After a security issue in Magento marketplace account which was held on November 21, 2019.
So Adobe instruct to store owner to do website scanning via https://account.magento.com/scanner
After successful scanning, I got the following message.
We have determined that your Magento installation's configuration
file(s) are publicly accessible over HTTP.
File: .user.ini
And as I checked .user.ini file its permission is 644.
Looking for help to solve a publically accessible file.
Put it in your nginx config.
location ~ \.user\.ini$ {
deny all;
}
Related
When I cloned my web site with All-in-one WP Migration and overwrote another web site with this copy I lost the cloned website's domain hosting information how do I retrieve this?
When I now lookup the cloned website on IICAN I get these messages. My Original website is dancesportconfidence.com and it is still fine but the error has come up on the cloned copy of this website at dancestudio.com.au We are adding a Laravel theme to this to build a membership portal for our working website and I need to know the hosting information. I know that the name servers are through Cloudflare and Cloudflare has asked me to change the Name Servers to different ones.is but I'm not entirely sure who the WHOIIS server or the registrar is.
Domain Name Registration Data Lookup
Enter a domain name - dancestudio.com.au
Frequently Asked Questions (FAQ)LookupBy submitting any personal data, I acknowledge and agree that the personal data submitted by me will be processed in accordance with the ICANN Privacy Policy, and agree to abide by the website Terms of Service and the Domain Name Registration Data Lookup Terms of Use.
No registry RDAP server was identified for this domain. Attempting lookup using WHOIS service.
Failed to perform lookup using WHOIS service: TLD_NOT_SUPPORTED.
Can anyone help?
I'm trying to add PayPal payments in a Prestashop (v1.7.3) store using the PayPal & Braintree Official Module (v3.11.6), but until now without success.
Installed and configured the module without any problems, but every time i proceed with a payment this error is displayed to the user:
Tested the module in both sandbox and production environments, and the error still persists.
What can be the problem?
UPDATE: After some debugging i found the origin of the problem. The problem is that the module is unable to connect to PayPal's API via cURL with SSL/TLS.
I'm using Prestashop in Windows Server with IIS, and in this environment cURL has to be informed where the certificate authority is located in order to establish a secure connection.
I downloaded the cacert.pem file from curl website, stored it in my server and then, in module files (PPHtmlConfig.php) i added the CA location in the cURL options settings manually:
CURLOPT_CAINFO => 'C:\\(...)\\cacert.pem',
Now i'm able to connect to PayPal's API and successfully make a payment!
I've contacted the module's tech support team and they are analysing this issue.
After several contacts with the module tech support, this is their final response to the issue:
We do not know the specialty of your server. This is not a recurring
error in our module. It happens if the CURL can not find the CA
certificate. In general, we advise you to ask your server to verify
that the CA certificate is correctly configured. Otherwise, it is
necessary to specify the route or curl to find the certificate, for
example, as you did in your module.
At the moment there is no way to specify this in our module in
general. So, you should wait for the next update of our Paypal module.
So, if someone comes across the same issue when using a Windows Server environment, specify the complete CA path in the module files (as explained in the question update):
I downloaded the cacert.pem file from curl website, stored it in my
server and then, in module files (PPHtmlConfig.php) i added the CA
location in the cURL options settings manually:
CURLOPT_CAINFO => 'C:\\(...)\\cacert.pem',
Our website is on a shared server and we can change file and directory permissions using cPanel. What are the recommended permissions for the IPN Listener and the IPN Log file?
Currently, they are both set to "0644". However, the Log text file can be viewed through a web browser if you know the URL, which can't be good. I don't see any recommendations on PayPal for this.
I did see an older post that mentioned 0755 for the Listener. Is this still recommended?
File permissions generally don't correlate with whether people can access your files through the web. Permissions only relate to what users and programs on the local server can access the file how.
The ideal permissions would be the minimum required for the web server to serve the file, and for you to be able to upload/edit it.
644 is very common I think, but because it's a shared server, I'd check with the server administrator for the optimal setting.
If you have a log text file that you don't want to be viewed through the web, the safest way is definitely to place it outside the web root.
We currently have a FileMaker Server instanace running, it already has PHP web publishing running.
I'm just wondering is it as simple as ticking enable XML web publishing for it to be up and running or have I got to restart the server??
Thanks
You need to enable it in the server deployment, then you need at least 1 user account in the file with the extended privilege to grant access via php/xml/iwp etc. You will need a user account in EACH file you want to have access to with the appropriate extended privilege.
Then comes the fun of actually working with the FMXML or FMPHP engine hehe.
Is there a way to find out if the Remote API is enabled on our Confluence installation if I do not have admin rights to our confluence
I can see the WSDSL, but while testing with this downloaded client I keep timing out on login. I can not contact my administrators without going through god knows how many channels so I'm hoping there's another way to know if the Remote API is enabled.
To check if the confluence API is enabled without admin access:
Try accessing http://<your-confluence-server>/rpc/xmlrpc
If the API is enabled, you will simply get a blank page.
If the API is disabled, you will get an error "HTTP Status 403 - Remote API is not enabled on this server. Ask a site administrator to enable it."
This is at least applicable in my Confluence 3.2 environment.