crombiecrunch Posted November 17, 2008 Share Posted November 17, 2008 Surprisingly I didn't add that. So I'll have to draw up a new set of instructions to add that to the database. thanks you are the best Quote Link to comment Share on other sites More sharing options...
jasyn Posted January 14, 2009 Share Posted January 14, 2009 (edited) i'm trying to install the contribution but i get the following error when trying to add the sql. #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 23 line 23 is referring to `risk` float(7); UPDATE: *i figured instead of a ; it is suppose to be a ,* you should fix the instructions if i am correct. Edited January 14, 2009 by jasyn Quote Link to comment Share on other sites More sharing options...
jasyn Posted January 14, 2009 Share Posted January 14, 2009 for those who use the maxmind service .. is the premium service worth getting over the standard service? Quote Link to comment Share on other sites More sharing options...
nrlatsha Posted January 26, 2009 Author Share Posted January 26, 2009 i'm trying to install the contribution but i get the following error when trying to add the sql. #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 23 line 23 is referring to `risk` float(7); UPDATE: *i figured instead of a ; it is suppose to be a ,* you should fix the instructions if i am correct. Thanks! I updated the instructions and I'll upload the new ones here in a minute.! for those who use the maxmind service .. is the premium service worth getting over the standard service? I no longer have an online store, but I would like to hear the opinion of others on this question. I like the lat and long, but the IP origination city is nice to know. Quote 9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard) Replace that and you're fine... Link to comment Share on other sites More sharing options...
OSSamm Posted February 7, 2009 Share Posted February 7, 2009 I am trying to get this to work with the "Purchase without account" contribution has anyone had any luck? Quote Link to comment Share on other sites More sharing options...
proinet Posted March 30, 2009 Share Posted March 30, 2009 Hi, I'm trying to add this to 2.2RC2 (which the install.html says it is for) Step 6 says to look for this in catalog/checkout_process.php: if (tep_not_null($sql_data_array['customers_id'])) { But that line is not in the file. Where should the require line from step 6 be added? Thanks! Quote Link to comment Share on other sites More sharing options...
proinet Posted April 8, 2009 Share Posted April 8, 2009 Hi, I'm trying to add this to 2.2RC2 (which the install.html says it is for) Step 6 says to look for this in catalog/checkout_process.php: if (tep_not_null($sql_data_array['customers_id'])) { But that line is not in the file. Where should the require line from step 6 be added? Thanks! From the looks of things, it may go better after this: tep_db_perform(TABLE_ORDERS, $sql_data_array); $insert_id = tep_db_insert_id(); so it looks like this: tep_db_perform(TABLE_ORDERS, $sql_data_array); $insert_id = tep_db_insert_id(); require(DIR_WS_MODULES . 'maxmind/maxmind.php'); That did work for me, thanks!! Quote Link to comment Share on other sites More sharing options...
proinet Posted April 8, 2009 Share Posted April 8, 2009 Blocking orders?? Now that I've got this installed, I don't find anywhere to set a maximum allowed score. There is nothing under "Modules" in the admin panel. Can orders with a score above a certain value be blocked for manual review or cancellation? Thanks! Quote Link to comment Share on other sites More sharing options...
albundy Posted May 7, 2009 Share Posted May 7, 2009 I have workt with this contribute without any problems untill 4 may. On 5 may i have moved my site to a new server with apache 2 and php.5 Everything works on the site except maxmind is no longer getting information and as result of that i don't get any fraud check information. I have contact Maxmind and they have let me know that they don't receive any information for me after 4 may. So the problem seems to be the new server Debian Etch with apache 2.2.3 and php 5.02.08 Is there any one who knows what can be wrong? Thanks Marcel Quote Link to comment Share on other sites More sharing options...
albundy Posted May 7, 2009 Share Posted May 7, 2009 never mind i have already found the problem, Curl was not been installed on my new server and this was the problem Quote Link to comment Share on other sites More sharing options...
illusive101 Posted May 26, 2009 Share Posted May 26, 2009 Does anyone know if this contribution works with PayPal? I saw on maxmind.com that minFraud could be implemented to work with PayPal and would like to know. Thanks! Quote Link to comment Share on other sites More sharing options...
illusive101 Posted May 26, 2009 Share Posted May 26, 2009 Does anyone know if this contribution works with PayPal? I saw on maxmind.com that minFraud could be implemented to work with PayPal and would like to know. Thanks! Was also wondering if there was a way to implement phone verification after a FIRST order has been complete. After that, I'd like to have it not call them because they've already been verified. Quote Link to comment Share on other sites More sharing options...
oranges Posted August 25, 2009 Share Posted August 25, 2009 anyone get this thing to work with paypal standard that comes with 2.2rc2? works fine when i test it with the not-for-production-use cc module..but doesnt seem to work with paypal standard. Quote Link to comment Share on other sites More sharing options...
olimits7 Posted April 14, 2010 Share Posted April 14, 2010 Hi, I'm trying to install this MaxMind contribution, and I'm currently on step 6, but I can't seem to find the following line code in my "checkout_process.php" file. I even tried downloading a new copy of osCommerce and doing a search in a new "checkout_process.php" file but it still doesn't come up. if (tep_not_null($sql_data_array['customers_id'])) { Can someone help please point out where I can add the following code the install is asking me to add on the "checkout_process.php" page? require(DIR_WS_MODULES . 'maxmind/maxmind.php'); Thank you, olimits7 Quote Link to comment Share on other sites More sharing options...
