This tutorial guides you through setting up Magento Multi-Store on Shared Hosting with cPanel with the “parked domain” method. The set-up has been tested on our servers and works perfectly with all TerraNetwork hosting accounts. Any problems, feel free to contact support and we can take a look.

Shared Hosting Caveat: Whilst it’s perfectly possible to run Magento on Shared Hosting it does require more resources than other carts. If your shop gets busy or you have a large number of SKUs, then you may wish to consider an upgrade to Semi-Dedicated or Dedicated Hosting.

The set-up has been tested with Magento Community Edition 1.6.1.0 on Shared Hosting with cPanel on PHP5.3.

• Adding another shop in Magento
• Adding a parked domain to cPanel
• Modifying .htaccess
• Setting up SSL for checkout

Adding another shop in Magento

First off we need to add a second shop in Magento. We’re using a dummy name “example.com”. Please replace with the real domain you wish to us.

Create Root Category

1. Log into your Magento admin
2. Go to the Catalog tab and select “Manage Categories”
3. Click on the “Add Root Category” button on the left
4. For “Name” enter example.com. Set the dropdown for “Is Active” to “Yes”.
5. Click “Save Category” button.

Create Website

1. Go to the “Systems” tab and select “Manage Stores”.
2. Click on the “Create Website” button.
3. For the “Name” enter example.com and for the code example. The code will be important later when we need to modify .htaccess.
4. Click on the “Save Website” button.

Create Store

1. Click on the “Create Store” button.
2. For the “Website”, select example.com from the dropdown. For the “Name” enter “Example” or any value of your choice. For the “Root Category” select example.com from the dropdown.
3. Click on the “Save Store” button.

Create Store View

1. Click on the “Create Store View” button.
2. For the “Store” select the store you created in the last step, in our case Example. For “Name” enter Example View. For “Code” enter example_view. Set “Status” to “Enabled”.
3. Click on the “Save Store View” button.

Change Base URL

1. Go the “System” tab and select “Configuration”.
2. For “Current Configuration Scope” (located near top left) change the dropdown menu from “Default Config” to example.com
3. Select “Web” from the left sidebar under the “General” section.
4. For both the Unsecure and Secure sections, uncheck the “Use Default” box next to the Base URL; and enter the URL for your own shop example.com. Make sure to include the trailing backslash.
5. Click the “Save Config” button.

Modify URL redirecting

1. Still under “System -> Configuration” change the “Current Configuration Scope” to “Default Config”.
2. Select “Web” from the left sidebar under the General section.
3. For “URL Options -> Auto-redirect to Base URL” set to “No”.
4. Click the “Save Config” button.

Adding a parked domain to cPanel

1. Change the domain’s DNS name servers to your servers. If in doubt, ask your hosting provider for help.
2. Log into your cPanel and go to “Domains -> Parked Domains”
3. Add the domain example.com and click “Add Domain”

Modifying .htaccess

1. Either log into your cPanel and go to “Files -> File Manager” or connect to your site via an FTP program.
2. Navigate to /home/USER/public_html/.htacess (where USER is your cPanel username).
3. Add to the file the following lines as below. The “Host” is the main part of your domain name. “CODE” is the website code you defined in Magento admin. RUN_TYPE should always be “website”.
   
4. Save the file and if you using FTP, upload to your site

Done!

If all has gone to plan, then you will now have the same instance of Magento running on two separate domain names.

Setting up SSL Certificates for Checkout

With the set-up as described above, the only option if you need an SSL Certificate for checkout is to go for a Multi-Domain cert. Multi-domain SSL certificates allow for one cert to be applied to separate domain names on 1 IP. In the past these used to be prohibitively expensive; but prices have tumbled dramatically and are now feasible even for smaller shops.

Multi-Domain Certs should not be confused with WildCard SSL Certs. WildCard covers sub-domains (www.mydomain.com, shop.mydomain.com). Multi-Domain Certs cover separate domain names (mydomain.com, myothershop.com). When ordering a Multi-Domain Cert please bear in mind that www.mydomain.com and mydomain.com will be counted as 2 domains.

