Author Archive

« Older Entries

Temporary Outage

June 24, 2019

4:22am Pacific time

Sites were down for approximately 20 minutes this morning due to a Cloudflare SSL and DNS issue.  The sites are now mostly back up and operating with intermittent issues, it appears that the issue is mostly resolved but they are still working on it.

===================================

4:00am Pacific time

We’ve identified that the problem is being caused by a global SSL outage.  We will update when we know more, note that Cloudflare is a third party provider who powers our DNS along with about 10% of the internet world so we are not alone.

===================================

3:55am Pacific time

We’re investigating issues with the sites being inaccessible in some regions.

 

Posted in Notices | Leave a Comment »

Maintenance Completed

November 10, 2018

The maintenance has been completed. All sites and services are running as normal.

The email server maintenance will be done at another time as there was not enough time to complete it tonight.

Any questions or comments please send an email to support@storesecured.com

Posted in Notices, Scheduled Maintenance Notices | Leave a Comment »

Scheduled Maintenance 11/10 9:00pm PST

November 9, 2018

Scheduled maintenance period Saturday 11/10/18 9:00pm – 10:30pm Pacific time.

We will be optimizing the server hardware for the database server this Saturday evening.  This will cause downtime for all stores and the management portal of between 30-90 minutes.  A maintenance message will be shown during the downtime.

When the database maintenance is complete further server hardware optimizations will be done on the email server.  The email server maintenance period will result in downtime for the email server ONLY.  Merchants will be unable to login and view or send email during this time frame.  Any email received during the downtime will be delivered shortly after email service is restored.

For questions, comments or concerns please email support@storesecured.com

Posted in Scheduled Maintenance Notices | Leave a Comment »

Email Security FAQ

June 25, 2018

Some common questions we have received so far after the update:

1) I am using Outlook or another program to read email do I need to update the server address from mail.storesecured.com to webmail.storesecured.com?

No, the https://webmail.storesecured.com address change is ONLY for those who are using webmail. If you are using Outlook or your phones email etc this does NOT change.

2) Should I enable Secure Password Authentication?

No, Secure password authentication should not be checked, it is only for certain types of servers

3) Should the SMTP port be 25 or 587?

Either one, it does not matter for us, your Internet provider may block one or the other so if one does not work, then try the other

4) Does the outgoing server require authentication?

Yes, the outgoing server requires authentication using the same settings as the incoming server.

5) Can I connect without TLS?

Yes, you can technically connect without TLS but it is then not a secure connection just like using a http vs https webpage. We highly recommend always using a secure connection.

6) My email software only shows a checkbox for SSL and no TLS?

On some email programs we have seen that they do accurately use TLS when you check the SSL box as long as you are connected with the correct port. If your email program does not have TLS selection please try using the SSL selection instead.
If you are using IMAP for incoming, use port 143, if you are using POP3 for incoming use port 110.

7) My email still doesn’t work, can you help?

Yes, if you are running an older version of Windows, ie Windows 7 or 8 it may not support TLS 1.2 by default. To verify this is the case please send your ip address (look it up at www.whatismyip.com) to our support team and we can confirm from the logs.

8) I have Windows 7 and TLS 1.2 is NOT enabled, how do I enable it?

Here is a link to some instructions on how to update Windows 7 to support TLS 1.2
Scroll down in the article about halfway to where it says:
Steps required to switch to TLS 1.2 on Windows 7 and start there.

http://www.teamnetworks.net/blog/4832/enabling-tls-1-2-on-windows-7-complete-instruction/

Follow the steps listed.

Try to connect via email again.

Alternatively here is a article directly from Microsoft describing the same process, I don’t feel it’s quite as easy to follow though you may prefer to go straight to the source.
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

9) I’m still having problems?

If you are still having problems please contact our support team for assistance.

Posted in Hints Tips and Tricks | 1 Comment »

Email Security Changes and Maintenance Period 6/24

June 20, 2018

Effective June 24th there will be several security changes to our email server to comply with PCI rules.

  • Webmail will be moved from mail.storesecured.com to webmail.storesecured.com. (ONLY for Webmail).
  • Webmail must be connected to securely, ie https vs http
  • All connections to read/deliever mail should be done securely, using TLS (NOT SSL) connections
  • TLS 1.0 will be disabled, SSL will be disabled. All connections must use TLS1.2 or higher
  • The mailserver will not accept plaintext credentials. All credentials must be encrypted.
  • SSL access to the email server via ports 993, 995, and 465 via SSL will be disabled in favor of more secure TLS connections on ports 25, 110 and 143

Email Server Maintenance
The email server will be unavailable periodically during the maintenance period from approximately 8:00pm-midnight pacific time on June 24th to make the above changes.

