Case Study: DDP Yoga (as featured on Shark Tank)

Tech Profile: Shopify + custom PHP / CAKE for installment and re-occurring billing.

DDP Yoga Shopify App DevelopmentDDPYoga is the brainchild of Former WWE wrestler Darrel Diamond Page (DDP). Dealing with injuries as he aged and eventually retired from professional wresting – he turned to Yoga as an outlet for maintaining his health and physique – eventually developing a program that friends, and colleagues alike would follow. He has developed his program into a multi-million-dollar enterprise with DVDs, Apps and training centers.

We were brought in to create a payment installment system that allowed orders to be place, fulfilled and subsequently billed for a limited number of re-occurring payments.…

CAKEPHP Developers Spotlight

As a development firm located just outside of Seattle, we have a large body of experience working with the CAKEPHP MVC framework. If you have never used CAKEPHP it is an open-source, rapid development PHP framework. It provides a solid foundation and structure for frontend developers and programmers to create robust web applications.

While we work with a number of different technologies and frameworks, CAKEPHP is one of the tool sets that we rely on for complex programming applications for mission critical systems.…

Inventory Management Systems for Shopify

What options exist for Inventory Management Systems for Shopify?

One of the things that cost clients a lot of time and money is keeping up to date with all of the various shippers they want to use in their shopping cart or dealing with back office inventory management systems. Some of these are older legacy desktop applications that do not connect easily to their online stores.

In terms of shipping, often these back-end systems are responsible for moving the product through an order process (receiving, fulfillment, shipping, etc) that is specific to the merchant’s business.…

How to fix CVE-2016-6662 on cPanel / WHM

CVE-2016-6662 – Remote Root Code Execution / Privilege Escalation (0day exploit)

A new 0-day exploit has been announced for MySQL that can result in remote code execution or privilege escalation.

Apparently, this exploit was announced to Oracle, the owners of MySQL more than 40 days ago and a fix has not yet been released.

You can read about it in greater detail from these sources:

This affects the following MySQL and MySQL “clones”: (excerpted from “LegalHackers.com”)

This exploit / bug works because if the malloc-lib configuration variable is set, the wrapper script mysqld_safe (which runs as root) will preload a user designated shared library before starting the server.…

How to use SMTP to send CS-Cart email

This one will be quick – and it is not usually limited to just CS-Cart users. We see this on Joomla! and certain WordPress plugins as well.

The need:

“I want to be able to send email from my cart using SMTP and a full-fledged email account.”

Should be easy right? Not necessarily. The hosting platform you are on needs to be able to send email outbound from the port you are trying to connect to. This would be your SMTP server.…

How to restrict zone transfers for PCI compliance in WHM – CVE-1999-0532

Recently we had to assist a client with a server that needed to become PCI compliant. One of the issues was: DNS Zone Transfer Allowed, CVE-1999-0532 and the server was running Centos 6 and WHM / cPanel.

Scanning vendors fail this because “unrestricted zone transfers” violate PCI DSS and are considered automatic failing conditions.

Now, there is not a control for this inside of WHM / cPanel so you will need to edit the named.conf file directly.

Here is how to do it:

Adding the following…

allow-transfer {“none”;};
version “”;

to the following section…

options {
allow-recursion { none; };
allow-transfer {“none”;};
version “”;
};

…within the /etc/named.conf file and then restart the named service.…

SSH command for backing up MySQL Databases using a CRON job

Need to dump your databases on a daily hourly basis? How about hourly or every 15 minutes? We have you covered.

How to backup all databases for all users via SSH in Linux (using root) and gzip the output

 

15 2 * * * root mysqldump -u root -p[YOURPASSWORD] –all-databases | gzip > /mnt/disk2/database_data ' %m-%d-%Y'.sql.gz

Note – p[YOURPASSWORD] = -p123456 where your password is “123456”.

How to backup a single database for a single user via SSH in Linux (no compression)

mysqldump -u[USERNAME] -p[PASSWORD] DATABASE > your_backup.sql

 …

How to find large files on a server via SSH

Continuing our series on handy commands to know os one that helps you find large files on your server via SSH.

SSH command for finding files larger than a certain file size

The command for this is quite easy, for our example we will assume you want to find all files that are larger than 1 GB in size and geta list you can use.

Step one: Go into your SSH session and type:

find / -type f -size +1048576k -exec ls -lh {} \; 2> /dev/null | awk ‘{ print $NF “: ” $5 }’  | sort -nrk 2,2

Done!…

How to white list an IP address in Mod Security

Often you will have a ruleset in Mod_Security that you want to override for a specific IP address or within a certain path in a website or an application.

To do this you need to locate or create your Mod_Security white list file, then add this line:

…where

is the ID of the rule you want to override.…