Dear Just X-Cart client,

It has come to our attention that some clients have considerably large databases which could be affecting not only their own sites performance, but result in monopolisation of server resources.

Your X-Cart database size can vary greatly depending on what data is stored within it.

As an example, the default X-Cart software when installed initially has 100 products and the database is under 6Mb. Unlike a live/active cart however, a fresh installation of the software naturally does not have any statistical data and other data that will normally be housed in the database.

If you feel your database may perhaps be a little on the large size, or if you simply want to ensure that it is fully optimised for best performance, we wanted to remind you about the tools available within your X-Cart admin to assist with database and site optimisation.

Just follow these simple steps:

(1) Log into your X-Cart admin
(2) Go to: Administration >> Summary >> Tools

On this page you will see a variety of tasks that can be performed on your database/cart. Simply click on the “more…” links to view the details about each option.

Even just removing statistics can take a huge load off your database. Essentially all databases require maintenance, especially when they store stats and session data etc, which your X-Cart store does.

X-Cart has specifically in-built optimisation tools for cart owners to use on a regular basis to keep their site optimised – so don’t forget to make good use of them .

There are 2 simple steps to remove the mail off the server, using MacMail.

Go to Mail >> Preferences

1. Click on the Advanced Tab and make sure the ‘remove copy from server’ tick box is ticked.

2. From the drop down menu, you have options as to how often you want this to happen. Select the option that is right for you. On our example, we have selected ‘right away’.

To read how to delete mail using Outlook and Outlook Express,

i) Deleting Mail From The Email Server: Using A Webmail Client
ii) Deleting Mail From The Email Server: Using Your Local Email Client

Just X-Cart Australia offer 3 different webmail email clients for managing your mail. Below are the instructions for each one with regards to successfully permanently deleting email off the server. If you are exclusively relying on webmail for your email in order to avoid exceeding your mailbox quota and thus having your email bounce, we strongly recommend you correctly configuring webmail with regards to deletion of email.

If you are relying on a combination of webmail and local email client, or exclusively on an email client like Outlook or MacMail, please also read the article Deleting Mail from the Email Server: Using Your Local Email Client >>

Log into your webmail account

From left-hand navigation click on Options >> Mail >> Deleting and Moving Messages

On the next screen you need to do 3 things:

Tick the box that says “When deleting messages, move them to your Trash folder instead of marking them as deleted?”
From the drop-menu header ‘Trash folder:’ select the option ‘Trash’
Tick the “Display the ‘Empty Trash’ link in the menubar?”

Then click on ‘Save Options’

Your webmail is now set up that when you delete items from your Inbox by ticking the box next to an email you want to delete, that email will now go into the ‘Trash’ can.

From here you can either go into ‘Trash’ if you have accidentally put an item in there you actually want, and thus you can ‘move’ that email back into Inbox or the desired folder within Webmail

or

if you are confident that everything in the ‘Trash’ can be deleted then you can click on the ‘Empty Trash’ icon at the top of the page.

It may seem like double-handling, that when you delete an item it doesn’t get completely deleted off the server, but it gives users a chance to realise they have deleted an email by accident before it disappears for good. A bit like windows recycle bin.

Unlike other webmail Horde, you don’t have to set up anything from the onset as this mail client is already configured to move deleted items to ‘Trash’ with then the option of full deletion thereafter.

Open SquirrelMail

When you have an email to delete simply tick the box next to that email, and click on the ‘Delete’ button. By default the ‘deleted’ email is always forwarded to the ‘Trash’ can.

In order to remove the email completely from the server, you simply click on the word (Purge) to the right of the ‘Trash’ link.

Roundcube is set up to immediately forward ‘deleted emails’ to the Trash however initially the webmail client is set up to force you to manually go into Trash, highlight the actual email in the Trash can, and then click on the ‘Delete’ icon.

If you would like to automatically have your ‘Trash’ deleted fully from the server upon logout, simply go to Personal Setting >> Preferences
and scroll down and tick the box that says “Clear Trash on logout”.

* Warning: in setting up the Round Cube preferences like this you will not be able to retrieve any mail accidentally put in the ‘Trash’ can once you logout so be sure that no wanted email is ‘deleted’.

You can avoid storing mail permanently on the server, thus resulting eventually in exceeding your mailbox quota for your email account, by setting up your local email client correctly.

If using webmail we recommend you read “Deleting Mail from the Email Server: Using a Webmail client”

Outlook / Outlook Express

(1) Go into the Email Accounts section, select the email address, and then go through to the ‘Advanced’ screen

(2) Under the ‘Delivery’ section, by default, it will be set not to save any email on the server. Alternately you can set things up to save emails on the server based on certain conditions such as a specific time period in ‘days’ that mail will be kept on the server, or instead based on when you delete the email from your ‘Deleted Items’ folder.