How can I prepare for these changes ahead of time?
When using webmail start going to https://webmail.storesecured.com INSTEAD of http://mail.storesecured.com

If using Outlook or other email program to read your mail make sure it is setup to use TLS connections with the proper ports:
To change this setting in Outlook

  1. With your Outlook client open, select Tools from the main menu. Then select Account Settings… from the drop down menu.
    This will open up the Account Settings window.
  2. If you have more than one email account configured, make sure that your StoreSecured Internet account is selected.
  3. With your StoreSecured email account highlighted, select Change.
  4. This will open another window called “Change E-Mail Account“.
  5. Click More Settings….
  6. This will open another window called Internet E-mail Settings.
  7. Click the Advanced tab.
  8. Look in the section called Server Port Numbers.
  9. In the drop down menu under Incoming server select TLS from the list of options.
  10. If you are using IMAP the port number should be set to 143.
  11. If you are using POP the port number should be set to 110.
  12. Then, in the drop down menu under Outgoing server (SMTP), select TLS from the options.
  13. Your outgoing server port number should be set to 25, in the Outgoing server (SMTP) field or port 587 can be used as an alternate SMTP port if you cannot connect via port 25.

Additional Questions
If you have questions about your particular setup, email program etc, please contact StoreSecured support via our support system for additional assistance.  Also you can read our FAQ about the change here.

 

Posted in Important Changes, Notices | Leave a Comment »

PCI Compliance and TLS 1.0 Update

June 1, 2018

Effective June 16th, 2018, StoreSecured will be turning off our support for TLS 1.0.    We are doing so to comply with the latest PCI standards which require that support for TLS1.0 is disabled by June 30, 2018 at the latest.

 

Potential Issues

Please note that if you or your clients have very old browsers this may mean that you are no longer able to use the StoreSecured website’s in secure mode unless the browser is upgraded.

How to check your browser

Go to https://www.ssllabs.com/ssltest/viewMyClient.html and look in the very first box labelled Protocol Support.  If it says “Your user agent has good protocol support” then you are good, otherwise you need to upgrade either your browser,  your operating system or both.

Why are we doing this

We are required to turn off TLS 1.0 and lower support in order to comply with PCI regulations and to ensure high security.  PCI regulations are required to be adhered to in order to accept credit cards.  As an ecommerce site provider this is critically important for us and for you our merchants.  We have waited as long as possible to turn this off to give clients time to upgrade and now we must proceed.

Questions

If you have any questions or concerns feel free to contact us via support request or via email at support@storesecured.com or you can read further at the link below:

https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Migrating_from_SSL_and_Early_TLS_Resource_Guide.pdf

Posted in Uncategorized | Leave a Comment »

Payment Page Captcha Added

September 6, 2017

Effective immediately new bot security measures have been added to the payment pages for StoreSecured merchants.  After multiple credit card declines a captcha will be shown to the user for them to prove that they are a human and not a bot.   As the declines continue the captcha will be shown each time and verification required to continue.  If there are several more declines the user will be temporarily blocked from processing a new payment for a period of time.

The captcha was added due to bots who are trying out credit card numbers on a few of our merchants websites resulting in high numbers of declined charges.  The captcha implementation is meant to keep the checkout process easy for real users but tough on bots.

If you are not familiar with what a captcha is you can read more about them at the link below:

https://www.intechnic.com/blog/what-is-captcha-and-how-is-it-used/

If you have any questions about this new feature please submit a support request and we would be happy to help.

Posted in Features | Leave a Comment »

Authorize.net Performance Issues 8/15

August 15, 2017

Important note for customers who use Authorize.net as the payment gateway.

Between approximately 9:30am and 12:30pm today 8/15, Authorize.net had several periods of slowness and errors with their API calls which resulted in errors and time outs for customers who tried to process credit cards with Authorize.net.  We urge merchants who use Authorize.net to check your transactions in the Authorize.net portal that occurred during this time for any duplicate orders or orders with payments that StoreSecured did not receive notice of.  Please note that during this time many attempts to charge customer credit cards were met with a timeout message or an error from Authorize.net and thus StoreSecured may not know the final status of those charges.

Posted in Uncategorized | Leave a Comment »

Google Chrome User Special Alert …Important

August 15, 2017

Special alert to our merchants who use Google Chrome.

Google Chrome has put out an update today which breaks the editor tool that is used inside of StoreSecured. Please note that when using the latest google chrome browser with Storesecured’s editor all of your editor content appears empty and if edited will result in losing your content.

This is a brand new Chrome update and we are investigating to see if the editor tool has an update to stop this problem.

In the meantime we recommend either turning off the editor if you use Google Chrome, use a different browser, OR set your editor to use the old version. This setting is located under General–>Other Settings.

Note that this is a result of an automatic update that Google Chrome is doing today so if you use Google Chrome this applies to you.

As soon as we have further information we will make further updates.

Posted in Notices | Leave a Comment »

Portal issue 3/21/2017 (Resolved)

March 21, 2017

This morning, 3/21, StoreSecured experienced an issue that affected the successful loading of some of the pages in the application used to manage stores. Note that this issue did not affect actual store loading or any other areas beyond the editing of stores. The error was the result of a problem with a windows security update for new PCI compliance rules and was resolved at approximately 10:30am Pacific time.

We are sorry for any inconvenience that this error caused. The underlying issue has now been found and corrected.

Posted in Notices | Leave a Comment »

« Older Entries