For the Dedicated IP, please contact your hosting provider. For Multi-Domain Certs, you can for example try Comodo or GoDaddy.

So there you have it – a Magento multi-shop set up with secure checkout on a Shared Hosting account. And for customers of TerraNetwork, if you run into any issues, feel free to drop us a support ticket, we’re here to help!

The update from the PrestaShop team is included in full below:

PrestaShop Security Fix

Last night, the PrestaShop’s official website, prestashop.com, was hacked, resulting in the misappropriation of a script intended for transcribing news information in the Back Office of PrestaShop stores.

The entire PrestaShop team dedicated ourselves to identifying and fixing this issue as quickly as possible. That fix has been completed.

Has my shop been infected?

This only affects PrestaShop versions 1.4/1.4.1/1.4.2/1.4.3/1.4.4, but not all shops using these versions are necessarily affected

If you use one of these versions, please check for any of the following symptoms:

• A her.php file is at the root of /modules folder
• A .php file different from index.php is in the upload and download folders
• Your footer.tpl file has been modified
• Your tools/smartyv2 folder is missing

If you fulfill one of these conditions, your shop may have been infected. However, it is easy to fix just by following the instructions listed below.

What should I do?

1. Change your database password (or contact your webhost if you do not know how to do it). Once you have done that, open the settings.inc.php file in your /config folder and replace your old password with the new one. See below:
2. Download the fix published by PrestaShop available on http://addons.prestashop.com/fr/herfix/
3. Upload it to the root folder of your shop with your FTP client (Filezilla, Transmit…)
4. Go to the url http://www.myshop.com/herfix.php (where myshop.com is replaced by the domain name of your site)
5. The fix is now applied. Please do not forget to delete the herfix.php file previously uploaded at the root of your shop
6. Rename the admin folder
7. Change the password of all admins of your shop

If you need any help or have any additional questions, you can email us at moc.pohsatserpnull@ytiruces. You will receive an answer at the soonest.

The whole PrestaShop team wants to deeply thank the community for its help in identifying this issue.

You can find full information here: https://www.x.com/view-blog-post.jspa?blog=1542&blogPost=5811

You can also check PayPal’s system status and scheduled maintenance at:
https://www.x.com/community/ppx/system_status

“Tell a Friend” (TAF) scripts allow a user to send an email to another person via your website, usually intended for sharing product/page links. However, as these scripts are nothing more than simple mail send commands, spammers can easily exploit them by running an automated script against it which sends out spam messages, using affected websites as free spam relay.

Spam exploits are often only noticed when email send volumes on the site go up unexpectedly, and volume of bounced emails drastically increases. Although in some cases, spammers keep the volume of emails very low, and we have seen exploits which went undetected for months.

In this article we discuss strategies how “tell a friend” (TAF) scripts can be secured and alternative methods of allowing customers to share links on your site.

• osCommerce / Zen Cart
• Magento
• WordPress
• Social sharing buttons
• Using email link
• Other methods to secure your script
• Secure your site now!

osCommerce / Zen Cart

Both osCommerce and Zen Cart have a tell_a_friend.php script which allows visitors to send an email with a product URL and message via your site. Misuse can be stopped by setting the configuration setting “Allow guest to tell a friend” in the shop admin to “false”. Once set to false, customers will be required to log in or register before sending the email.

If “Allow guest to tell a friend” is set to “true”, this script is easily exploited. Spammers often search the web for tell_a_friend.php script names and once they have found your site it provides an open door for using your site and bandwidth as their own free mail service. As spammers look for file names, just removing the link from your site won’t stop the exploit. Only securing (or deleting) the script itself will.

In Zen Cart, go to “Configuration -> Email Options”.

In osCommerce, go to “Configuration -> My Shop”.

Magento

Magento’s “Email a friend” script can be configured in admin under “System -> Configuration -> Catalogue: Email to a friend”. The important setting is “Allow for Guests” set to “No”. It also gives the option to limit the number of recipients, limit the number of emails sent per hour and how to monitor either by “cookie(unsafe)” or “IP Address”.