Threats to a server can come from many different locations and one of these is when files are uploaded to a site.

We have always been a leader in the field of server security and on more than one occasion have been the first company in Australia to incorporate new security scripts and measures on our servers.

In line with this are very pleased to announce a new measure that is available to secure against infections arising when uploads are made to a site / server.

Click here to read our article

(1) Meta-data:

Ensure all pages of your site have meta data eg relevant titles, descriptions and keywords. There are a number of SEO tools available that can check keywords density, title and description relevance to page content etc. It takes time to get the right balance and have the meta data and actual page content have relevance, but the time you invest with certainly be worth it.

(2) Images:

Put text/alt tags on images throughout your website. Not only does it provide additional descriptions and information to customers, but it also assists Google to understand better what you page is about and also assist screen-readers to more effectively analysis your website, making it much more user-friendly.

(3) Content & Internal Linking:

Write up a keyword rich homepage introduction to include the words relative to your products/industry + links into your cart categories and directly to your products.

(4) Google Stuff:

• Click here for the one-stop shop for Webmaster resources
• Click here for webmaster guidelines. These tips will assist Google to find, index and rank your site
• Create a site map – click here to generate your site map online
• Create a Webmaster acccount so you can add site maps, manage robot text files and more.
• Create a Google Adwords campaign focusing on keywords that people are looking for and be willing to pay more than necessary on the keyword/s for 1-2 months. Once you start getting the click-thru history then you can knock the cost back to less. Click here to sign up.

(5) Forums:

Find forums that you can give your professional opinion on. Don’t just go into the forum and tell everyone to come and visit your site – this is not the objective. Instead, find forums that you can assist others with your knowledge. Take the emphasis of trying to promote your business, and place it on actually answering a question to the best of your ability. Ensure, however, to put your website URL in your signature so that when you do post comments to a forum with your answer goes up your web address.

(6) DMOZ Submission:

Sign up in the DMOZ directory – http://www.dmoz.org/  (ensure to drill down into the specific category, one only, that you want to be listed under, then click on ‘Suggest URL’ from top of page)

(7) Resources/Links:

Actively seek to place your link on sites with good pagerank, or that are popular and within your industry type. We strongly advise against link-farms and simply exchanging links for the sake of it. You can also place on this page links to other sites that you feel your visitors may find useful. Ensure to have written into your Privacy Statement however that all external links are provided to them as a courtesy and that you are not responsible for the content or activities of the business etc should your customer visit the links.

(8) Be Proactive:

Make regular changes, updates, add pages to your existing website. Add pages but do not delete existing ones, not change the actual names of the pages. All pages of your site has ‘history’ attached to them and if you delete pages, or change their names that ‘history’ is lost.

(9) Constant Contact:

Keep in contact with visitors to your and customers. Provide the option of subscribing to your newsletter on your website and then use that email addresses provided to notify site visitors of everything happening in your business, from the launch of new products, upcoming events, specials, sales etc. Whether it be a weekly or even monthly newsletter, the aim is to keep your web address clearly in their minds – and what better way than via their inbox!

(10) Monitor your site:

How can you possibly know what is going on with your website if you don’t actively monitor what’s going on with your website! X-Cart comes inbuilt with a variety of statistics and analysis tools, however, if you really want to view your websites activities get yourself a program that enables you to see where people are coming from, what are the most popular pages, how many ‘unique’ visitors have visited, how did they get to your site eg by search engine search term, adwords link, or other referral link, and the click-path they took through your site. All of this information is invaluable to see how your website is going. In conjunction with monitoring software/tracking script, keep you own journal of keywords and how you are ranking in the search engines. Just put together a spreadsheet and list down the keywords you want to rank well in. Then weekly take the time to actually type those keywords into Google and see where you are positioned. The only way to tell if you are improving is to check if you are actually improving! If you are, keep doing what you are doing. If not, then at least you are aware that things need to change in order for your search engine success to change.

(11) Add a Blog:

Just like the forums, a blog can be a fantastic place to provide resources and information to your customers and site visitors. It can also encourage regular interest in your site, resulting in repeat visits from people just to see the latest news, review and information you have on your blog.

(12) Reward your customers:

Have incentives to encourage repeat patronage ie all first-time customers you could send a $10.00 gift certificate to – they would have to either come back themselves to redeem it, or forward it on to another person – either way you get another sale, even if you loose $10.00 on the sale itself.

Have ‘special offers’ or bonuses such as free shipping etc, especially o Special Occasions such as Mothers Day, Fathers Day, Valentines, X-Mas, Easter – basically utilise all the special times of the year as a good excuse to have a special, have a sale, have a bonus offer etc  

(13) Social Networking:

There are numerous places on the internet where groups of people gather these days, that form the perfect marketplace for promotion of your business. As such it would be within your best interest to take advantage of such places including:

• Twitter
• MySpace
• Facebook
• Skype
• MSN

You may not understand much about such social networking sites however even a little knowledge and utilisation of these sites can increase traffic to your site, resulting in sales from strangers that are now your new customers!

