20181106.1 – Run checks in batches, new patch check, updated Magento version check and new RCE check

Running checks in batches Recently we received some information that under-powered servers could suffer performance loss when scanned by MageReport. This is due to the amount of requests MageReport has to make to determine your shop’s safety. This is of course not our intention, so to fix this we’ve added running checks in batches for […]

Read more

Release 5874: Better out of memory pattern detection for preventive non-essential process slaying

On Hypernode we have a very sophisticated system for dealing with low memory situations. As described in these earlier changelog articles this system has evolved quite a bit over time and we are constantly looking for tweaks and adjustments so that we can strike the best possible balance between stability, performance and flexibility. Over time […]

Read more

Release 5869: Configurable ft_min_word_len for products with short names

In this release we expose functionality in the hypernode-api that will make it possible to configure the ft_min_word_len for MySQL. The ft_min_word_len is the minimum length of the word to be included in a MyISAM FULLTEXT index. So, if you sell things in your Magento shop like wol or a sok then today is your […]

Read more

20181026.1 – Added Magecart zero day extensions checks

Magecart zero day attacks Recently it was brought to light by security researcher Willem de Groot that attackers are making use of unpublished security flaws in about two dozen Magento extensions. The vulnerabilities in these extensions allow the attackers to gain full control over the targeted websites via Remote Code Execution (RCE). Added checks The […]

Read more

Release 5852: Additional PHP Object Injection WAF rules

In this release we will expand on the configuration changes we’ve made in yesterday’s release which addressed a number of the PHP Object Injection vulnerabilities in third party Magento 1 extensions. Today’s change contains extra filters for probes we’ve seen with an URI encoded version of the payload and for probes where the payload is […]

Read more

Release 5850: Blocking Magecart zero-days

In this release we will deploy a preliminary new version of our Web Application Firewall which will block various forms of known attacks that have been encountered in the wild on a selection of the vulnerable Magento 1 extensions that were disclosed in this blogpost by Willem de Groot, security researcher and ex-Byte founder. The […]

Read more

Release 5840: hypernode-servicectl can also restart Redis

In this release we will push an update to the hypernode-servicectl command-line tool that will make it so that the app user is now also privileged to restart the Redis service. It will be possible to restart the default Redis instance that is commonly used for the full page cache, but it will also be […]

Read more

Release 5793: ImageMagick security update

This week a security release for imagemagick was pushed to fix a vulnerability relating to the underlying Ghostscript interpreter. Because in Magento sites it is not very common for non-trusted users to upload images that will be converted to one of these formats, this vulnerability isn’t very critical. But because people can get very creative […]

Read more

Release 5785: Migrating Hypernode DEV plans to the new Combell OpenStack

In this release we have started our previously announced effort to migrate production resources from DigitalOcean to the brand new Combell OpenStack cloud. This change will allow for a couple of cool new features like volume swap migration between the Magento Professional 3XL, 4XL and 5XL plans and way faster provisioning (around 10 minutes from […]

Read more

20180925.1 – Updated CC hijack and cryptojacking checks and updated style

Update Credit Card Hijack check Recently MagentoCore and MageCart have been getting some traction as Magento specific malware to skim credit card details. We’ve updated our signatures so we’re able to detect shops infected with this malware. Update Cryptojacking check Recently there were some updates to cryptojacker signatures. We’ve updated our database to make sure […]

Read more