Blog
The Case of the Vanishing uRapidFlow License Key
Published: June 14, 2018
Recently, I received an email from a client that read something like this…
Subject: URGENT: Feeds not running
Feeds did not run this morning. Pricing is wrong on the website.
HELP!!!!
The website was using a uRapidFlow profile that was run on a cron to regularly import product pricing. Navigating to the profile in the Magento admin panel I got the following error…
Error message: Module record not found: Unirgy_RapidFlow
Here, I’ll document my findings…
Luhn Validation From the Command Line
Published: June 12, 2018
Today I received an alert that a credit card scanning tool had detected data that looked like a credit card number (PAN) on the file system of a client’s server.
Reviewing the details I found that the tool was reporting it had found what appeared to be a credit card number in an image file on the server. This gave me quite the scare as I knew that there’s a common strain of malware for Magento (the platform this site was running) which steals credit card numbers and stores them in images files to be harvested by the attacker.
The tool was reporting the credit card number started with “304428”. I was able to find the match in the reported file using exiftool…
$ exiftool -m 00080878182947_2.jpg | grep -o '.\{20\}304428.\{20\}'
8cca4b4231, xmp.did:304428740720681188C6DBD8EA
xmp.did:? I wasn’t sure what this was, but from some quick research I learned that it was metadata added for Adobe’s Extensible Metadata Platform (“XMP”).
As a quick check I did want to see if the number passed Luhn validation. I didn’t want to copy / paste the data into an online tool for obvious reasons, so I decided to do some further research on how to run Luhn validation from the command line. Here I’ll document my findings.
Simulating an Elasticsearch Timeout
Published: May 31, 2018
Recently I submitted a contribution to the Magento 2 project to terminate requests to Elasticsearch if they exceed the configured “timeout” setting. This was done in response to a production issue experienced on a client’s site where Elasticsearch slowdowns (due to a misconfigured maximum heap size) would take an entire website down.
Basically, what was happening is that the PHP processes that were waiting for Elasticsearch responses would continue to build up until the server resources were exhausted. This would block workflows on the site that didn’t require Elasticsearch such as placing orders, wishlist / shopping cart management or administrative workflows.
In order to test this feature out, I wanted to simulate an Elasticsearch timeout. Turns out this is a lot harder than one would think. Here I’ll document my findings…
Magento 2 Slow Admin Login
Published: May 21, 2018
Recently at Something Digital we upgraded a client’s site to version 2.1.12. Shortly thereafter, we received a report that logging in to the admin panel was taking significantly longer than usual.
Looking in New Relic we could see that the vast majority of the time was being spent reading the session from Redis.
Working with MySQL Binary Logs
Published: May 19, 2018
Binary Logs are a useful feature in MySQL. Mainly intended for master / slave replication setups and point-in-time recovery they contain records of all changes to the MySQL database, including schema alterations and table creations, but also INSERT, UPDATE and DELETE statements. This makes them extremely useful in offering system audit-ability to do things like forensic analysis in the case of a security breach or answer questions like “why does this product keep getting disabled on my website?”.
This post answers some common questions you might have while working with them…
Lessons Learned During a Recent Magento 2 Deploy
Published: May 17, 2018
I had an interesting Magento 2 deployment experience recently. I learned quite a few things in the process, and wanted to share them here.