Author: dx3
-
MAGESTORE LOCATOR EXTENSION: CRITICAL VULNERABILITY
The Magestore Locator extension version 1.0.2 (and earlier versions) that could result in unauthorised access to sensitive information. Magento has urged customers running Magestore Locator extension to disable it or block requests and request/implement an update from the extension developer. Magento has had reports that the extension has been exploited. In particular users should have their […]
-
POST-PURCHASE: DELIVERY
Post-Purchase: an undervalued opportunity? Your customer has hit that buy button and your job has only just started. Communication When managing and growing an eCommerce store, providing delivery choices and keeping your customers up-to-date during the process can lead to a better relationship and return business. As we know, acknowledging an order and providing a tracking […]
-
AUTHORIZE.NET DIRECT POST ENDING SUPPORT FOR MD5 BASED HASH.
Authorize.Net: support ending for MD5 Authorize.net will stop supporting MD5 based hash usage on March 14. Magento implements the Authorize.Net Direct Post payment method, using Authorize.Net’s AIM (Advanced Integration Method) and DPM (Direct Post method) APIs, which use MD5 based hash. Authorize.Net will stop supporting MD5 based hash tag on March 14. This issue affects all Magento […]
-
MAGENTO 2.3: ELASTICSEARCH SUPPORT INCLUDED
Hidden in the release notes of Magento 2.3, under Other Improvments we find: “Elasticsearch support for Magento Open Source version. Elasticsearch support was previously provided in Magento Commerce only.” So what does this mean? It translates to, anyone with a dedicated or VPS (cloud) server can request Dx3Webs to install Elasticsearch. What is Elasticsearch It […]
-
SPAM USERS: HOW TO PREVENT SIGN-UPS
Magento stores have witnessed an increase in SPAM user registrations. Originating from multiple IP addresses these attacks can easily overwhelm a small Magento store even when paired with a WAF. There are additional defences against such attacks that can be quickly and easily implemented. Block IPs This can be a short time fix. However, these […]
-
PHP 5.6 IS DEAD: LONG LIVE THE KING (PHP 7.2)
PHP 5.6 extended support has now officially ended (as converedd previously) and it will no longer be receiving updates nor security patches. As the last version of PHP5, PHP5.6 has been the longest supported version to date with active support starting in January 2015. All is not lost as we PHP 7.2 is ready to […]
-
ECOMMERCE SALES: VIDEO MARKETING
Magento Video Marketing in eCommerce sales. Buying online has one disadvantage compared to a visit to your local high street, the inability to examine the product you are looking at and see how it works. Static images, even high resolution ones, can only show so much. This is where video marketing can be a great […]
-
THIRD PARTY EXTENSIONS VULNERABILITIES: PLUS SOLUTION.
How secure are your 3rd party Magento extensions? Third party extensions are increasingly targeted in attempts to hack your store where many attacks have shifted focus to 3rd party components. Magento continues to be a target for payment skimmers. In 2015 attackers used the “Shoplift” vulnerability in the core Magento code base. An upgrade in […]
-
TENS OF THOUSANDS OF MAGENTO SITES AT RISK
Researchers at Foregenix analysed more than 170,000 Magento eCommerce sites and found that of those using Magento 1 some 90% are at a ‘heightened’ risk with 30% of Magento 2 sites at an ‘elevated risk’. The heightened risk rate includes sites that have not been patched with recent updates with some missing patches released nearly […]
-
THIRD PARTY ONLINE SCANS
There are a number of useful and free third party website scanners available which can be a great addition to your tool box. Here we will look at three offerings from Foregenix, Sucuri and SSL Labs. Foregenix Founded in 2009 consisting of a team specialising in digital forensics the company developed extensively into compliance and […]
