Release-4046: whitelisted Ayden’s user agent

We’ve whitelisted the Ayden’s HTTP user agent, from the bot ratelimiting. It’s no longer subject to the bot ratelimiting mechanisms.

Read more

Release-3981: Deny specific configuration files on magento1 installations

We’ve moved certain security restrictions from the magento2 configuration into the global magento1/2 security configuration file. In specific the following files are no longer reachable from external: auth.(json|lock) package.(json|lock) composer.(json|lock) Gruntfile.js cron.php Hidden files are also denied with a 403 now instead of a 404. Furthermore we’re working hard on the Xenial migration. Many changes […]

Read more

Release-3943: Xenial hypernode-vagrant

Over the past couple of weeks we’ve been very busy preparing to upgrade Hypernode to the latest LTS version Ubuntu 16.04 Xenial. While for Hypernode we highly modify the Ubuntu base, upgrading to this newer version will have many advantages like newer releases of various packages. For Hypernode we build all important parts of the […]

Read more

Release 3914: n98-magerun weak password tester

We’ve released a new version of the Hypernode plugin for n98-magerun, that you can use to test weak admin passwords. As admin accounts are increasingly brute forced, it is essential that you don’t use “guessable” passwords (such as steven123). This plugin will show you weak passwords in your store. More information, run magerun hypernode:crack:admin-passwords –help […]

Read more

Release-3864: IP authentication exceptions on development plans

In this release it becomes possible to whitelist IP addresses on development plans, so that they are exempt from the basic authentication requirements. This may be useful to test external payment providers or other kind of external services which do no support basic auth. The whitelist file is placed in /data/web/nginx/whitelist-development-exception.conf and looks like this: […]

Read more

Release-3774: Mitigate CVE-2017-6074 and firewall known bot networks

Today’s release implements two security measures on Hypernode. Yesterday a new double-free vulnerability was announced in the Linux kernel. We’ve implemented some rules to mitigate this vulnerability until all nodes are running the new patched kernel. Additionally we’ve seen an increase on brute-force attacks on the Magento /downloader. In this release we blacklist a range […]

Read more

Release-3760: Updated monitoring for development plans

We’ve updated the monitoring of development nodes. The alerting for these plans has been changed to only alert during business hours.

Read more

Release-3732: Let’s Encrypt Nginx configs are generated without www. prefix

Today we will update the hypernode-ssl-config-generator so that it generates Nginx server definitions without a www. prefix in the server name. This additional server_name was unneeded because dehydrated only creates certificates for the domain you specified, not automatically also a www. domain. A new config will automatically be generated the next time you run dehydrated […]

Read more

Release-3728: allow let’s encrypt on dev plans. fix ibdata1 shrink automation

On development plans it’s now possible to use let’s encrypt again. The relevant requests have been made exempt from the basic auth. We fixed a regression in our shrink_ibdata1 automation. A regression had been introduced by the MySQL version update end November. We added an alias sf2 which shows all magento2 storefronts. It executes cd […]

Read more

Release-3657: Whitelist Sendcloud

This release contains a change to the default Nginx whitelist that makes SendCloud exempt from the standard bot ratelimit. The FPM slot limit still applies. Users can further configure their ratelimiting settings in the Nginx config in /data/web/nginx. Also in this release: more tweaks to the WAF for yesterday’s RCE mitigation The Cart2Quote development team […]

Read more