Web Development Archives - ACTIVO

Keep Magento Secure with these 12 Tips

12 No-Brainer Security Tips for Running a Secure Magento Server

Posted by | Magento, Web Development | No Comments

Recently we have been getting a flood of calls from distressed Magento store owners with compromised servers. As a result we compiled a comprehensive list of security tips on running a secure Magento environment. Some tips are basic but still it is worth mentioning it here sine I have seen so many cases were the basics are not covered properly. Like any other eCommerce application residing on a web server, Magento needs to be secured and one will be surprised how often these basics mistakes are done on live production servers.

Read More
PHP 5.4 and APC producing Segmentation faults

PHP 5.4 and APC causing Segmentation fault with Magento

Posted by | Magento, Web Development, Website Speed | No Comments

At the moment, December 2013, there seems to be a stability issue with PHP latest versions and APC (Alternative PHP Caching) module under Magento. Once you run latest PHP 5.4 with latest APC module and let Magento run or an hour a bunch of errors show up in the apache log files. There seems to be more impact on the checkout process and several admin operations but so far it has been extremely random so we were not able to pinpoint exactly the specific use cases that trigger these errors.

The errors reported in the logs are pretty consistent and show:

The PHP community seems to be eager to try and resolve these issues and get APC to a stable status but it has been taking for far too long. In fact, it seems that Zend have started developing their own OPCache module that may be shipped with PHP beginning with version 5.5. Here is a short article describing how to use the new OPCache module.

But before we go and rush to install an unstable version of PHP and a beta version of OPCache, we confirmed that reverting to an earlier stable release of PHP and APC will work just fine and produce great performance results for Magento: stick to the latest stable PHP 5.3.x and APC version 3.1.9 and you will be safe.

I hope this saves someone some stressful moments.

using-mod_geoip-in-server-security

Using mod_geoip to Improve Server Security and Fight Hackers

Posted by | Web Development | No Comments

One of our eCommerce client’s recently had an unpleasant experience with hackers. The hacker was trying to plant some code that will send customer’s Credit Card information to a remote server in Russia. Luckily we have detected & fixed the issue within a day of the attack and our client’s servers are now secure. However, we now went on to taking further steps and restrict our eCommerce front even further for any country that we do not ship or wish to ship to directly.

Together with our client, we went over analytics and reviewed all online eCommerce business done globally and identified that the we only wish to show our eCommerce platform to 3 countries: US, CA, and UK. Anyone coming from a different country do not need to see our eCommerce site. So we drafted a nice little international contact form based on the onepager responsive theme from egrappler.com and made use of the cool mod_geoip Apache module which can be installed via the EPEL repository. Here is how we configured it:

These lines are added to httpd.conf in a general area (outside of any <Directory> or <VirtualHost> sections:

Then right bellow it I have the <VirtualHost> setup, so we need to add RewriteEngine on and RewriteOptions inherit to any virtual host we want the above redirect enforced, in our case is all of them, see below:

That does it, any traffic coming from anywhere in the world (or space) that is not coming from the USA, Canada, or United Kingdom will now be redirected to our international contact form which resides under the /int/ subfolder of our main site.

TIP: One of the best resources I have found for installing and setting up mod_geoip is by maxmind.

Magento Admin Tip: Run mysqldump Without Locking Tables

Posted by | Magento, Web Development | No Comments

Hey all Magento administrators or developers out there, just a short tip here on how to avoid locking tables when you perform a full mysqldump on a live server. This does not apply for any shared hosting, but only the more advanced dedicated hosting (VPS/cloud or not). When you perform a mysqldump on a live environment, the default behaviour is to lock the entire set of tables until the dump is complete, even if it takes 1 minute or less, it means that during that minute, users will not be able to checkout, or admins may not be able to perform any transactions in the back end.

Read More

Magento Extensions Here We Come…

Posted by | Magento, Web Development | One Comment

I’m excited to announce a new division of Activo was recently born: Magento Extensions. This new division will focus on the various magento extensions which we have working on in the past 3 years. Essentially, every single piece of code that we have developed or delivered to our clients was written properly by extending Magento via their extensions mechanism. Some (not all) of these functionalists were developed further to easily integrate with other websites and hence allow a wide variety of online merchants to enjoy these advanced features.

Read More

File Name Case Sensitivity and SVN

Posted by | Magento, Web Development | 2 Comments

Last week I tried to add the media folder of a large catalog Magento website. Initially everything worked well, however eventually I started having severe issues on my local development environment. The issue is largely related to the File Name Case Sensitivity within SVN and how file names behave differently between Linux and Windows. I am just sharing my observation and I do not have a complete answer to this issue as of yet, maybe you can help here…

Read More