Desperate cant take orders

[joyces]

Help have just found my website can't take orders. Returned an error 403 page after checkout confirmation. I contacted the hosting company and they said it wasn't a server issue.

They have given me this off the error logs

 

[sun Jan 27 16:53:23 2013] [error] [client 2.223.243.25] client denied by server configuration: /var/www/vhosts/kingsandqueens.org.uk/httpdocs/catalog/images/index.html, referer: http://www.kingsandqueens.org.uk/catalog/index.php?cPath=65_160

 

Can anyone help?

 

Andrea

[MrPhil]

What version of osC? As of 2.3, there shouldn't be an index.html file in /catalog/images/. There shouldn't be an index.php either (if you have some SEO add-on). Maybe there is in older versions (2.2), but I don't have a copy at hand to check.

 

It's possible that you've been hacked. Check all your files for "last modified" dates that are more recent than you can recall doing any work on (or uploading). Compare those files against a known clean backup and see if anything was added. If your site is osC 2.2 (MS* or RC*), there are a lot of known huge security holes that you'd better get on the ball about patching.

[joyces]

thanks for the reply. I'm actually in the process of a rebuild to the newest version of OSC. I have had a respected community member do a lot of security work on the site and all files look ok. It is version 2.2 I'm afraid.

 

Andrea

[Guest]

@@joyces

 

First, before getting to your actual issue.

 

YOUR SITE IS NOT PCI DSS COMPLIANT, THEREFORE IT IS ILLEGAL FOR YOU TO TAKE CREDIT CARD INFORMATION DIRECTLY ON YOUR WEBSITE. !!!

 

My advice is, use an online payment processor. I can tell you in all certainty that you WILL face civil and criminal charges for doing what you are doing. You shipping to Canada and the USA and enforcement is on the rise.

 

So, correct that issue, test your site and then see if the problem persists.

 

I have had a respected community member do a lot of security work on the site and all files look ok

 

None of the respected providers on this site would have done any work on your site with violation on the site.

 

 

 

Chris

[joyces]

Hi Chris

 

My site is PCI compliant it is scanned once a month by security metrics and I have all the necessary scan reports lodged with my card provider to their complete satisfaction.

Are you on a commission for gateway payment systems?

thanks for your concern

Andrea

[Guest]

@@joyces

 

As part of being compliance, you must present the PCI DSS compliance icon and certificate. Your site displays neither.

 

I do not work for or represent any gateway processor. However, I am extensively versed in PCI DSS compliance laws (in some states and provinces) and policies and others who have not yet made it a law. However, international standards are changing to ensure the security of credit card information and I am 100% certain that ALL of North America has some sort of law/ policy in place regarding the handling/ processing of credit card information. Since your site appears to accept orders from North America, you are in violation of said laws/ policies.

 

 

Chris

[♥joli1811]

Hi ,

turn on the cash on delivery to test if possible to checkout.

Regards

John