Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


furioussnail last won the day on January 20

furioussnail had the most liked content!

About furioussnail

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. furioussnail

    theme.css?dir= uncacheable

    Yes, I think the theme should be set to theme.css, or custom-theme.css. I don't think web browsers understand the ?dev= part of that query.
  2. furioussnail

    theme.css?dir= uncacheable

    I undestand the purpose of the theme.css file. The problem is caused by the "?dir=" query string added to the file: <link href="/admin/theme/theme.css?dir=" rel="stylesheet" type="text/css" media="screen" /> I think the href should point to the file without "?dir=". Thank you.
  3. furioussnail

    theme.css?dir= uncacheable

    Hello. For some reason Blesta adds theme.css?dir= as an asset dependency. What is the reason behind this? This make the resource difficult to cache. Can it be fixed? Thank you.
  4. Hello. At some point though my installation I was encountering the following error: Database connection FAILED. Ensure that you have created the database and that the credentials are correct. However PHP modules were installed and the user name and password were correct. Further debugging revealed that the exceptions in install.php aren't handled properly. In the try catch block at line 469 I appended $e->getMessage() to the error and I finally figured out the problem: PHP's json extension is required to use Monolog's NormalizerFormatter So, I think the behavior needs to be changed accordingly. My best.
  5. Hello. Currently when trying to pay for a service PayPal returns the following message: Things don't appear to be working at the moment. Please try again later. With "code=EWP_SETTINGS" in the URL. According to Google this is due to Encrypted Website Payments being enabled in PayPal. How do I use Encrypted Website Payments with Blesta? Thank you.
  6. furioussnail

    Login with Display Name is a bad idea

    The fact that many do it in one way doesn't mean it is right. Yes, there are techniques used to prevent brute force attacks or user escalation but can you foresee any vulnerabilities? Even yesterday Twitter asked users to reset their passwords... So, not sure Twitter is a good example.
  7. furioussnail

    Login with Display Name is a bad idea

    This is not security through obscurity. This is protecting my private data. Yes, attackers may be capable of obtaining the data (depending on how you protect it), it doesn't mean it should be made easy for them. I already provided the user escalation example... Security through obscurity isn't related to one practice. It should or could always be used in combination with more secure techniques, as security by design or open security. Security through obscurity may deter less apt attackers.
  8. furioussnail

    Login with Display Name is a bad idea

    Well, too bad. But maybe Blesta team would consider opening a bug with the providers of the forum software.
  9. furioussnail

    Login with Display Name is a bad idea

    I am talking about the user name which are also used as display names. For example, can you login with Blesta.Store as user name? If yes, don't you notice an issue with that?
  10. furioussnail

    Login with Display Name is a bad idea

    AFAIK the practice of displaying any details used for login helps attackers to exploit the system. The more info is provided about the internals of a system the easier it is for an attacker to exploit the system. Let's say there is a 0 day vulnerability an attacker found which allows user escalation. By investigating who is who on the forums it is super easy for the attacker to escalate to a user with extended rights.
  11. furioussnail

    Hot to setup 2checkout INS?

    Hello. Does the 2checkout module support INS? If yes, what is the correct link to be used? Documentation lacks this information. Thank you.
  12. furioussnail

    Login with Display Name is a bad idea

    Hello. I believe requiring users to login with their display names is a bad idea. Basically any attacker has less guessing to do. Maybe login behavior should be changed?
  13. furioussnail

    Plesk ERR_CONNECTION_REFUSED when adding subscription

    Forgot about Plesk restarting. Thank you BlestaStore. You are awesome. :-)
  14. furioussnail

    Plesk ERR_CONNECTION_REFUSED when adding subscription

  15. Hello. I get different errors when adding a subscription in Blesta using the Plesk subscription. The logs show nothing of value but the subscription is added in Plesk. So, this seems to be related to Blesta. Running Blesta on PHP 5.6. It is an Apache + PHP-FPM setup. How can I fix this? Thank you.