How to delete spam customer accounts in Magento2

Summary Over the last few years, we’ve noticed an increase in the complexity of spam bots signing up to Magento 2 stores. They used to just spam customer accounts using the same email/email domain likely on ending in .qq.com .ru etc. So it used to be easy to just bulk delete based on the TLD especially for sites that do no ship to China / Russia etc. Whereas the last few years I’m observing them using standard mail providers such as gmail....

May 24, 2024 · 3 min · 598 words · Me

How to install & configure PHP SPX in Warden for Magento 2

PHP-SPX is an free and open source profiling alternative to Blackfire/Tideways etc. The main benefits imo are, its free to use and how simple it is to setup < 60s There is an open discussion within Warden, to install the PHP-SPX profiler into warden core. https://github.com/orgs/wardenenv/discussions/719 In the meantime while we wait for the PR to merge, I’ve created the following shell script to bootstraps the PHP-SPX installation & configuration for the current warden project....

May 23, 2024 · 3 min · 505 words · Me

Analyzing a real Magento 2 Stripe CC Scraper Malware Sample

Overview Recently I came across a Magento 2.3.4 store with a stripe specific credit card scraper embedded into the checkout page. The Malware had been injected into the core_config_data table, and was being saved against the shipping/shipping_policy/shipping_policy_content key. The updated_at time of the entry was 2024-04-10 13:27:32 although its worth noting, whilst this may be the time of the initial infection. Since the original entry point has not been patched, an attacker could have simply changed the payload on that date....

May 20, 2024 · 2 min · 421 words · Me

How to effectively scan Magento 2 Instances for Malware with Sansec

It is very important whilst running a Magento 2 store, to perform regular malware scans. Although, it seems that most stores decide not to which is alarming. The current gold standard for scanning Magento 2 stores is Ecomscan by Sansec.io. They provide one of, if not the best, Magento specific scanning tools. You can trigger one off scans very easily from the server CLI by running the following command and following the prompts....

May 18, 2024 · 2 min · 309 words · Me

Magento 2 - Configuring Nginx Rate Limiting

Configuring Nginx rate limiting for Magento is both simple to get started, but complex to find the right balance. It is a great way to combat malicious traffic from web scrapers/crawlers, and less respectful 3rd party integrations. The default nginx status code for the limit is 503, it is important to change this to HTTP 429 Too Many Requests. HTTP 429 is the standard rate limiting code, and should prevent any negative indexing results with search engines, and as a bonus any bots should slow their crawl rate (if they respect the response code)....

April 3, 2024 · 3 min · 472 words · Me

Local Wordpress Bedrock Development using Warden

The last few years i recently migrated to using Roots Bedrock to bootstrap new wordpress developments. It provides a host of extra features that makes wordpress half decent to work with, such as Composer support, ENV variables, ENV specific config, better directory structure etc. I suggest checking it out if you haven’t already. Anyway, since I mostly focus on Magento development. My goto local dev environment is Warden which does support standard Wordpress out the box, along with a few other PHP frameworks....

March 26, 2024 · 2 min · 254 words · Me

Quick Start Guide To Self Hosting Sentry.io

Frontend monitoring is a crucial part of running online ecommerce stores. Although in a Agency context, a lot of the SaaS options can get expensive quickly especially for smaller merchants. By self hosting Sentry, we can elevate a lot of this cost. We are using Hetzner as our host, due to the low cost and high specs of some machines in their server Auction. The machine specs in particular are: 14C/20T 2....

January 6, 2024 · 2 min · 248 words · Me

OpenVPN Split Routing

When setting up a VPN you have the option to either route all traffic through, or only route specific traffic through it. Some of the benefits with split routing within a development team context are: Increased privacy Reduced VPN load, allowing more connections / less allocated resources Access to both local & VPN network resources while connected Server Configuration Within your main server configuration file server.conf remove the line that looks like the following if it exists...

November 16, 2020 · 1 min · 175 words · Me

OpenVPN Quick Installation

You can simplify OpenVPN installation by using the OpenVPN installation script by NYR https://github.com/Nyr/openvpn-install On your target installation server, run the following to download and execute the script into your home directory. wget https://github.com/Nyr/openvpn-install/raw/master/openvpn-install.sh -O ~/openvpn-install.sh bash ~/openvpn-install.sh Default options you can choose are: UDP Protocol Port 1194 DNS Server 1.1.1.1 After the installer runs, you can now connect to the VPN, and you can rerun the script to add/remove clients or uninstall OpenVPN....

November 13, 2020 · 1 min · 74 words · Me