Author |
Topic |
|
JoT
Starting Member
United Kingdom
9 Posts |
Posted - August 13 2017 : 06:03:55
|
Can anyone please tell me where the script shop_load_number_subcat.asp is/should be located? I''m getting 3-4 website errors generated per day on calls to this script but can''t find it anywhere - not in the vpcart.plus.8.1.0.11 software package. It looks like it''s being called from js\categories\load_numbersubcats.
JoT |
|
danielrichardson
VP-CART Super User
Australia
276 Posts |
Posted - August 14 2017 : 08:40:18
|
shop_load_number_subcat.asp is in the root directory, what is the exact of error msg? |
|
|
serjtankian
VP-CART Super User
Armenia
378 Posts |
Posted - August 14 2017 : 14:41:00
|
i can see the file exist in my installation folder, it''s located under your root directory
http://prntscr.com/g8fo9a
or in my host with vpasp is under httpdocs folder
https://prnt.sc/g8fpgk
*peace - serj* |
|
|
JoT
Starting Member
United Kingdom
9 Posts |
Posted - August 14 2017 : 23:20:42
|
Thank you, both. I see it now. I''m just seeing an error in our server logs, looks like when it''s being spidered by maybe Bing. Very odd. will look into it further over the next couple of days but any suggestions gratefully received.
Error is:
15/08/2017 Time: 00:54:43 Page: /shop_load_number_subcat.asp Query string: Error Code(s): 80040e14 Error description(s): [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near ''=''. User agent: Mozilla/5.0 + (compatible; + bingbot/2.0; + + http://www.bing.com/bingbot.htm) Requesting IP: 157.55.39.77
JoT |
|
|
apswater
VP-CART Super User
444 Posts |
|
JoT
Starting Member
United Kingdom
9 Posts |
Posted - August 15 2017 : 16:04:07
|
Thank you, apswater. I''m just being overly-cautious since we had an attempted hack the other night. Some lovely person in Viet Name probed for an old sql-inject vulnerability (which no longer exists) the other night so I''m extra vigilant with the server logs atm.
JoT |
|
|
serjtankian
VP-CART Super User
Armenia
378 Posts |
Posted - August 16 2017 : 14:50:52
|
with the latest SQL server patch, it''s not easy to inject. Hacking type has moved to social engineering which this actually not a hacking
*peace - serj* |
|
|
danielrichardson
VP-CART Super User
Australia
276 Posts |
Posted - August 18 2017 : 05:11:44
|
one thing, better you use a hosted gateway like paypal, authnet, sagepay, or some, which no records any credit card data in your database. |
|
|
JoT
Starting Member
United Kingdom
9 Posts |
Posted - August 18 2017 : 05:25:18
|
i agree, danielrichardson: we don''t store any cc data
JoT |
|
|
|
Topic |
|