Vulnerability scanner

Table of ContentsReport priorities HTML/JSON/Email report Email HTML JSON Text based/Log report Format Excludes/ignores Entire document root Specific fileMageStack has a built in vulnerability scanner, which performs a number of roles Detects common PHP exploits Detects Magento 3rd party module exploits Identifies potentially compromised files Identifies abnormal files Checks if all available Magento patches have … Continue reading

Limit/block bad bots

Table of ContentsRe-qualify bad bots Limiting crawl bots Crawl delay Server-side Blocking bad botsMageStack has native functionality to prioritise certain "good" bots (Google, Bing, Yahoo, Pingdom) and to reduce priority of "bad" third party bots (Majestic SEO, Rogerbot etc.), this is handled within the WAF itself, see DOS filter rules for more information. The default … Continue reading

Limit/block customer registration

Sometimes, your site may fall victim to country specific attacks or SPAM bots. Discretely preventing access to customer registration on your server for a specific country is very straightforward, with a simple edit to your domain's ___general/example.com.conf file. Eg. To block the country with country code aa set $bad_request "0"; if ($request_uri ~* ^/customer/account/(create(post)?|index|login)) { … Continue reading

Installing SSL Certificates

Table of ContentsPurchasing InstallingPurchasing If you require an SSL certificate, read this article. Installing If you have purchased an SSL certificate from Sonassi, we will take care of the installation on your behalf, from certificate signing to final installation and testing. If you are supplying your own certificate, we require the following in x509 non-passphrase … Continue reading

Reset File Permissions

Table of ContentsBasic permissions Advanced permissions Enable advanced permissions Disable advanced permissions Using hooks Examples Basic: Reset permissions for example.com Advanced: Reset permissions for all domains-groups/vhosts Using a post-completion script for WordPress UploadsMageStack provides extremely consistent file permissions across all services (SSH/FTP/Web) when used correctly. However, misuse/abuse of the root user or incorrectly manually set … Continue reading

Securing your Magento Store

Magento is a secure application out-of-the-box, but it should be supplemented by further measures to ensure it is as secure as possible. Below is a series of steps on securing/hardening your Magento store. Do not use the root account or distribute root credentials to developers Register with a security scan service (eg. Comodo HackerGuardian, McAfee … Continue reading

Firewall access rules

Table of ContentsWhitelisting Port forwardingMageStack has an exhaustive 3-tier firewall policy that provides superb security and protection for your stack and store. However, in some cases, it may be necessary to bypass some of these security measures for trusted hosts. There are two ways that hosts can be trusted to allow traffic to flow. These … Continue reading

Analysing DOS blocks by country

It can unfortunately be a common occurrence that certain countries are a source of DOS attacks or aggressive crawl bots. It is also possible that these countries do not form part of your target demographic, and as such, it isn't actually necessary that your website needs to be available there. Using the DOS filter logs, … Continue reading

Block by Country Code

Sometimes, your site may fall victim to country specific attacks or crawl bots. Blocking access to your server for a specific country is very straightforward, with a simple edit to your domain's ___general/example.com.conf file Eg. To block the country with country code aa if ($geoip_country_code ~* (aa)) { return 403; } You can use Perl … Continue reading

Securely installing WordPress

Table of ContentsSecuring WordPress (standard) By Subdomain By Subdirectory Securing WordPress (Fishpig) Further SecurityWordPress unfortunately can be a target or entry point for server compromise (given the large amount of untested plugins available). There are a number of different ways of using WordPress in conjunction with your Magento store, Subdomain (eg. blog.example.com) Subdirectory (eg. example.com/blog) … Continue reading