latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Home Forums TJ

About: TJ

Sorry, I've not written a description yet. I'll get to it soon!


My Favorite Topics

Viewing 24 topics - 1 through 24 (of 24 total)
Topic Count Last Reply
3 issues since last update:

By:  Benjamin Ellis in: Community Forum

voices: 5
replies: 5

3 years, 1 month ago  Mike (Volunteer Moderator)

Payal doesn't redirect using debit card

By:  iamtimhilton in: Community Forum

voices: 2
replies: 1

3 years, 2 months ago  Javier Rojas

Checkout page a nightmare since upgrade

By:  logged out in: Community Forum

voices: 1
replies: 0

3 years, 2 months ago  logged out

Hiring: S2 Members setup & Stripe Module

By:  Chad OCarroll in: Community Forum

voices: 3
replies: 6

3 years, 2 months ago  miranda rota

Quick Cache Causing Caching Issues on Site

By:  Joe S in: Community Forum

voices: 1
replies: 0

3 years, 2 months ago  Joe S

PayPal Changes: URGENT Encryption Notice

By:  Mike Sinibaldi in: Community Forum

voices: 2
replies: 3

3 years, 5 months ago  Mike (Volunteer Moderator)

Cancellation with custom capabilities

By:  Brian Johnson in: Community Forum

voices: 3
replies: 13

3 years, 5 months ago  Bruce

S3 File Downloads 1 2

By:  Andrew Hodges in: Community Forum

voices: 3
replies: 47

3 years, 5 months ago  Andrew Hodges

trigger EOT programatically

By:  JB Glossinger in: Community Forum

voices: 2
replies: 4

3 years, 6 months ago  Bruce

PayPal Checkout Page Description is BLANK

By:  87soccerb in: Community Forum

voices: 2
replies: 3

3 years, 6 months ago  Cristián Lávaque

Recurring billing adding another ARB account

By:  Luke in: Community Forum

voices: 3
replies: 16

3 years, 7 months ago  Luke

Recurring Payment not showing as Recurring 1 2

By:  t2media in: Community Forum

voices: 5
replies: 46

3 years, 8 months ago  Jason (Lead Developer)

PayPal Errors

By:  Lori Brocka in: Community Forum

voices: 3
replies: 18

3 years, 8 months ago  fpl

Pro Form Returns Empty Page on Submit

By:  YoniExpress in: Community Forum

voices: 2
replies: 13

3 years, 9 months ago  Cristián Lávaque

IE 9 compatibility

By:  Stuart Giles in: Community Forum

voices: 4
replies: 9

3 years, 9 months ago  Cristián Lávaque

Auto login and redirect query

By:  Christian Finn in: Community Forum

voices: 3
replies: 10

3 years, 10 months ago  Cristián Lávaque

Subscribers Not Taken To Welcome Page 1 2 3

By:  Brian Bennis in: Community Forum

voices: 3
replies: 53

3 years, 10 months ago  Jason (Lead Developer)

How to manually upgrade

By:  Benjamin Gill in: Community Forum

voices: 2
replies: 1

3 years, 10 months ago  Bruce

Pro Form "Buy Now" button not working in IE9

By:  Ronnie in: Community Forum

voices: 5
replies: 9

3 years, 12 months ago  Jason (Lead Developer)

Code To Add Signups To Email Autoresponder

By:  Brad in: Community Forum

voices: 2
replies: 2

4 years ago  Eduan

Email Already In Use problems

By:  JD Duran in: Community Forum

voices: 3
replies: 16

4 years ago  Bruce

Still having problems with pro-forms

By:  Malin Karlsson in: Community Forum

voices: 5
replies: 14

4 years, 1 month ago  Raam Dev

s2member Pro Form JS Validation Modification

By:  Randy Glenn Aguirre in: Community Forum

voices: 2
replies: 4

4 years, 8 months ago  Cristián Lávaque

Viewing 24 topics - 1 through 24 (of 24 total)

Topics I'm Subscribed To

Viewing 25 topics - 1 through 25 (of 69 total)
Topic Count Last Reply
"Only variables can be passed by reference"

By:  Xander Robar in: Community Forum

voices: 6
replies: 8

3 years ago  Gerard Davies

what coding language does s2member use

By:  Montaya in: Community Forum

voices: 2
replies: 1

3 years, 1 month ago  TJ

Customizing the registration form?

By:  Alice Brosey in: Community Forum

voices: 3
replies: 2

3 years, 1 month ago  TJ

Problems with latest update, rolling back

By:  Tammy A in: Community Forum

voices: 2
replies: 1

3 years, 1 month ago  TJ

Error: Please fill in the required question.

By:  Eric V in: Community Forum

voices: 2
replies: 1

3 years, 1 month ago  TJ

Payal doesn't redirect using debit card

By:  iamtimhilton in: Community Forum

voices: 2
replies: 1

3 years, 2 months ago  Javier Rojas

Confirmation emails often going to spam

By:  Jason Ricci in: Community Forum

voices: 2
replies: 1

3 years, 2 months ago  TJ

Remove s2member's JavaScript form validation?

By:  TJ in: Community Forum

voices: 1
replies: 0

3 years, 2 months ago  TJ

Update text within registration form?

By:  Rachel Wilbraham in: Community Forum

voices: 2
replies: 2

3 years, 3 months ago  Rachel Wilbraham

Allow multiple registrations from same IP

By:  Dave Konicek in: Community Forum

voices: 2
replies: 3

3 years, 3 months ago  Dave Konicek

s2member slowing site down

By:  kati in: Community Forum

voices: 3
replies: 3

3 years, 3 months ago  Christian

August 2013 s2Member & Gravity Forms Status

By:  AnotherOpus in: Community Forum

voices: 3
replies: 4

3 years, 3 months ago  Mike (Volunteer Moderator)

Static Load JS and CSS

By:  Angie Gonzalez in: Community Forum

voices: 2
replies: 3

3 years, 3 months ago  TJ

How to show demoted users via Admin console

By:  LG in: Community Forum

voices: 2
replies: 1

3 years, 3 months ago  TJ

Wrong user name with caching plugins

By:  Bob Hoyt in: Community Forum

voices: 2
replies: 2

3 years, 3 months ago  Bob Hoyt

Help- New to S2.

By:  Arthur in: Community Forum

voices: 2
replies: 1

3 years, 3 months ago  TJ

IE10 cutting off tails of text in form

By:  Chopper Ward in: Community Forum

voices: 2
replies: 4

3 years, 3 months ago  Chopper Ward

Billing Modification Errors with Paypal

By:  Cheryl Del Colliano in: Community Forum

voices: 1
replies: 0

3 years, 3 months ago  Cheryl Del Colliano

Cannot stop the hackers, I need help.

By:  Dwayne Walley in: Community Forum

voices: 3
replies: 2

3 years, 4 months ago  TJ

Registration issue

By:  sarah rouceau in: Community Forum

voices: 2
replies: 2

3 years, 4 months ago  sarah rouceau

Code to run when Expired & Purchased

By:  bim bow in: Community Forum

voices: 2
replies: 1

3 years, 4 months ago  TJ

Password protect wp-admin with .htaccess

By:  TJ in: Community Forum

voices: 1
replies: 0

3 years, 4 months ago  TJ

Authorize.Net connectivity issue

By:  TJ in: Community Forum

voices: 3
replies: 9

3 years, 5 months ago  TJ

How to downgrade s2member?

By:  TJ in: Community Forum

voices: 2
replies: 3

3 years, 5 months ago  TJ

PayPal Pro Form "Billing Method" bug returns

By:  TJ in: Community Forum

voices: 2
replies: 1

3 years, 5 months ago  Mike (Volunteer Moderator)

Viewing 25 topics - 1 through 25 (of 69 total)

Topics I've Started

Viewing 25 topics - 1 through 25 (of 25 total)
Topic Count Last Reply
Remove s2member's JavaScript form validation?

By:  TJ in: Community Forum

voices: 1
replies: 0

3 years, 2 months ago  TJ

Password protect wp-admin with .htaccess

By:  TJ in: Community Forum

voices: 1
replies: 0

3 years, 4 months ago  TJ

Authorize.Net connectivity issue

By:  TJ in: Community Forum

voices: 3
replies: 9

3 years, 5 months ago  TJ

How to downgrade s2member?

By:  TJ in: Community Forum

voices: 2
replies: 3

3 years, 5 months ago  TJ

PayPal Pro Form "Billing Method" bug returns

By:  TJ in: Community Forum

voices: 2
replies: 1

3 years, 5 months ago  Mike (Volunteer Moderator)

Unparsed %%card_expiration_month_value%% var

By:  TJ in: Community Forum

voices: 2
replies: 3

3 years, 5 months ago  Mike (Volunteer Moderator)

Expiration date field bad for conversions?

By:  TJ in: Community Forum

voices: 3
replies: 4

3 years, 5 months ago  Mike (Volunteer Moderator)

Reformat "description" template placeholder

By:  TJ in: Community Forum

voices: 2
replies: 5

3 years, 7 months ago  Cristián Lávaque

Removing the password strength meter script?

By:  TJ in: Community Forum

voices: 2
replies: 4

3 years, 7 months ago  Cristián Lávaque

Do shortcode conditionals interfere with form

By:  TJ in: Community Forum

voices: 2
replies: 1

3 years, 7 months ago  Cristián Lávaque

Duplicate purchase + PayPal EOT? What happens

By:  TJ in: Community Forum

voices: 2
replies: 3

3 years, 7 months ago  Cristián Lávaque

Is PayPal PDT necessary for Express Checkout?

By:  TJ in: Community Forum

voices: 2
replies: 1

3 years, 8 months ago  Bruce

Custom capabilities and member level blank

By:  TJ in: Community Forum

voices: 2
replies: 1

3 years, 8 months ago  Bruce

Manually trigger EOT for non-subscriptions?

By:  TJ in: Community Forum

voices: 4
replies: 4

3 years, 9 months ago  Bruce

Just FYI: Upgrade PHP Warning

By:  TJ in: Community Forum

voices: 2
replies: 1

3 years, 11 months ago  Bruce

Quick Cache caching 404 not found pages

By:  TJ in: Community Forum

voices: 2
replies: 2

3 years, 12 months ago  TJ

Login's "back to Homepage" link to non-SLL

By:  TJ in: Community Forum

voices: 2
replies: 3

4 years ago  Bruce

decline to approved transaction account fail

By:  TJ in: Community Forum

voices: 3
replies: 9

4 years, 1 month ago  TJ

Error #E00013. Subscription ID is invalid.

By:  TJ in: Community Forum

voices: 3
replies: 14

4 years, 1 month ago  Cristián Lávaque

convert expiration date to drop down boxes?

By:  TJ in: Community Forum

voices: 3
replies: 8

4 years, 2 months ago  Anton Karbanovich

admin CSS/JS not loading: .htaccess-related?

By:  TJ in: Community Forum

voices: 2
replies: 3

4 years, 2 months ago  Cristián Lávaque

passing voucher code after free registration

By:  TJ in: Community Forum

voices: 2
replies: 3

4 years, 3 months ago  Raam Dev

custom fields at bottom of checkout form?

By:  TJ in: Community Forum

voices: 2
replies: 1

4 years, 3 months ago  Cristián Lávaque

Solution: s2member javascript head to footer

By:  TJ in: Community Forum

voices: 2
replies: 1

4 years, 3 months ago  Philly

Authorize.Net ProForms: Can I disable fields

By:  TJ in: Community Forum

voices: 3
replies: 7

4 years, 5 months ago  Cristián Lávaque

Viewing 25 topics - 1 through 25 (of 25 total)

My Latest Replies (From Various Topics)

Viewing 25 replies - 1 through 25 (of 61 total)
Author Replies
Author Replies
Posted: Sunday Nov 10th, 2013 at 11:27 pm #60989
TJ
Username: wellwater

They’re both written in PHP.

Posted: Saturday Nov 9th, 2013 at 3:44 pm #60971
TJ
Username: wellwater

You can copy the pertinent payment gateway template to your theme folder, then edit it there. This way you’ll avoid editing the s2member core files. But you’ll have to update the files every time s2member is upgraded as the file in your themes folder will take precedence over the default.

Instructions for copying it over are here:
http://www.s2member.com/forums/topic/customizing-the-registration-form/

In your template, look for the line that says:

<?php echo _x ("Create Profile", "s2member-front", "s2member"); ?>

then change “Create Profile” to whatever you want.

The “Your Profile” text is only shown to logged in users. s2Member’s JavaScript changes this on-the-fly via JavaScript, and not within the actual HTML source-code. If you want to change “Your Profile” as well, then you’ll have to do so via JavaScript which needs to load after s2member’s own JavaScript in order to override its own override. Just target the ID of the div tag that holds the text you want to change.

You can use jQuery’s text() function to accomplish this:
http://api.jquery.com/text/

Someone asked a similar question about changing button text a while back and I suggested a similar fix:
http://www.s2member.com/forums/topic/update-text-within-registration-form/#post-59705

By the way, the JavaScript .text() function can be used for both the “Create Profile” and “Your Profile” scenarios. This way you can avoid copying over the templates. It’s probably safer to do it with just JavaScript anyway.

You can either put this in your own script file, or load it as a separate JavaScript snippet by sticking something such as the below in your functions.php file:

function load_my_javascript_snippet()
{
    ?>
    <script type="text/javascript">
    // put your jQuery code here
    </script>
    <?php
}
add_action('login_footer', 'load_my_javascript_snippet');
Posted: Saturday Nov 9th, 2013 at 3:29 pm #60970
TJ
Username: wellwater

The newest version (131109) now lazyloads the s2member JavaScript in the footer instead of in the head of the document. It sounds like your JavaScript app is loading before s2member’s JavaScript downloads and/or initializes. You’ll have to configure you script to load after s2member.

If you’re using “wp_enqueue_script” to load your javascript app, try loading it in the footer. See the WordPress codex which explains the $in_footer variable:
http://codex.wordpress.org/Function_Reference/wp_enqueue_script

Posted: Saturday Nov 9th, 2013 at 12:40 pm #60967
TJ
Username: wellwater

That error text doesn’t appear in the s2member source code. However, it does appear verbatim in the “WP No-Bot Question” plugin on line 137:

wp_die(__('Error: Please fill in the required question.','wp_nobot_question'));

If you have the “WP No-Bot Question” plugin installed, it looks like it’s interfering with s2member’s form.

If you need an alternative spam fighting WordPress plugin, might I suggest:
http://wordpress.org/plugins/anti-spam/

If you don’t have the “WP No-Bot Question” installed, then you should do a text search throughout your entire “wp-content” folder and subfolders for that exact error text to determine where it’s coming from.

Posted: Monday Oct 28th, 2013 at 10:27 pm #60707
TJ
Username: wellwater

Your mail server may be having issues. You can offload it to another dedicated mail service.

I recommend the following WordPress plugin:
http://wordpress.org/plugins/wpmandrill/

I’ve been using Mandrill for a while and they’ve been great at delivering mails reliably.

Posted: Thursday Sep 19th, 2013 at 9:57 pm #59705
TJ
Username: wellwater

You can use jQuery. Stick one of the following in whatever custom javascript file you have:

For the authnet form:

$(function() {
    $('#s2member-pro-authnet-checkout-form-submission-section-title').text('apply now');
});

For the paypal form:

$(function() {
    $('#s2member-pro-paypal-registration-form-submission-section-title').text('apply now');
});
Posted: Saturday Sep 14th, 2013 at 3:23 pm #59575
TJ
Username: wellwater

I wrote a post a few days ago that detailed conditional loading:
http://www.s2member.com/forums/topic/s2member-slowing-site-down/#post-59167

Posted: Friday Sep 13th, 2013 at 8:30 pm #59551
TJ
Username: wellwater

Check the following in your admin area:
s2Member Settings > Restriction Options > Unique IP Access Restrictions > Allow infinite IPs (all IP Restrictions are disabled)

Posted: Friday Sep 13th, 2013 at 8:21 pm #59549
TJ
Username: wellwater

I too would prefer to have s2member’s files load statically instead of dynamically. But until that’s done, perhaps the following could help:

When I began using s2member it took some time to optimize things so .css and .js affected load time as little as possible. The things I did that made a difference was the following:

1) Move all JavaScript loading from the head tag to the footer. This will allow the page to render, without JavaScript blocking page load. This was probably the most critical thing of all, in terms of perceived rendering/load from a user’s perspective.