WordPress

WordPress has no built-in TAF script, but there are many plugins available www.google.co.uk/search?q=social+bookmarking+wordpress . One we use is wordpress.org/extend/plugins/sociable/. This plugin combines popular social networking tools (facebook, twitter) and an email link which uses the visitor’s own mail program.

Any plugin should be checked to see how email is sent. If email is sent via your own site/server, it will present a security issue and is best avoided. Plugins which send mail via their own server or use the visitor’s mail program are safe.

Using Sharing Buttons as secure alternatives to TAF scripts

A good alternative to using your own TAF script is to use sharing tools such as www.addthis.com and www.sharethis.com/. These give visitors a wide range of options how to share content on your site including email, facebook, twitter and many others; and can easily be implemented.

Social network sharing tools are secure, customisable for your site, often can be integrated eg with Google Analytics and tap into the current trend for social network features. Additionaly, the “email” links are sent via the button provider’s website who are responsible for security. Even if the email link is exploited, it would not impact on your own site (and server).

For site owners looking for an easy to implement, user-friendly and secure alternative to writing their own TAF scripts, these tools offer an attractive option.

Using an email link

An easy alternative to TAF scripts are email links which use the visitor’s own email program (Outlook, Thunderbird etc) to send an email. Links are in the format:

 XX 

Where XX is your preferred subject line and body content message. Dynamic content such as the product URL are easy to add by developers. Please note that the mailto command is empty on purpose, to allow visitors to enter their own recipient email addresses.

When a visitor clicks on the link, an email is opened from the mail program and visitors can then send via their own email service. This method is simple, but can lead to problems where visitors don’t have email programs installed on their device or eg at work are not allowed to use these for private communications. On the other hand, email is sent by the person itself, simplifying privacy implications and removing any spam concerns.

Securing your TAF Script

If you cannot secure your TAF script via existing configurations in your site, and the social networking tools are not suitable, then you can look into securing your script. This work should only be carried out by a developer with a good understanding of PHP security.

Common tactics to stop spam exploits include

• use a captcha (nb: hackers have become quite good at breaking these)
• forcing users to register with a website (customer registration) before sending email
• limiting the volume of emails each IP address can send per hour
• log all emails sent via your site (monitoring, alert of suspicious patterns)

It should be noted that any mail script that allows users to send their own mail via your site is inherently a risk. Even if security measures are taken, the activity on the script should be closely monitored and site owners should be aware of the exploit potential.

Secure your site now!

Even if you are not a developer yourself, you can easily check if your site uses a “Tell a Friend” script. Have a look on your site, check what software you are using (Zen Cart, Magento, etc), check via a file manager for any “tell_a_friend.php” or similar files.

If your site does use a script of this kind, use our advice to secure your site now & don’t be a free mail service for spammers!

For most people the costs involved in buying their own bricks-n-mortar shop, stocking it, staffing it and running it until they get into profit is just too much to bear, or just too much of a risk.

Some will be tempted by the idea of buying into a franchised business – a pre-established business expanding through franchising in new areas.  They’d get the business model, the products and facilities they need from the franchising company and their own area in which to operate. But it’s up to them to grow the business and the up-front costs of buying the franchise runs from the thousands to the tens of thousands.  That’s money that many don’t have and for others it’s still too much of a risk.

So what’s the one thing that keeps growing, year-on-year, even during tough times?  The Internet.  The World Wide Web.  And on the Internet the area that also keeps growing is eCommerce – the quick and easy way to start your own business and with very little outlay.  That’s where we come in.

We specialise in providing off-the-shelf eCommerce sites for people who want to start their own business, but also provide white-labelled Reseller Hosting for those who want to grow a business selling websites to others.  We make it easy for both kinds of entrepreneur.

From as little as £39.95 a year (excl tax) you can have your own hosting package with eCommerce software installed by us.  From as little as £130.00 per year (excl tax) you can have your own Reseller Account and be the host for up to 10 websites.   Starting up your own business, with the aim of growing it to something substantial, doesn’t get more risk-free than that!

So what are you waiting for?  Come on in – the www is fine!

If you installed Zen Cart yourself using Fantastico or Softaculous then you can use  Softaculous to apply the upgrade – and don’t need to follow the procedure below.

