-
Posts
205 -
Joined
-
Last visited
-
Days Won
2
Reputation Activity
-
wfitg got a reaction from ariq01 in I Need Help Solving A Problem With Installing The Program Blesta
Check the conf is using local host
Try changing the host to: localhost
-
wfitg got a reaction from Darin in Clean Payment Buttons For Paypal, Paypal Subscriptions, Etc.
I hate the paypal buttons, however, the Blesta button should at least have "Pay Now" or "Pay Here". or something to that effect included. Leave no doubt in the user's mind.
-
wfitg reacted to Michael in Reset Password
Go to: /app/views/admin/default/admin_login.pdt
remove:
<p><strong><em><a href="<?php echo $this->base_uri . "login/reset/";?>" id="reset"><?php $this->_("AdminLogin.index.link_resetpassword");?></a></em></strong></p> -
wfitg reacted to Paul in Delete Logs - Emails Sent To Clients
I have created task CORE-1453 to address passwords in the Account Registration email. We personally do not include passwords in our account registration email. It's generally a bad idea to do this, and it should not be included by default. This will affect new installations only.
The separate issue about rotating the email log is open to further discussion. Personally, we prefer to keep an entire history of email with the customer. I personally check email logs often, especially if there is a dispute. But, we understand that the log could become quite large, so an option to truncate the log which is not enabled by default may be a good option.
-
wfitg reacted to flangefrog in Delete Logs - Emails Sent To Clients
Yeah it's possible to encrypt it, passwords should never be there in the first place though. There are built in ways in MySQL to compress the data, that might be a good idea although depending which method is used it could prevent full text search.
-
wfitg reacted to Michael in Delete Logs - Emails Sent To Clients
I'll +1 that password shouldn't be included by default however you can add it in if you wish. As for the email rotate I'm going to -1 that since a customer will probably go well you didn't email me that before... Yes we did!
-
wfitg reacted to Purevoltage in Release 3.3.0
Very happy with it so far!
Can't wait for a few more features and it's going to be the blest-around!
-
-
wfitg reacted to PauloV in Help Me With My Security? :)
For you all
We are developping an native APP for Android/iPhone/Windows Mobile to store localy on the device all sencetive data, and we are trying to implement some of the best encryption metods, and also a 2 factor autentication, in the case of the device is stollen
The best part, is all local, encrypted and with two factor autentication (we are thinking on Face Recognition + Touch Puzzle or Touch Puzzle + Password, after 10 times rong, the data is destroyed) but in this case we will sell the APP but for a very small fee
-
wfitg reacted to Paul in Help Me With My Security? :)
I'm not a fan of cloud storage of passwords. If the data is compromised, it could potentially be brute forced. It's also possible that a vulnerability in the encryption algorithm might be discovered in the future. I use a password manager, but the data is only stored on my devices. I could be robbed, but A. that's too much work for 1 set of passwords, and B. hackers prefer to work in the comfort of their parents basements.
-
wfitg reacted to Joseph H in Cron Using Too Much Memory?
Absolutely .... But just try to check If there were any failed attempts from the logs.
-
wfitg reacted to Blesta Addons in Delete Logs - Emails Sent To Clients
Good found , that should be encrypted or removed when loged to database .
-
wfitg reacted to Michael in Delete Logs - Emails Sent To Clients
Yeah you'll have to remove it from the database, we always recommend users to change that when they've installed Blesta to something like
****** [Hidden for security]
-
wfitg got a reaction from Blesta Addons in Delete Logs - Emails Sent To Clients
I found the rotation settings.
Here is my concern:
The "Welcome Email" sends the user name and password by default. {username} {password} variables.
I have changed that to say
password: "the password you used when signing up"
However, the old email with the user's name and password is being stored in the database in plain text. There is no way to delete it without manually changing the database.
-
wfitg reacted to Blesta Addons in Cron Using Too Much Memory?
for me is normal . you must increase the memory limit in CSF to 350 or 400Mb .
normal just for cronjob , if you have small database with small services/clients/ then this shouldbe some more invistigation .
-
wfitg reacted to Michael in Cron Using Too Much Memory?
Could be a mysql Issue: can you check the logs?
-
wfitg reacted to Joseph H in Cron Using Too Much Memory?
I had that Issue once, but for me It was caused by backup attempts that always kept on failing. I believe it's not the cron It'self that's causing the High Memory usage rather that the tasks that failed long running tasks. You can try to check If your back ups are running or set to run, disable them and observe
You can change php version back and forth just to refresh the Memory usage: (Just a trick i learned during the hard times )
-
wfitg got a reaction from gutterboy in Clean Payment Buttons For Paypal, Paypal Subscriptions, Etc.
I hate the paypal buttons, however, the Blesta button should at least have "Pay Now" or "Pay Here". or something to that effect included. Leave no doubt in the user's mind.
-
wfitg reacted to Cody in Php Session Security
HSTS has to be configured domain wide, so should only be done via server config, not application specific. I'm not sure many people install only Blesta on their domain.
-
wfitg reacted to interfasys in Php Session Security
Yeah, but as we know, hosts don't care, some still run Blesta on PHP 5.2, so it's best to be proactive with these things and help them protect their customers' data.
It could be made optional from the settings tab. There could be a new security section where you can enable all these things.
Never do it via .htaccess in 2014! ini_set is the way to go.
-
wfitg reacted to Cody in Php Session Security
I meant, what explicitly do you think we should consider? safe mode added in 5.4? What's else? Blesta already uses HTTPOnly. Secure cookies isn't feasible because not everyone forces SSL. That's why I'm asking, specifically, what options you think Blesta should support.
-
wfitg reacted to mrrsm in Php Session Security
It sounds like everything you want done are things that the host should be doing mainly or are configurations that you can do to the server.
-
wfitg reacted to flangefrog in Php Session Security
I don't think HSTS should be enabled by default. It's great and I use it myself but it's not something you can just disable if you don't want it. -
wfitg reacted to adrzei in [Important] Beware Of Blesta Phishing Scam
Hi,
I just get the message back that server and ip were locked. -
wfitg got a reaction from Michael in [Important] Beware Of Blesta Phishing Scam
Yeah, he is busted. What an idiot.
We have too many experienced webmasters, coders, and admins here for a scrpit kiddie to get away with much. An experienced spammer/hacker would not bother with such nonsense as this. They just want to send their spam.
It looks like a deliberate attempt to make the Blesta company look bad.
---------------------
here is an SPF generator if anyone needs it
http://www.spfwizard.net/
Microsoft makes one too:
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/