Changelog - Hypernode

Release 1736: Memory management enhancements and magmi importer security

Access to magmi is now blocked by default to protect shop owners from exposing an unsecured magmi installation to the world. Further improvements to memory management have been made, ensuring even greater stability in the event of an out-of-memory situation.

Release 1720: Automatically install Magento, added Composer and other updates

Automatically install Magento on new Hypernodes Composer has been made available due to popular request Updated n98-magerun to 1.97.4 Updated the ionCube Loader to v5.0.15 Increased stability in memory management

Release 1441: Rate-limiter tuned to solve issue with Sphinx, lftp secure ftp client

In some configurations Sphinx failed to respond to requests from the Magento admin panel, this is now resolved. Additionally, by request lftp has now been made available on the Hypernodes.

Release 1378: Fix memory issues, better Shoplift protection

Stability release: It was discovered that the php.ini memory_limit wasn’t enforced for PHP-FPM which would crash a node in extreme circumstances. Now a large but sane limit is enforced (256M for Start, 512M for all other Hypernodes). The filter that we installed to counter the immediate threat of Shoplift exploitation turned out to block a…

Release 1364: Better memory management for Start plans

This is primarily a stability release with the following tweaks: Better memory management for Hypernode Start plans. Fix bug with SSL file verification Automatic cleanup old incident files (2 months+) Better handling of full disks

Release 1326: CVE-2015-3428 mitigation

This release implements a filter that prevents SQL injection attacks made possible by a security flaw in aheadWorks Blog.

Release 1294: inode monitoring

We’ve had quite a few cases recently where nodes became unresponsive due to the runaway creation of PHP sessions on the disk. In practice, a storage filesystem has two limits: size in bytes, and number of files (inodes). With this release, we actively monitor on the percentage of available inodes. Reaching the limit is an…

Release 1283: New n98-magerun, php in skin dir

We have updated n98-magerun to version 1.95, which is the latest. Also, we fixed an issue with some themes that place PHP files in the skin or js directory. The themes use these to dynamically generate CSS or JS and will now be properly executed. Lastly, we improved the way we automatically filter shoplift attacks.

Release 1209: SUPEE 5344 mitigation, Pip, Ruby, Sphinx

We have added filter rules to mitigate the Magento SUPEE 5344 attack for most cases. Be advised, if you haven’t patched your Magento installation yet, we strongly advise you to do this. Also in this release: Added the Python “pip” package manager on all nodes; Added the Ruby executable on all nodes; Added support for the Sphinx…

Release 1133: More Magento brute force protection

After witnessing large scale brute force attacks at /downloader/ URLs (Magento Connect interface), we have extended our brute force filter. This will save resources and minimize the risk of hackers actually finding your password! Subjects are temporarily (2h) banned after trying 10 POSTs.

Release 1120: Query cache, CLI tools, Cache flush preparation

We have further tuned the query cache parameters for the Percona database server. This gives a few percent performance gain on most shops. Hypernode CLI tools are improved: you can now use, for example, tail -f /var/log/nginx/access.log | parse-nginx-log –php to see a live stream of PHP requests. Head to our knowledgebase for some more…

Release 1073: Image optimizer, Subversion, HHVM restart

Quickly save 30% of Magento disk usage and loading speed for your visitors: this release introduces the hypernode-image-optimizer. Also Subversion is now installed (as requested by 42Functions) and HHVM does a conditional nightly restart to counter memory leaks.

Release 1003: Enable local staging environment (beta)

This release enables a BETA feature: run a staging environment on a different port. This way, you can quickly make a copy of a production shop to analyse a specific bug. Or publish your pending release, so that your customer can try it out. We invite early adopters to test it and let us know…

Release 969: Mail through Byte, SSL RC4, Nginx include fix

A multi bug fix release. Outgoing mail is rerouted through Byte mailservers. This fixes an issue where we boot a cloud server that was previously used to send spam, and its IP is on a blacklist. RC4 cipher is removed for sites using SSL. This will enable SSL sites to score an A at the…

Release 862: New Percona MySQL server fixes security bug

This is a MySQL server upgrade from version 5.6.16-64.2-569 to 5.6.22-71.0-726 and fixes a (low risk) bug that was recently published. No functional changes were discovered in the acceptance tests nor distilled from the Percona changelog, so everything should work as usual! The upgrade also squelches a warning from the Qualys scan. Upgrading took place…

Release 827: New HHVM version: 3.4.2!

Update: the upgrade was rolled back until further notice, due to XML crashes. We’ve upgraded HHVM from version 3.3.0 to 3.4.2. Functionally speaking, this is a transparent upgrade for Magento. However, this solves an important memory leak issue, which in some cases could eat all of a server’s memory, causing it to crawl to a halt….

Release 785: install pdftk, imagemagick and a new version of n98-magerun

On request we made pdftk, imagemagick and a new version of n98-magerun available. PDFTK is a toolkit for converting pdf, imagemagick is a swiss armyknife for converting images and n98-magerun is a toolkit for managing magento installations on the commandline.

Release 771: vagrant image available, correct blocking of PHP in /media/ and /var/

Vagrant image is now available By popular demand, we’ve been working on a Vagrant image for Hypernode. This image allows you to develop your site on an environment exactly like a Hypernode, only on your own your laptop or PC. Have a look at our Github repo for the Vagrant image and give it a…

Release 656: Thuiswinkel.org scans

Thuiswinkel.org security scan now succeeds The scans Qualys performs for Thuiswinkel.org often ran afoul of our intrusion detection system (IDS). We’ve now tweaked the IDS so, that Qualys can pass the test. Thanks for working with us on this, Pieter!

Release 641: SSLv3 no longer supported

Deprecated SSL protocol SSLv3 no longer supported Many techblogs have reported that a big security hole named POODLE was found in SSL version 3. This protocol version has been deprecated for years in favor of TLS. To keep our Hypernodes safe and care-free, we’ve decided to disable SSLv3 support. Impact The impact will be negligible:…

Release 640: 404 optimization, Nginx config warnings in prompt

Missing media no longer triggers Magento 404 Our Nginx configuration contained a flaw that caused all missing media files (images, css, js) to be routed to Magento. Magento then renders a nice 404, but nobody is interested in that page. So we’ve changed the configuration to be more like the standard Magento config for Apache…

Release 629: storefront overview, midnight commander, git-flow, improved filtering

Storefront overview For shops with many storefronts, it can be a tedious job to make sure all domain names are correctly configured. One by one the domain settings would have to be visited and verified. This frequently caused mistakes and misconfigured domains. A new tool was added to the Byte service panel to show the…

Release 582: Magento brute force and vulnerability scanner protection

Magento Brute Force Protection Brute force attacks against popular web applications, such as WordPress and Magento, seems to be surging lately. Botnets use dictionaries and try to log in on the back-end with various common passwords. If this succeeds, it is easy to install a malware component to send spam, steal payment information etcetera. Even…

Release 573: connect suppliers through FTP, Cloudflare support

You can now connect your suppliers through FTP As you might well know, FTP is an old protocol that is, at it’s core, unsafe to use. The protocol uses passwords, and worse, these are sent in plaintext. So up to now, we only offered an SSH logging, thus supporting SFTP, rsync and scp. Unfortunately, there…