Upgrading an unmodified Zen Cart 1.3.8+ to Zen Cart 1.3.9h

The quickest way to do this, provided you have not added coding additions to your website, is to install a new copy of Zen Cart 1.3.9h in a new folder on your website, and then make a copy of your database and upgrade it to 1.3.9h level. This method is particularly recommended if your Zen Cart site has been subject to a hack.

You must put your live site “Down For Maintenance” whilst you carry out this procedure – otherwise it will become much more complicated to replace your live site with the test site when ready to do so.

1. Make an FTP connection to your website and create a new folder. Make sure that the name of the new folder does not closely conflict with an existing folder to avoid confusion.
2. Now upload the complete sub-folder and file set for Zen Cart 1.3.9h to that new folder.
3. Now go to cPanel and using the MySQL Wizard link create a new empty database with a new User and Password (make a note of them for future reference).
4. Now use the phpMyAdmin link in cPanel to download a backup of your existing website’s database to your PC.
5. Again using cPanel and the phpMyAdmin link go to the new and empty database. Click on the Import tab and then use the Browse text box to locate the database backup you downloaded to your PC. Now you can Import a copy of your database ready for use with the 1.3.9h test site.
6. Now download copies of your existing website’s two configure.php files and your ‘images’ folder then upload them to the correct places in the 1.3.9h fileset. Please make sure that the ‘images’ folder does not contain any PHP files, because these will be hack files.
7. Now that you have done that you need to edit both configure.php files in the new 1.3.9h test site folder with the new database name, user name and password. You must also alter the file pathways to include the folder name. At this stage the two configure.php files need to be left “writeable” (permissions of 644).
8. Now you are ready to begin the upgrade of the database to 1.3.9h. Using ‘yourdomain.com’ in place of the real name of your domain, and assuming that you installed your original site in the root of your domain, you go to this address: http://www.yourdomain.com/test-folder/zc_install.
9. At the bottom of the configuration check page you will see a link which allows you to upgrade the database only. Click on that link only – and no other.
10. You have now upgraded your old database to work with the new 1.3.9h website.

Just some tidying up and checking to do now:

11. Go back to the test-folder/admin/includes/configure.php file and change the name of the ‘admin’ folder (in 3 places).
12. Rename that admin folder, using FTP, to a new name.
13. Now make both of the configure.php files, using FTP, have permissions of 444 (unwriteable).
14. Run tests on the new website to make sure it is all working correctly.

You should now have a working 1.3.9h website, with the contents of your existing website’s database. When you are happy that all is working as it should do you can replace your existing website with the new 1.3.9h website.

I have an upgraded “test” site, so now what do I do?

If you followed our advice and put your old website “Down For Maintenance” whilst creating the site upgraded to 1.3.9h then you won’t have had any new customers register on your site and no new orders whilst you did this upgrade of the test site and so replacing your live website with your test website (making it the live site) is relatively simple.

1. You can keep the upgraded new database as it is, and use it for the new website.
2. If your live site was installed in a folder called, for example, ‘shop’ and your test site was installed in a folder called, for example, ‘test’ – then FTP to your website and rename the ‘shop’ folder to something else and then rename the ‘test’ folder to ‘shop’. You then update your two configure.php files for your new and upgraded site with the ‘shop’ folder name replacing the ‘test’ folder name in those two files. Job done!

3. If you installed your live site in the root then it’s a little more time-consuming but not necessarily more difficult.
4. First, FTP to your site and download a copy of all folders and files inside your test folder.
5. You may also want to download a copy of all folders and files of your old website, but we do keep copies that go back two weeks (14 days) and which you can access via the R1Soft link in your cPanel.
6. Now, here’s the nerve wracking part – you delete all folders and files of your old version site in the root, except for any html files etc that you added and the cgi-bin folder.
7. You upload the 1.3.9h sub-folders and files to the root.
8. You edit both configure.php files and remove those parts of the pathways which include the test folder name.
9. You give both those configure.php files permissions of 444 to make them unwriteable.
10. Your new site is now live – but there is one final thing you must do to make your new site secure.
11. Use the Password Protection feature in cPanel to password protect your renamed ‘admin’ folder. This will add an additional (and necessary) level of security.

