are unchecked. I currently have the https://www.mysite.com/store/sc files only as secure and the http://www.mysite.com/store/ss files are not.

If I check the check boxes and click save, the changes do not "take" and when I go back to the page, they are both unchecked again. How do I make this work as I want this information to be secure, of course...

[Jim]

Frontpage extensions (not related to this issue)

This may actually be the cause of the problems. Frontpage has a tendency to takeover a website and modify things that do not directly relate to it.

What platform is your store hosted on, windows, linux, freebsd etc.?

My guess is that it is a Windows platform since when you you look at the Preference >hosting services setting you are using security at shopping cart url but not at the backoffice url.

The file where the settings for your store are saved is in a file called <storeid>.aa where <storeid> is your login name for the backoffice of the store. There should only be one actual copy of this file and another "symlink" of the same name. On windows servers the actual file is in the stores shopping cart (usually sc) cgi directory and the symlink is in the store's backoffice (usually ss) cgi directory. In a Linux, Freebsd, Solaris install the actual file is in the ss directory and the symlink is in the sc directory. Note that windows does not actually have a "symlink" file type so this is simulated by ShopSite by putting special content in the file to indicate where the actual file is located.

In either situation if the symlink is replace with the actual file odd behavior can occur because one file will be modified when you save settings from the hosting services screen but the other will not be changed. An indication that this is happening is that when you save the secure settings they don't change in the backoffice. So you need to check and see if the appropriate directory for your OS has the real file and the other directory has the symlink file. On windows the symlink file (in the ss directory) should be small say 10-30 bytes and the real file will be 300-1000 bytes. On linux or the other unix OSs the file type will be a symlink.

So check your files and see if they are in the right location and the right type. If not you can make the one a symlink on Linux or other unix os but you will probably need help to recreate it on windows.

Note that backups usually don't keep symlinks on unix/linux systems so if the store was restored from a backup this could have cause this issue.

[Rick5150]

Thanks Jim,

The site was working fine prior and it had FPE enabled then too.

I checked the files you mentioned and the (ss) file was 47 bytes and the (sc) was 1173 bytes.

[Jim]

It will probably require someone to look at the settings and see what is going on. If you host provides ShopSite support ask them to look into it. If they need assistance they can contact ShopSite for help. If your host doesn't provide support I would recommend purchasing a support incident (or annual support) from ShopSite: http://shopsite.com/support_pricing.html

[Rick5150]

Elsewhere, I see this message

If your store is setup correctly the 2nd through 4th shopping cart screens will be secure.

Can my settings be reviewed so I can make sure I am starting in the right place?

Here are my current settings (that do not work). When I change some of them, I can no longer see images for navigation and such.

SSL Security Settings
[__] Use SSL security in Shopping Cart

Shopping Cart secure URL:
http://www.mysite.com/store/ss

Secure Store URL:
https://www.mysite.com/store/sc

[__] Use SSL security in ShopSite (Merchant Interface)

ShopSite secure URL:
http://www.mysite.com/store/ss

ShopSite Images secure URL:
https://www.mysite.com/store/sc

Store Settings

Store URL:
http://www.mysite.com/store

ShopSite Images URL:
http://www.mysite.com/store/shopsite-images

Merchant CGIs URL:
http://www.mysite.com/store/ss

Shopping Cart CGIs URL:
https://www.mysite.com/store/sc

[Jim]

There is no way to be sure that those setting are correct just by looking at examples. It depends on how you host has things configured on the server.

[Rick5150]

That is too bad. Thanks though.

The credit card security being low was due to the storage setting of Symmetric encryption (default). I changed it to "Do not store Credit Cards" and that changed my security to high. I feel better about that.

But when I view orders, I still get the "To view your orders securely, you should use SSL security in ShopSite" message. BlueHost tried to walk me through it, but it resulted in me having to submit a ticket.

[Rick5150]

I just checked this box and that previous message is gone as well and all images can be viewed. So whateve BlueHost did seemed to enable the SSL feature where it stays checked...

[X] Use SSL security in ShopSite (Merchant Interface)

ShopSite secure URL:
http://www.mysite.com/store/ss

ShopSite Images secure URL:
https://www.mysite.com/store/sc

[Jim]

Check to make sure that you can place a product in the cart That screen is usually referenced by http. Then proceed to the billing information screen that screen should be referenced at https:

You might want to place a test order and then see that in the backoffice you can view the order and when viewing the order the url should be https: