Support

 We are using iSubscription by iJoobi but we are having issues with our payments completing. Once a payment is made within PayPal then the site automatically activated the account. But since we installed Admin Tool this has stopped working. If we turn it off then everything works fine.

But we don't want to turn off Admin Tools and need to find out how to stop Admin Tools stopping this process.

I have contacted iJoobi and they have pointed out the culprit with the completion being AdminTools. When asked what file or directory they used so I could make a exception in Admin Tools they came back with this.

We do not use files for the confirmation, instead we use the standard Joomla link so we have a URL.

Sample for jStore: index.php?option=com_jstore&controller=payment&task=confirmation....

For jSubscription would be like this:

index.php?option=com_jsubscription&controller=payment&task=confirmation....

Out site is Proficiency Post

Kind regard

David

David,

That is the correct way to call the program, through the index.php file. Since their php file is not being called directly, Admin Tools would not block it for that reason. This is probably a false positive XSS attack or something similar. Please trigger the error in iSubscription then check your Security Exceptions log to see why it was blocked. Please post the exception and we'll figure out how to set up the exception.

The problem is that iSubscription don't come up with an error it just never completes a purchase once complete at PayPal.
Would there be anything blocking the site connecting PayPal or getting a PayPal api?
regards
David

Yes, it is possible that the return message from PayPal was blocked. But there should be a record of why it was blocked.

I'm referring to the Security Exceptions Log in Admin Tools under Web Application Firewall, not one of the server logs.

Just checked the security exceptions firewall and there is nothing there. Even if I set a date of over 1 month.
Does this need to be turned on first? If so where?
I have also checked the WAF configuration and see that XSS shirld is not on.
image
How do I need to set this to collect the data you need?
regards

David

The log should be turned on by default, but you set that under Web Application Firewall, Configure WAF, on the Logging and Reporting tab, Log Security Exceptions should be set to Yes. Also, on the same tab, the Do not log these reasons should be set to Geo Block only.