Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jul 26 2017 06:06
    beejhuff labeled #1
  • Jul 26 2017 06:06
    beejhuff assigned #1
  • Jul 26 2017 06:05

    beejhuff on master

    add contributing.json file (htt… Merge pull request #1 from gitm… (compare)

  • Jul 26 2017 06:05
    beejhuff closed #1
  • May 16 2016 12:21
    gitmagic-bot opened #1
  • Aug 19 2015 00:16

    beejhuff on master

    Fixed typo in licensing footer … (compare)

  • Aug 19 2015 00:16

    beejhuff on master

    Updated to reflect 08/04/2015 s… (compare)

  • Jul 27 2015 12:36

    beejhuff on 0.0.2

    (compare)

  • Jul 27 2015 12:33

    beejhuff on 0.0.2

    (compare)

  • Jul 27 2015 12:28

    beejhuff on master

    Merge pull request #2 from beej… Merge branch 'master' into deve… Updated gitignore to exclude su… and 15 more (compare)

  • Jul 27 2015 12:28

    beejhuff on 0.0.1

    (compare)

  • Jul 27 2015 12:24

    beejhuff on develop

    Merge pull request #3 from beej… Merge pull request #3 from beej… Added new github.io site page l… and 17 more (compare)

  • Jul 27 2015 12:24
    beejhuff closed #5
  • Jul 27 2015 12:23
    beejhuff opened #5
  • Jul 27 2015 11:34
    beejhuff labeled #4
  • Jul 27 2015 11:34
    beejhuff labeled #4
  • Jul 27 2015 11:33
    beejhuff commented #4
  • Jul 27 2015 11:33
    beejhuff unassigned #4
  • Jul 27 2015 11:33
    beejhuff assigned #4
  • Jul 27 2015 11:31
    beejhuff assigned #4
Bryan "BJ" Hoffpauir
@beejhuff
On a side note, I was working with some of our partner exec’s over at Zend who do their demo / instructional videos on their YouTube channel - turns out they’re starting a podcast themselves and wanted me to reach out to you & @philwinkle since at least a few of them are Mage Talk fans too!
I think they want to discuss bringing you guys into one of their first few podcasts to provide a Mage-centered perspective on a few php topics they are hoping to cover
kalenjordan
@kalenjordan
oh cool!
Bryan "BJ" Hoffpauir
@beejhuff
I thought so too! Are you still taking scheduled calls on Wednesdays? I can schedule something to follow up on whatever I can send over via email after I do my weekly meeting with the Business Dev Director Amy Anderson & their cloud VP @ziniman I spoke with Daniel Berman who manages their YouTube channel and he’s helping Amy with this...
he’s in London though so won’t be available until Thursday…I guess they may want to do a video podcast given his video background, but I’ll know more tomorrow
I’ll dig through my emails and set something up using the url you sent me last time we touched base
kalenjordan
@kalenjordan
@beejhuff maybe you can email me and Phil about it - I try to keep magetalk stuff limited to a few time blocks throughout the week so that it doesn't take over too much of my waking hours :)
Bryan "BJ" Hoffpauir
@beejhuff
understood, sir!
I have too few of thos myself, I’ll shot you an email, I have yours but just @philwinkle ’s twitter i think
so you can forward along
kalenjordan
@kalenjordan
okay cool ya if you email me I'll loop him in
I'm not sure if this chat is private or not?
no looks like it definitely isn't :)
James Anelay
@JamesAnelay
Hey @beejhuff. To be honest i’ve not used much of their stuff (other than ZF via Magento). The Z-Ray fork was bug fixing and looking to extend, but I don’t use it anymore because $$$.
Bryan "BJ" Hoffpauir
@beejhuff
@kalenjordan no definitely not :) We can open private chats, though I’m not that much of an expert on gitter. We use HipChat internally (and BitBucket) but we’re moving our public work over to github “cause that’s where all the action is.” I’ll hit you back via email after I wrap up my call with Zend here in a bit.
Bryan "BJ" Hoffpauir
@beejhuff
@JamesAnelay looks like we have a bit in common there. We only really got into Zend last year when they released support for the AWS smaller instance tiers. I started noodling around a bit using the t1.mircro’s for $36 US a month…happened to run into a couple of client issues where Z-Ray wound up saving me hours of debugging time...
We had a couple of customers who asked us to look at the performance of Zend Server vs. full open source stack and the numbers shocked us…wound up rebuilding our hosting platform using Zend on AWS. If I hadn’t been playing around with the cheap monthly instance I probably wouldn’t have considered it all. The product’s great but I think they could use some better marketing to communicate the value, though that probably describes all tech marketing, lol
We’re in their Partner Program and they’ve been really supportive of our efforts to focus on security issues in Magento so you’ll be seeing some of their team members start participating here soon.
James Anelay
@JamesAnelay

Yeah when I was playing with it I could definatly see the benefit, especially with for example slow queries right in front of you as they happen and it did help me pickup one slow query issue in my code, that in particular was nice. But as a freelancer/contractor doing less and less client work and more extension work I don’t think it’s worth it.