2) Use a cache plugin. This is a must. I’ve used W3TC, WP Super Cache, and Quick Cache. I prefer the 3rd due to its simplicity.

3) Don’t load s2Member’s CSS. This may not be practical for all users, but since I only needed to style the checkout form, I disabled s2Member’s CSS and just recreated the CSS styles in my main stylesheet.

4) Only load s2Member on pages that need it. If you have 100 pages, but only 1 or 2 has a checkout form, then just load s2Member’s code on those 1 or 2 pages.

5) Use a CDN to offload images, scripts, css, such as Amazon CloudFront or MaxCDN.

Another thing you’ll want to do, if you haven’t, is test your site on:
http://www.webpagetest.org/

It’ll tell you where some bottlenecks are with recommendations of what you can do to resolve them.

The WebPageTest.org site was critical for me to find out problems with the site that didn’t even have anything to do with s2Member. For instance, it detected a legacy Keep-Alive Apache problem on SSL pages that had to be corrected. It was affecting all IE users by closing connections after each asset request.

  • This reply was modified 3 years, 3 months ago by  TJ.
Posted: Friday Sep 13th, 2013 at 8:06 pm #59548
TJ
Username: wellwater

In the admin’s users area there should be a group of links that say something like:

All (5) | Administrator (1) | Subscriber (1) | s2Member Level 1 (3)

The numbers next to the titles is the count of how many users belong to that role. Demoted users are typically set back down to the lowest level, which is “Subscriber.” Just look at the count to see how many you have. You can click the Subscriber link to just list them.

If you don’t see “Subscriber” listed that means you don’t have any with that role. WordPress will only list counts for roles that have inhabitants.

Posted: Friday Sep 13th, 2013 at 12:31 am #59509
TJ
Username: wellwater

The following are suggestions directly from WordPress about hardening your installation:
http://codex.wordpress.org/Hardening_WordPress

At the bottom of that page are other resources you can read. Doing some google searches for “securing wordpress” and “hardening wordpress” will get you a number of good resources.

Posted: Friday Sep 13th, 2013 at 12:27 am #59508
TJ
Username: wellwater

Bob, you shouldn’t be using two caching plugins at once. They’ll conflict with one another. Deactivate one or the other. As for the username being shown for the previous registered user… It sounds like you’re caching “logged in users” which should be disabled. Quick Cache disables this by default, as does W3TC. So wherever you have that set, it needs to be disabled.

If that doesn’t work, then you should specify in your settings URL’s to block. Both plugins are capable of doing wildcard matches, so you can block entire directories or just specific pages.

After you save changes, clear the cache.

Posted: Wednesday Sep 11th, 2013 at 12:57 pm #59456
TJ
Username: wellwater

1) Log into WordPress as the admin
2) On the left sidebar menu, hover over “Appearance” then select “Editor”
3) Add the following to your style.css file:

input[type="text"], input[type="password"] {
    height: auto !important;
}

4) Click the “Update File” button.

Posted: Wednesday Sep 11th, 2013 at 12:43 pm #59452
TJ
Username: wellwater

The height is messing you up:

input[type="text"], input[type="password"] {
    height: 19px;
}

Either remove the height declaration altogether, or change it to auto:

input[type="text"], input[type="password"] {
    height: auto;
}

If the above doesn’t work, you’ll need to add ‘!important’ to increase its overriding specificity:

input[type="text"], input[type="password"] {
    height: auto !important;
}
Posted: Thursday Sep 5th, 2013 at 5:56 pm #59173
TJ
Username: wellwater

Jake, I thought the customer forum was removed within the past few weeks and merged with the community forum? Are you still seeing the customer forum?

