Top Nav

Archive | Web

Upgrade CURL

The Yoast SEO plugin in WordPress has started advising users to upgrade curl to the latest version. On CentoOS this can be done easily using the city-fan.org repo here:

http://www.city-fan.org/ftp/contrib/yum-repo/

For a CentOS 6 server, here are the steps:

 

 

0

404 On sitemap_index.xml With Yoast SEO After Site Migration

After moving and renaming a site, we were getting 404 errors for the sitemap generated by Yoast SEO at:

http://acme.com/sitemap_index.xml

After digging around it turned out the solution was to reset permalinks by going to:

Settings -> Permalinks

and clicking the Save button without making any changes.

0

Changing Magento Path

Suppose you have a Magento Commerce store at:

http://acme.com/store

but you want to change the URL to:

http://acme.com/catalog

There are plenty of articles that give the basics like:

https://docs.nexcess.net/article/how-to-change-magento-base-urls.html

Basically the steps are:

1. Login to admin, go to Configuration -> Web and change the secure and insecure urls.

2. Move the store/ folder to catalog/

3. Clear cache and sessions folders with

4. Add a rewrite rule in your .htaccess to send traffic from the old path to the new path:

So far so good but we found several additional steps that might be needed. If compilation is turned on then you may need to do:

Next if you have APC installed in PHP then you may need to restart the web server to clear the APC cache with something like:

If you have memcached configured as the cache backend then you’ll also need to restart memcached:

Let us know if the comments if you find any other steps that are needed to successfully move magento to a new path.

 

 

0

How-to Mitigate Bittorrent DDOS Attacks

You’ll know that you’re getting hit with a Bittorrent attack when the server slows down and you see log entries referencing:

Here’s a good article about one sysadmin’s struggle with this type of attack:

http://blog.carlesmateo.com/2015/01/23/stopping-a-bittorrent-ddos-attack/

There are a number of possible strategies to mitigate this attack:

1. CloudFlare will block but it can take time to move DNS to CloudFlare and activate.

2. Create an announce.php file that returns an error like this:

This will use fewer resources then letting WordPress or other CMS return a 404.

3. Block in iptables with a rule like this:

Not sure how efficient this is on a high traffic web server.

4. Block in Apache config:

5. Block with fail2ban as described here:

http://shazbert.com/blog/2015/01/24/fail2ban-china-ddos-announce-bittorent/

Note that Plesk 12 has fail2ban built-in so this fix is easy to implement.

6. If traffic is limited to a range of IP addresses then block that range in any available firewall. For example we’ve defeated this attack in one case by blocking a class B range from China.

Other suggestions on blocking this type of attack are welcomed. Comment below and let us know if you’ve seen this attack and how you handled it.

0

Magento – List Applied Patches

You can view a list of patches that have been applied to a Magento site with:

You’ll get something like this:

 

0