Announcement

Collapse
No announcement yet.

Website related questions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Website related questions

    Hi devs,

    I do have some quite intrigueging questions, since we (also just to "beta test") have to "hand over" our login data to your software.

    1. Why can't i even buy the software ? ​The store doesnt even work (WHMCS i presume) it throws an sess error (​ Warning: Unknown: open(/tmp/sess_akekuvmsprk113nhkl52nangp7, O_RDWR) failed: Permission denied (13) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0)

    Which i shouldn't even comment on further.


    2. The main website links to a trojan file on yourjavascript.com / http://yourjavascript.com/3921156982/not.js
    Which (on virustotal at least) i have to admit a low "risk" rating, but nevertheless? My local AV went nuts about it.

    3. FB links to a invalid page, twitter links back to the main page...

    Please take those questions or rather observations as constructive criticism, since i really need WBRM on a daily basis, but from my POV it looks rather sketchy.

  • #2
    Hi,

    Thanks for the feedback on our websites. (store and front).
    We have diff dev teams and individual developers working on the websites and on the utility itself.

    We appreciate your feedback, it is very helpful for us to get a fresh view from outsiders, so this is very helpful.
    Now,. for specifics:

    I'm confused about the error msg you reported about the store not working.
    I didn't see that error msg on our end - not to say that it is not occurring, I'm just checking the logs to see where it is failing.
    Can I ask you to re-check and also provide a timestamp of when this is occurring?
    The logs that I checked are of "as I'm writting this msg", but the event you reported happened prob a day or two ago, so to zero in on the error, I'd like to get a timestamp.

    Yesterday (August 20th) we had an update on our store for certain filters, and yesterday we indeed had a bug in one of the views that prevented users from managing their licenses (php front end only,. the database is working fine) to make it easier for user's views, so that might have caused this issue - again, I'm missing the timestamp of when you experienced the problem, so I'm not sure if this is related or not.

    Regarding the javaScript you mentioned, I'm not seeing the link you reported with "yourjavascript.com". I've just ran a full scan on our code: grep -R javascript.com * on our entire homedir (for our store and website) and nothing is pulling up with that string. So this is further confusing.
    Is it on our website or on the store?
    There should be no AV warnings at all on our store or website, so this is very alarming to me and of course it should be resolved ASAP.
    Since I'm not finding that string, please tell me if this was found on website or the store.

    FB is indeed a deadlink, my bad.
    A while back when we just started the Beta, I actually didn't want google to scan us and push us up so that we do not pull traffic in just to let users with a message of "hey we are not ready yet".
    I've enabled it now, but it is showing just a 'blank' page - We haven't focused on it at all - it will be pushed to 'polishing' company soon.

    And to conclude, not only are we taking your feedback as constructive criticism, we welcome it very much as without it we are missing a great deal of bug fixes.
    So thank you very much for your feedback.

    Please provide us with more great feedback.
    Notice the few questions I have regarding timestamps and javascript calls you mentioned, please let me know back about it.

    Thanks,

    -John.

    Comment


    • #3
      Hi John,


      It's my pleasure to help ​out , every new beginning is hard . If you upgraded to Win 10 and started using "Edge" you'll know what I mean.

      I have already sent Robin an email with further details about the exploit , as well as those sess errors, so I think it would not be wise to make all of that public.

      I am certainly hyped to try the software (considering the large scale move we have to do in the next 30 days) , just fix the damn store so I can get to it :P .

      Regards,


      Comment


      • #4
        Hi George,

        Thanks for the feedback (again ) - and I'll continue to thank you each time .
        Yes, I spoke with Robin and I understand there is a browser compatibility issue related to the newer Microsoft's browser as it works fine on Firefox.
        We will of course resolve this compatibility issue.
        We also cleaned the injection line that was appended to our footer, and we'll lock the site tighter against such injections.
        Looking forward to hear more feedback, here or you can communicate with Robin directly as she has the lead on our Beta program.

        Thanks again .

        -John.

        Comment

        Working...
        X