Posted: Thursday Sep 5th, 2013 at 5:49 pm #59170
TJ
Username: wellwater
Posted: Thursday Sep 5th, 2013 at 5:45 pm #59169
TJ
Username: wellwater

I can’t speak to the first part, but the second may be a mail delivery issue. If you’re using PHP’s native mail() function to send your emails, then you may have delivery issues if your mail server is malfunctioning or has its IP blocked/blacklisted by other servers.

You may want to look into sending your mail via SMTP instead.

Here are some WordPress SMTP plugins:
http://wordpress.org/plugins/wp-smtp/

I do recommend the following over the above though:
http://wordpress.org/plugins/wpmandrill/

They both do the same, but the latter better integrates with Mandrill’s SMTP service, which is free for a certain number of emails. You can create a mandrill account here:
http://mandrill.com/

Posted: Thursday Sep 5th, 2013 at 5:36 pm #59167
TJ
Username: wellwater

You can just load the necessary s2member javascript/css files on the pages that need it, instead of site-wide.

Here are some pages that discuss the logic behind it:
http://www.s2member.com/forums/topic/remove-css-and-optimize-js/
http://www.s2member.com/forums/topic/javascript-head-includes-move-to-footer/#post-17682

If you only have a few pages that need the s2member code, such as your buy/checkout pages, you could get away with something like the following. Create a file called “s2-hacks.php” (or whatever you want) in your “/wp-content/mu-plugins/” folder, and save the following in it.

<?php
// Remove s2Member JavaScript and CSS files except for the pages below.
if ((strpos($_SERVER['REQUEST_URI'], '/checkout-page-1') === false) && (strpos($_SERVER['REQUEST_URI'], '/checkout-page-2') === false)) {
    // Remove CSS files.
    function remove_all_s2_css()
    {
        wp_dequeue_style('ws-plugin--s2member');
    }
    add_action('ws_plugin__s2member_during_add_css', 'remove_all_s2_css');

    // Remove JavaScript files.
    function remove_all_s2_js()
    {
        wp_dequeue_script('ws-plugin--s2member');
    }
    add_action('ws_plugin__s2member_during_add_js_w_globals', 'remove_all_s2_js');
}
?>

The code above is saying, if a user is viewing “/checkout-page-1” or “/checkout-page-2” then load s2member’s CSS and JavaScript. Otherwise, don’t load it. If you have many checkout pages located in a directory, such as “/checkout/product-1/”, “/checkout-product-2/”, then you can just swap out “/checkout-page-1” with “/checkout” and it’ll protect everything within your directory.

It’s a pretty hacky way to accomplish the goal, but it gets the job done.

By the way, even on pages where s2member is loading, it should be possible to get an excellent pingdom score if you’re covering all other bases: gzipping content, using CDN for static content, setting expiry headers, efficiently loading JavaScript, minifying CSS/JS.

  • This reply was modified 3 years, 4 months ago by  TJ.
Posted: Tuesday Aug 13th, 2013 at 10:44 pm #55715
TJ
Username: wellwater

Could you be running into the WordPress autop? See:
http://codex.wordpress.org/Function_Reference/wpautop
http://wpforce.com/how-to-disable-autop/
http://davidwalsh.name/disable-autop

These plugins can also help defeat it on a case-by-case basis:
http://wordpress.org/plugins/raw-html/
http://wordpress.org/plugins/rawr-raw-revisited-for-wordpress/

Using the above, make sure you’re using the Text and not Visual post editor. I use the latter, which has always worked for me, even though the prior has been cleared to be compatible with s2member here:
http://www.s2member.com/kb/theme-plugin-compatibility/

Posted: Tuesday Aug 6th, 2013 at 7:24 pm #55331
TJ
Username: wellwater

Wow, thanks Jason. That’s completely unexpected and very much appreciated.

Posted: Tuesday Aug 6th, 2013 at 6:20 pm #55326
TJ
Username: wellwater

Thanks for the detailed follow-up TJ; we REALLY appreciate this. I’m glad we could help you out here, and I’ll be sure to relay this reply to Jason so that he will see it as well. If you are so inclined, we would LOVE to get a review from you at some point. Here’s the link. Just a couple lines will do fine :-)

No problem. I just posted a review. It’s the “Reliable membership software…” one at the top. Thanks again.

