Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Daniel Fahlke
    @Flyingmana
    dont know about the current support in vagrant, but in earlier versions i needed vagrant up --provider docker to start a docker box
    Bryan "BJ" Hoffpauir
    @beejhuff
    Hmmm, interesting point. There was actually a thread over on the michellh/vagrant gitter yesterday about their docker integration…I think Mitchell was speaking at a DockerCon somewhere and answering questions from the audience and the gitter feed at the same time, heh.
    Daniel Fahlke
    @Flyingmana
    for my base vagrant boxes I use chef, because I tend to randomly use different OS versions, and chef has good support for this
    but I also use always a self compiled php in my boxes
    Bryan "BJ" Hoffpauir
    @beejhuff
    yeah I’ve spent a lot of time learning about it, though not much hands on yet. I’ve got a little bit of leeway there since we have very standardized production and dev enviornments based on exact duplicate AMI’s from the AWS marketplace. We’re getting closer to really needing it though as we launch more and more production workloads into aWS
    I noticed that in the earlier posts here - is that a performance / security thing or do you just like having complete control?
    Daniel Fahlke
    @Flyingmana
    I like to use most recent php versions
    Bryan "BJ" Hoffpauir
    @beejhuff
    gotcha. Have you done any work on Zend Server yet? They have been showing us some interesting things on their php7 beta that are pretty neat…at least to view as a demo, I wouldn’t want to run that in production right now, but the performance improvements were pretty impressiive…I didn’t expect to see such a huge improvement against HHVM….of course it was a Vendor demo so that’s not how it’s going to be in the real world but still...
    Daniel Fahlke
    @Flyingmana
    also I heard some bad things about package maintainers at debian or custom package providers. Seems they caused some problems with php in the past, and as I tend to hit edgecases, I want to make sure its because of php and not of the packaging
    Bryan "BJ" Hoffpauir
    @beejhuff
    lol, just your luck, right? I used to be Mr. Average before I got into Magento….I seem to be the king of edge cases on every deployment I’ve done in the last couple of years
    Keeps it interesting and me on my toes, I guess, lol
    Daniel Fahlke
    @Flyingmana
    php7 in general seems to have a lot of performance improvements, I think they will be good in competing HHVM, but as they did a lot of changes on memory level, I expect a lot new security problems during the first year
    and also some more segfaulting^^
    Bryan "BJ" Hoffpauir
    @beejhuff
    HAHA
    Yeah, lots of segfaulting
    It’s kind of interesting hou mention that because with all the security stuff going on with Magento & WordPress lately, it’s seemed like every call I do with them each week has focused on security in some way and partly on php7
    I’m sure the fact that we’ve been working on remediating 5 clients who weren’t keeping patches up to date and got hacked over the last month had something to do with that
    Have you done any Shoplift / RCE remediation work in the last month or two yourself?
    Daniel Fahlke
    @Flyingmana
    no, patched the merchant I work at very fast :)
    but found one more custom admin url leak (which I dont care about, as it is no real security, only obscurity)
    anyway, is reported and should get fixed on the next patch release
    the security I meant with php7 is a level deeper, it only matters if the attacker already got to RCE, and makes it possible to break out from php to system level. But actually I think that is not a real problem for most hosting anymore
    will get interesting what the maintainers of Suhosin find regarding this :D
    Bryan "BJ" Hoffpauir
    @beejhuff
    for the most part I’d agree…one of the ones that was a headach was that some of the new marketing hires at one client had been mussing about with file permissions on their own to install plugins so they wound up opening up the filesystem permissions (and not having the plugins in the repo, but that’s a whole other issue) and the attackers were able to do exaclty what you said - escalate up therough the file system to hide the compromised files in other vhost configs they had
    this stuff always seems to happen with me with people who host on their own systems instead of managed hosting…lol, i guess that is the nature of the beast…kept us billing for 5 weeks straight but would have preferred to have these few more like the other 20 or so we patched automatically and had behind a WAF blocking the attack signatures anyway
    Bryan "BJ" Hoffpauir
    @beejhuff
    Daniel, I’m actually puttig together a project tonight with a partner abroad to document all the different combinations of penetration techniques & exploits (each one of the 5 was slightly different on both entry and on exploit technique a few were different than anything we’d seen online). I was going to ask you to check it out if you’d done any remediation work to see how it compares to what you’ve seen yourself, but I don’t want to bother you if you hadn’t had much exposure. I posted a note on Mage Hero as well and reached out Kalen for a suggesion or two…do you know of anyone who’s done much remediation? I found a few people on the MAgento stack exchange that I’ve reached out to but no response yet...
