Identifying and blocking “Bad” Magento traffic

There’s a number of common attacks on Magento stores; that can range from aggressive crawlers/bots, to XSS attacks, to severe SQL/compromise attacks. There are two approaches to dealing with attacks of this nature, Automated – Through the use of a WAF Manual – By traversing log files for patterns and blocking said patterns/sources as necessary Below is a list of common attacks and how to identify them by reviewing your log files. This list is by no means definitive, but a good starting point into investigating and understanding who is trying to access your Magento store. In almost all cases, a proper WAF (web application firewall) is a suitable first line of defense, whereas the suggestions made below are geared towards those without a WAF (or expertise to implement one). MageStack comes as standard with a 3-tier firewall, including a stateless edge firewall, a IPS/IDS L3 firewall and an intelligent … Continue reading

Correcting incorrect timestamp after server migration

An issue we (admittedly infrequently) come across when moving Magento stores from one server to another, is when the previous server’s time was incorrect – causing all historical order data to be incorrect on MySQL import. More often than not, we see stores migrated from US West (-7:00) show orders that are in the future after migration; because of discrepancies on the MySQL server locale, the Magento locale and the Web server locale. There are two opportunities to fix this, either prior to taking the DB dump (or prior to import) – or once the DB has been imported. After DB Import This can be relatively easily remedied by performing a post-side migration correction on the order tables, specifically `sales_flat_order` and `sales_flat_order_grid`. We only change these two tables because they are the most sensitive to date/time changes. UPDATE sales_flat_order SET created_at = ADDTIME(created_at , ‘-07:00:00′), updated_at = ADDTIME(updated_at , ‘-07:00:00′); … Continue reading

Its that time of year again, we’re closed for Christmas

Another year has passed and we’ll soon be saying the end to 2014 and hello to 2015 – but you’ll have to do it without our development team, well, at least until we re-open on January 5th 2015. Our Manchester office (the development team) will be shut from 23rd December 2014 until 5th January 2015. Development team members will still be checking their respective and common email inbox’s – but only on a semi-regular basis, hosting support will continue to be provided 24/7 via theclientarea.info. The team here at Sonassi wants to thank all our customers for making our 2014 so brilliant – and we look forward to continuing to be the best Magento provider in the UK during the years to come. Have a very Merry Christmas and a Happy New Year.

How much does server location really matter

A bit of background Sonassi is a Magento hosting provider, that specialises wholly in high performance Magento hosting using the highly regarded MageStack Operating System. We have Magento developers and Magento consultants on staff to support hosting customers; we eat, sleep and breath Magento. Server location does matter … or does it? I fear I may have got carried away with this email #sales #sarcasm pic.twitter.com/Wmju11qLIZ — Ben Lessani @sonassi (@sonassi) December 4, 2014 A question that we are (extremely) often asked is whether we have servers installed in [country X]. More often than not, the question is posed from US merchants, looking to use our hosting services (as of writing this article, the majority of our infrastructure is in the UK). So I find myself in a situation where I’ve got two challenges to overcome, To educate the customer on the technical relevance (and irrelevance) of location To change … Continue reading

Fix for “No search results” after CLI reindex on Magento Enterprise (SOLR)

Edit shell/abstract.php and add Mage::app()->addEventArea(‘adminhtml’); public function __construct() { if ($this->_includeMage) { require_once $this->_getRootPath() . ‘app’ . DIRECTORY_SEPARATOR . ‘Mage.php'; Mage::app($this->_appCode, $this->_appType); + Mage::app()->addEventArea(‘adminhtml’); } $this->_applyPhpVariables(); $this->_parseArgs(); $this->_construct(); $this->_validate(); $this->_showHelp(); }