Posted: Tuesday Aug 6th, 2013 at 3:55 pm #55315
TJ
Username: wellwater

The firewall trigger (based on the log entry you posted); appears to an outbound rule, not an inbound rule (which again, this coincides with s2Member’s EOT System which is connecting to Authorize.Net and not the other way around).

That makes sense. Thanks for confirming this. After disabling EOT, the firewall blocks appear to have stopped.

In either case though, I would be sure to contact Authorize.Net and ask them for a up-to-date list of all IP addresses (or configure firewall rules that apply to all of the host names I listed above).

I spoke with Authorize.Net about the original IP 66.185.181.137, but they were not able to find a reference to it in their literature or developer forums. They said it seems to be ok to whitelist, based on a public whois lookup suggesting it belongs to CyberSource. They couldn’t speak with certainty about the IP’s origin though. I assume I’d have to contact CyberSource to determine that as Authorize.Net says they can only speak with certainty about what’s in their documentation.

and if all else fails try to configure your firewall to whitelist the host names and not necessarily specific IP addresses.

Thanks for the suggestion. I was focusing on IP’s instead of hostnames. The latter should be more future-proof.

I did ask Authorize.Net for any additional IP’s that should be whitelisted, but was told that wasn’t necessary, so I left it at that. Since Mike already provided the hostnames s2member uses to connect to, I should be able to use those to lookup the IP’s, assuming I can’t whitelist the hostnames directly.

In another post, I mentioned that I downgraded from v130802 to v130617. After doing so, activity on the site seems to have normalized. But the abnormalities I reported did coincide with a ddos attack on an unrelated site on my switch, so I may have attributed fault to the upgrade unnecessarily. I also have to consider the possibility that I was just experiencing “noise” and the upgrade had a neutral effect. Regardless, I’ll stick with v130617 a little while longer and see how things shake out.

Once again, thank you Mike and Jason for your assistance.

Posted: Monday Aug 5th, 2013 at 2:08 am #55208
TJ
Username: wellwater

Hi Mike. Do you recommending enabling both:

Enable Logging Routines?
Enable Additional Logging Routines?

That’s odd about the IP address. When I did a whois lookup on the IP here:
http://cqcounter.com/whois/

it comes up with the following domain registered 13 years ago:

OrgName:        Cybersource Corp.
OrgId:          CYBERS-88
Address:        900 Metro Center Blvd.
City:           Foster City
StateProv:      CA
PostalCode:     94404
Country:        US
RegDate:        2000-10-03
Updated:        2012-06-18
Ref:            http://whois.arin.net/rest/org/CYBERS-88

OrgAbuseHandle: NOC1333-ARIN
OrgAbuseName:   Network Operations Center
OrgAbusePhone:  +1-877-847-2577
OrgAbuseEmail:  network@cybersource.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/NOC1333-ARIN

OrgTechHandle: NOC1333-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-877-847-2577
OrgTechEmail:  network@cybersource.com
OrgTechRef:    http://whois.arin.net/rest/poc/NOC1333-ARIN

RNOCHandle: NOC1333-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-877-847-2577
RNOCEmail:  network@cybersource.com
RNOCRef:    http://whois.arin.net/rest/poc/NOC1333-ARIN

The email address listed on the whois shows

network@cybersource.com

Which matches the cybersource.com domain.

Now if you do a whois lookup for cybersource.com, the first two parts of the IP are the same, and their GEO location is “San Mateo, CA 94404”, which is the same as the first.

So, I suppose, the question is, is this truly a legitimate cybersource company, and if so, why are they trying to communicate with my website. My messages log file has thousands of references to this IP being blocked, such as:

So it’s strange that this cybersource server is trying to communicate with mine, and interesting that the firewall decides to block them:

Aug  4 19:17:43 host2 kernel: Firewall: *UDP_IN Blocked* IN=eth1 OUT= MAC=[MAC_ADDRESS_REMOVED] SRC=66.185.181.137

It looks like these deny references in my messages log were occurring in 5 minute intervals. Which coincide with WP-Cron’s default 5 minute intervals. s2member’s Authorize.Net “Automatic EOT Behavior” setting being set to on result in the site communicating with Authorize.Net’s servers every 5 minutes all the time.