i960 Posted May 16, 2010 Share Posted May 16, 2010 Hi, I'm trying to install this MaxMind contribution, and I'm currently on step 6, but I can't seem to find the following line code in my "checkout_process.php" file. I even tried downloading a new copy of osCommerce and doing a search in a new "checkout_process.php" file but it still doesn't come up. if (tep_not_null($sql_data_array['customers_id'])) { Can someone help please point out where I can add the following code the install is asking me to add on the "checkout_process.php" page? require(DIR_WS_MODULES . 'maxmind/maxmind.php'); Thank you, olimits7 As posted earlier, it looks like it's supposed to go after this: tep_db_perform(TABLE_ORDERS, $sql_data_array); $insert_id = tep_db_insert_id(); I got confused in the same spot when trying to install this. It appears that whoever uploaded version 1.54 changed the install instructions, and they haven't been fixed yet. I have no idea where "if (tep_not_null($sql_data_array['customers_id'])) {" came from, but it doesn't exist anywhere in my store, on a fresh download of 2.2 RC2a, or any other previous version of osCommerce I have seen. From the release notes, I'm guessing that change was supposed to be related to the PayPal IPN module, but that code doesn't show up anywhere in the PayPal module at all or in it's install instructions. Sounds like whoever made that change had some other contribution installed. [rant] People, if you're gonna create a new extension or update an existing one, PLEASE base your instructions on a CLEAN install of osCommerce. If another contribution is required, then note that in the instructions, and base your instructions on a CLEAN install of osCommerce plus the required contribution ONLY. Sorry to rant, but I am tired of people polluting what are otherwise good contributions and making it difficult for everyone to use them. And while I'm on my soapbox here, I absolutely hate it when someone updates a contribution and only includes the file they changed or just a little txt file with instructions to make changes. No one wants to track down the last complete package and then have to apply a bunch of different patches. If you are going to make a change, upload the ENTIRE contribution, or don't bother. Quit wasting everyone's time. [/rant] Quote Link to comment Share on other sites More sharing options...
Top_Speed Posted March 23, 2011 Share Posted March 23, 2011 I have updated to the last upload (2.0) of this contrib and all of a sudden we have rec'd a ton of calls on compromised Credit Cards. I have since lifted the Credit Card module. We have never, never had a complaint up till now and we take 20-50 orders a day one of my sites. Has anybody else experienced anything like this after 2.0 Maxmind was installed?? I hope it's something else but you know how easy it would be to upload an altered (a so called updated) version only to have the credit card numbers go to the frauders instead of Maxmind? (or sent to both!) An easy edit of the checkout_process.php or orders.php where the CC call is made. I haven't checked coding yet (and the new so called SQL update) as I have been fielding calls ;( PLUS I'm sure if this has been compromised they have hidden it pretty good within the code. Also why is Maxminds address Waltham MA. but their listed fax is out way out west? Very worried here as I take my customer frustration as my own. Quote define('PROJECTS', 'Something that goes on forever!'); Link to comment Share on other sites More sharing options...
Top_Speed Posted March 29, 2011 Share Posted March 29, 2011 My MaxMind is NOT to blame (thankfully as I like it alot!) The dang images/banner dir got hacked (php shell file that can see all site pages :( I got an htaccess now that will only accept what file types I want in there. I'm sure as I write this some idiot somewhere is figuring another backdoor in. They suck, get a real job and make your money honestly! Quote define('PROJECTS', 'Something that goes on forever!'); Link to comment Share on other sites More sharing options...
Taipo Posted March 30, 2011 Share Posted March 30, 2011 (edited) If your site has the admin bypass exploit security hole in it, then its best you upgrade to the latest stable release of oscommerce which is version 2.3.1 by actually creating a new site then importing your database into it. Currently attackers are able to get access to your admin files with full admin privaleges which have allowed them to upload rogue code into your images directory for starters. If you choose not to upgrade in this manner which is the safest possible way of dealing with this type of exploit, then you run the risk of playing cat and mouse with the attacks which have many options as to where they will try next. In that situation, at the very least protect your admin directory by adding folder protection (htaccess protection that your webhost should provide you in your control panel) and add osc_sec.php. Also read this and run the test example in there (the slightly more improved version of the proof of concept found further down in that discussion thread) on your site http://www.oscommerce.com/forums/topic/373047-a-chat-about-file-permissions/ If the report states that the file example is writeprotected then it is highly possible that the attacks are restricted to writable files and directories in which case in addition to the other suggested changes, change the banner and images directory and any other directories that have permissions of 777, to 755. Only make them writable during the period you are adding or editing product images then change them back. If the report states that it is able to open, add and change file permissions, then there is no doubt in my mind that many other files will have been infected on your site due to the potential of an attack to overwrite any file which they so choose to. At which point your only real option is to build a new site with the new oscommerce site code set of 2.3.1 Edited March 30, 2011 by Taipo Quote - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
nrlatsha Posted January 21, 2012 Author Share Posted January 21, 2012 New thread started for new version! MaxMind Fraud Detection v3.0 http://www.oscommerce.com/forums/topic/383054-contribution-maxmind-fraud-detection-service-v30/ Quote 9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard) Replace that and you're fine... Link to comment Share on other sites More sharing options...
nrlatsha Posted May 16, 2013 Author Share Posted May 16, 2013 Is there anyone still following this thread? Quote 9 times out of 10 its a PEBCAK Error (Problem exists between chair and keyboard) Replace that and you're fine... Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.