Z-Ray as a pure php extension that I could plug into my default php I would love - I think it’s possible but sadly don’t have much experience writing php extensions.

Bryan "BJ" Hoffpauir
@beejhuff
Good point re: extension vs. Client work...
lbetineli
@lbetineli
Hello guys! I'm from Brazil and I have my store hacked. Now I'm searching for everything to improve the security of it and if I can help here, it'll be a pleasure.
Hi guys. I'm from Brazil and if I can help here, it will be a pleasure.
Bryan "BJ" Hoffpauir
@beejhuff
Happy to try and help anyway we can, Ibetineli..
Edudemy Digital Team Customer Support
@edudemy

Firstly, Identify which of these common issues your hack classifies into

Common issues in Magento
• A1 – Injection
• A3 – Cross-Site Scripting (XSS)
• A8 – Cross-Site Request Forgery (CSRF) • A5 – Security Misconfiguration
• 3rd party integrations

lbetineli
@lbetineli
I don't know if you are talking to me but I identified:
  • New Admin Users
  • New files
  • Script inserted into header
I started breaking down each file or disovered outcome (like an admin user being created) and tagging each with an ID: Signature 1, Signaure 2, etc...
We’ve saved the suorce file where we could so we can further refine thos by specifying which Type of attack each represented and which associated patch was issued i response.
Edudemy Digital Team Customer Support
@edudemy
@lbetineli Apply patch SUPEE-5344 from https://www.magentocommerce.com/download
danielc1234
@danielc1234
Hi all, it has come to my attention that one of our magento sites has definitely been hacked. I had applied all the security patches a while back, but it is still being compromised. I am not super technical but need some help. What do I do first?
I had seen in the admin, that someone created a bunch of dummy accounts, I also checked the files that typically were supposed to be changed, but didn't see anything.
we are using Mage-World.com one page checkout extension. So not sure if that has something to do with it.
We also have a strong firewall on our server, so not sure how they are getting to the files, etc.
Bryan "BJ" Hoffpauir
@beejhuff
daniel, sorry this has taken a while to respond to - but FIRST - go download the SUPEE-6237 that was just released an hour or so ago and apply it to your system toi help prevent further compromises
Then, review this document which provides a list of the signatures for the last two vulnerabilities and follow the instructions on how to locate the files that might be compromised and restore them back to your original copies in your git / mercurial / svn repositiories, or if you don’t have those a backup or even the original files available for that verison from the Magento site.
sorry i had a type earlier - the patch is SUPEE-6285
danielc1234
@danielc1234
@beejhuff, thanks for the info. I had already applied the patch and looked over the documents listing the signatures and followed all the steps. Hopefully this will resolve our issue. I'll keep you posted... Thanks again.
Bryan "BJ" Hoffpauir
@beejhuff
Exciting news v0.0.1 (alpha) released today and v0.0.2 with first tested magerun add-ons will be released tomorrow!
danielc1234
@danielc1234
Hey guys, I have run all the updated patches and our site is still being hacked. A customer told me that we even had a popup on our checkout page asking for their PIN number. I need help!!! What can I do?
Giulio De Donato
@liuggio
Hi all my website has been defaced but I'm using the latest version it redirect to http://zc.qq.com/
only the cache files are modified
I don't know what to do there's no ftp or ssh with passwod access is only private/public
anyone knows how to do it?
Giulio De Donato
@liuggio
@channel help needed
Bryan "BJ" Hoffpauir
@beejhuff
@liuggio @danielc1234 Liuggio / Daniel - if you're still seeking assistance, message me at beejhuff@gmail.com and I'll block out a window to discuss your issues in detail and send over web conference details. I recently left Comit but am still working on this project and contributing however I can assist
grangewebdesign
@grangewebdesign

Hi I see similar problems here to what I am seeing I have two your patience is appreciated

  1. I keep getting the maintenance.flag being applied to the site
  2. I had about 20 users on site that I didn't add now deleted
  3. My developer upgraded the site and all the orders afer mid Oct are now gone

Any ideas - willing to pay for help if needs !

Bryan "BJ" Hoffpauir
@beejhuff
@grangewebdesign We're happy to help! Email me at beejhuff@gmail.com and I'll follow up to setup a time to discuss your current challenges via a WebEx.
yspatel
@yspatel
Hi
is there anybody can help magento security?
Bryan "BJ" Hoffpauir
@beejhuff
@yspatel How can I help?