Jason even chimed in when I brought this up here:
http://www.s2member.com/forums/topic/error-e00013-subscription-id-is-invalid/#post-32231

ME:

I’m getting this error constantly in the “authnet-api.log” log. It seems like it’s running this for every user, every day, even though I don’t sell subscriptions. Any ideas?

JASON:

Yes, that is correct. While these customers may not be associated with recurring fees, it’s s2Member’s job to determine this, and keep track of who is and who is not, by communicating with the Authorize.Net API. What you’re seeing in the logs is s2Member finding out that they do not have recurring fees.

If you would rather disable this functionality in s2Member, you can disable s2Member’s Automatic EOT System from your Dashboard. See: Dashboard -› s2Member® -› Authorize.Net® Options -› Automatic EOT Behavior

This being said, I recommend that you leave the EOT system enabled, and simply ignore those log entries, or simply turn off s2Member’s logging routine.

I had forgotten about this, but today’s activity brings up a few questions:

* Should I disable automatic EOT after all (since I don’t provide subscriptions or time-limited services)?
* Could the 5 minute communicate with Authorize.Net’s API be the cause of cybersource attempting to communicate with the server, and what purpose does it serve? And if it is the cause, could this activity have been deemed sufficiently suspicious by “CSF – ConfigServer” to not only block cybersource, but legitimate, live, checkout transactions?
* Are there IP addresses that I should whitelist in the firewall?

I don’t know for certain how strict CSF is operating, but since it doesn’t permanently block IP’s I’m concerned things are getting swept up or deemed suspicious when the activity is innocent and necessary for s2member to function properly. It could be a random, moving target that operates outside of the s2member app hemisphere, but results in a silent, operation conflict anyway?

Thanks.

Posted: Monday Aug 5th, 2013 at 1:31 am #55204
TJ
Username: wellwater

Thanks Mike. That’s similar to what I did. I took a zipped up backup and just overwrote the files on the server. I then deleted the two new file additions specific to the latest version:

/plugins/s2member/includes/classes/database.inc.php
/plugins/s2member-pro/includes/classes/sc-dripping.inc.php

Thanks again.

Posted: Sunday Aug 4th, 2013 at 6:12 pm #55118
TJ
Username: wellwater

Thanks Mike. While you’re at it can you please pass along two suggestions:

1) The expiration year drop down extends out to around +40 years. I think this may be a bit excessive. PayPal.com’s expiration extends to 20 years. Amazon.com’s extends to 24 years. After visiting a number of ecommerce sites, I haven’t seen any extend beyond Amazon.com. And I’m pretty confident if Amazon’s setting a max of 24 years, it’s probably safe for any site to do so as well. Perhaps 20-24 years would more reasonable than 40. Another thing is, 40 years makes for a long drop down box. For folks on small screens, and mobiles, that’s a lot of scrolling that can go off screen.

2) The expiration month and year are defaulting to empty values. If you look at how these fields are rendered on other ecommerce sites, January [01] and the current year [2013] are always defaulted as the first choice. There’s not even a blank field at the top, as there’s no practical reason to have it. This forces folks to immediately, and intuitively recognize that this is the expiration and credit card part of the fields. Since this field is always required, and backend validation will catch expired years anyway, I think the blank values should be entirely removed and the first month and year just shown by default as they’ll be the first values in the drop-down list.

Another practical reason to remove the blank lines for both drop-downs is if a user submits the form with both fields unchosen, the following JavaScript validation error is outputted:

Card Expiration Date (mm/yyyy) *
This is a required field, please try again.

Card Expiration Date (mm/yyyy) *
This is a required field, please try again.

It’s outputting the same error twice, which can confuse the user. If a person submits only one out of the two, it’ll output it just once. Removing the blank lines at the top of the drop-downs resolves all these issues.

Viewing 25 replies - 1 through 25 (of 61 total)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.