*** If you modifed the existing Zen Cart template or added your own template then you will need to copy those files over to the templates folder of the newly upgraded website. You will also need to copy over any overrides or extra configure folders and files, or you will lose the styling of your old site when upgrading.
*** If we installed Zen Cart 1.3.8a for you with Ultimate SEO URLs added to the basic install then contact us via Support Ticket and we will make available a download link to our version of 1.3.9h, which will include Ultimate SEO URLs.

The first thing to point out is that Tomato Cart was developed on the framework of osCommerce MS3 which, whilst available for download, is listed as “not ready for production use”. However, the work done by the team developing TomatoCart does mean that it is ready for production use.

Secondly, the comparison we are offering is between TomatoCart and osCommerce MS2 – the current stable version of osCommerce. There is little difference between the screenshots of osCommerce MS2 and MS3.

First let’s look at the front end of Tomato Cart, and then compare it with the look of osCommerce, as they are “out of the box”.

You’ll notice immediately that the front end of Tomato Cart is far more pleasing to the eye than the front end of osCommerce, and behind this is the templating system which Tomato Cart operates.

Now let’s look at the control panel, or the “back end” for both shopping carts.

Once again TomatoCart is more pleasing to the eye, but also easier to navigate around. You have the ability to select your Featured Products and there is also a Wish List incorporated into Tomato Cart.

If there is one drawback which TomatoCart has at the moment it is the small number of payment modules which are available for use with TomatoCart for UK eCommerce websites, and this is undoubtedly a problem. However, I do expect the development team at TomatoCart to remedy this in the very near future.

This is only a limited introduction to TomatoCart and is not definitive of its benefits or drawbacks by any means – it’s just to give you a flavour of what the TomatoCart development team have achieved on the base of osCommerce MS3.

Sage Pay are anticipating minimal disruption (calculated in minutes) while the ip address changes take place – but we have been here before with Sage Pay system upgrades and their track record is not great.

As Internet Service Providers lock onto the ip addresses which name servers use and not the actual names they use we hope that Sage Pay will put in place forwarding from the old ip addresses to the new. If they fail to do this, or fail to do it correctly, or their systems get overloaded with the redirects then you should expect disruption for much longer than a few minutes.

Our advice – if you have alternative payment modules installed but not currently in use, such as Pay Pal, then you should activate them ready for the 17th of April, thus guaranteeing that your customers are able to make payments to you.

Hopefully you won’t need this – but it’s just as well to be prepared!

Link to the Sage Pay email below:
Original Sage Pay Email

The fact is that .co stands for Colombia, the South American country this domain type belongs to – just as .tv stands for TuValu and not for TeleVision.

Registering one of the .co domains at this point in time, the pre-launch “Sunrise” stage, will costs hundreds whether you calculate in Dollars, Pounds or Euros.

If you think it is essential for your business that you grab one of these domains then you will need to do so at this stage and absorb the cost.

There are new types of domains coming out all the time, some make it and some don’t. For instance, you’ll see .tv domains being used by some companies who advertise on television, but mainly it has been a flop.

My own, purely personal, view is that at this point in time it is too early to tell if the .co type of domain will take off in a meaningful way.

However, we know that in this difficult economic climate there are many who are thinking about starting a Online Ecommerce Business, but are perhaps deterred by the cost and commitment required. That’s why we’ve decided to lower the entry bar for Start-Up businesses.

Having just upgraded web space and bandwidth on both our single-site Starter and Business hosting packages we have also now instituted a system of quarterly payments. Previously, for these two packages, there was only an annual payment option. You can now get your eCommerce site online for just £11.99 (plus vat) per quarter.

You still get a free domain (all common domain types – see our site for full details), and a free install of an eCommerce shopping cart website (Zen Cart, Magento, Prestashop, osCommerce).

For those that want a Full SSL Certificate, rather than use our Shared SSL Certificate, we’ve also lowered the cost of purchasing Full SSL for your website.

It doesn’t get easier than this to get your dream business online!