And even if you don’t have the time, knowledge or inclination to do anything with social networking right now, we strongly encourage to go and secure your social networking identities for future use – if you don’t you may very well find that your competitors!

 Here is how to create a post or article into your newly created Categories.

 Diff file (or a patch) is a file ‘describing’ changes which needs to be applied to the file. In UNIX world diff files are a standard way to apply changes/fixes to a program source code. There is a special program called ‘patch’ which reads diff files and applies the changes to the source code. 

In everyday use diff files are frequently called ‘patches’ which may sometimes cause confusion. 

An example of a diff file:

Code:

Index: admin/category_modify.php 
@@ -160,7 +160,7 @@ 
       db_query(“update $sql_tbl[categories] set category=’$category_name’, description=’$description’, 
meta_tags=’$meta_tags’, avail=’$avail’, order_by=’$order_by’, membership=’$cat_membership’ where 
categoryid=’$cat’”); 
       db_query(“UPDATE $sql_tbl[categories] SET membership=’$cat_membership’ WHERE category LIKE 
‘$category_name/%’”); 

-       db_query(“UPDATE $sql_tbl[categories] SET 
category=CONCAT_WS(”,’$category_name’,SUBSTRING(category,”.strlen($old_category_name).”)) WHERE category LIKE 
‘Books/%’”); 
+       db_query(“UPDATE $sql_tbl[categories] SET 
category=CONCAT_WS(”,’$category_name’,SUBSTRING(category,”.(strlen($old_category_name)+1).”)) WHERE category 
LIKE ‘$old_category_name/%’”); 
   } 

#

We suggest three methods for patch installation.

During internal audit activities we found a moderate security issue that makes X-Cart potentially vulnerable to attackers who wish to gain access to the application back-end.

The following security improvement has been included into this update: -

- protection from XSS attacks.

SEVERITY:
Moderate

IMPACT
Malicious users may inject an active content (for instance: JavaScript) into the application to fool users in order to gather data from them.  An attacker can steal the session cookie and take over the account, impersonating the user.

AFFECTED VERSIONS
All X-Cart versions

SOLUTION
We strongly recommend you to apply the security fix to secure your store.

To apply this patch, follow the instructions below:

1) Download the security patch (the security-patch-2009-08-04_***.tgz archive file, e.g. security-patch-2009-08-04_4.2.2.tgz) from the “File area” section of your HelpDesk account.

You can find the patch by the following path:
* For X-Cart 4.2.2 version:
X-Cart -> X-Cart 4.2.2 (current version) -> Updates and patches

* For all the other versions:
X-Cart -> X-Cart supporting files for prev versions -> {Your X-Cart branch} -> {Your X-Cart version} -> Updates and patches

2) Decompress the archive file.
The following folders will be extracted:
/DIFF-xcart – contains DIFF files to patch customized X-Cart files
/xcart – contains the X-Cart files with fixed vulnerability.

Note:
DIFF file is a file containing the difference between two files. In our case the DIFF file contains changes made to the current file by comparing it to a former version of the same file.

There are 2 ways to install the patch:
a) place the fixed files over the current ones;
b) manual installation using DIFF files.

3) Back up the corresponding files in your X-Cart before patching the store.

4) If the files from the xcart directory are not modified in your X-Cart, you may use the first method of applying the patch. This
way the files from the patch will overwrite the same files in your X-Cart.
You should copy the files from the patch into your X-Cart installation via FTP or another tool that you
usually use to manage files on your web-server. The copied files will replace the original ones that contain
the vulnerability, thus it will be fixed.

NOTE: The patch will overwrite the files completely, i.e. they will become default. If you made any
changes or customizations to the files, make sure you re-implement the changes after the patch has been
applied, or just install the patch manually.

5) If the files have been modified, it is recommended to apply the patch manually using DIFF files. This way you will keep your modifications intact. 

ATTN: In case you are running X-Cart 3.3.x and earlier, please contact our tech support directly. 

If you have any questions or concerns, please do not hesitate to contact Just X-Cart

Please note: all the issues fixed by the current patch have already been corrected in the newest X-Cart 4.3.0 version.

 Gift Certificate bug-fix

With the release of NABTransact externally hosted payments page recently, we have discovered a small bug whereby the NAB gateway will not recognise gift certificates monetary values when placed in the cart. This glitch causes the order to fail once it leaves the cart and attempts to process the order with NAB’s gateway.

Our developers have, however, investigated and rectified this issue.

Please contact Just X-Cart Australia if you have the first release of the NABTransact payment gateway add-on and we can supply you the file you require to fix the issue.