    We’re including both scan and code that will remediate the attacked site based on all of the signatures we’ve found ourselfves, bit O’m trying to get some more peoplle in the community to share their observations beacuse so far we haven’t seen any two that were exactlu alike
    Daniel Fahlke
    @Flyingmana
    hmm, security/attack related I know https://twitter.com/b_ike as someone with a lot of knowledge and experience
    Bryan "BJ" Hoffpauir
    @beejhuff
    With 60k unpatched systems, we’re hoping that a tool that automatically scans and remediates after installig the patch will help manu that are probably already compromised
    Daniel Fahlke
    @Flyingmana
    I only have theoretical knowledge, and would recommend not to trust my word for bigger relevant systems^^
    Bryan "BJ" Hoffpauir
    @beejhuff
    that’s great - I hadn’t reached out to them. I did find Tanel Raja on twitter and stack exchange
    lol
    Daniel Fahlke
    @Flyingmana
    I think Bastian works at AOE, so iam sure you can book some of his time :D
    Bryan "BJ" Hoffpauir
    @beejhuff
    I was in the exact same boat 5 weeks ago. Let’s just say I know a LOT more about this topic than I expected to…
    Daniel Fahlke
    @Flyingmana
    and I think the people from sanossi hosting also know a lot about this stuff, but i dont know what they are willing to share
    Bryan "BJ" Hoffpauir
    @beejhuff
    Thanks for the suggestion - we’re actually done with all the client work - we’re just relasing the research and a tool as OSS to the community to help provide automated cleanups of compromised systems…we didn’t realize that patch doens’t do anything if you have already been totally compromised or just partially attacked….the more signatures we can get others in the community to share, the more liekly the automated tool will be to clean up all of the pieces of the attacks that were attempted. I’ll defitely reach out to Bastian as we are using some AOE plugins in the solutions
    yeah I think our best bet will probably be to release everything we have via github to show what our intentions are and then let the rest of the community share waht they feel comfortable
    Daniel Fahlke
    @Flyingmana
    ping me when you did release it :) and crosspost to the magento reddit
    Bryan "BJ" Hoffpauir
    @beejhuff
    it’s kind of awkward with this kind of stuff, because you don’t want o share every detail like even all code samples publiclly because that can be used by attackers to atack more site
    but then again you don’t want to make it a black box or not explain stuff either…ok sweet, will do!
    I’m going to grab some breakfast…I don’t have the energy I did when I was a teenage hacker working all night on Mountain Dew and candy….I’m pushing…well lets just say i’m older now…. and need some protein
    hehehe
    thanks for your thoughts and input, appreciate the feedback :+1:
    Daniel Fahlke
    @Flyingmana
    your welcome
    Daniel Fahlke
    @Flyingmana
    @razbakov it seems Firegento does not qualify to get listed on mageres aleron75/mageres#7
    Bryan "BJ" Hoffpauir
    @beejhuff
    Heh, maybe they qualify but are so unique that Alessandro doesn't know where to place them!
    Daniel Fahlke
    @Flyingmana
    was to fast, I think he understands now why it makes sense^^
    Aleksey Razbakov
    @razbakov
    :+1:
    fmeghouc
    @fmeghouc
    hello
    Aleksey Razbakov
    @razbakov
    hello