Magento cloud hosted M2 EE site compromised and got malware attack

Today i noticed in my client’s magento 2 cloud hosted enterprise edition site is compromised. In footer hacker added some link along with following url:

  <script src="https://write-cdn.com/mysiteurl/"></script> 

As i am maintaining their environment when i saw that link i was curious what is that. When i opened that link it first attempt it showed some JS related encrypted code so i got some doubt about it.

Did perform scan in tools like sucuri and foregenix to verify site is malware infected. Both scanner showed result clean but when i ran http://write-cdn.com/ in sucuri it gave me red alert that domain is blacklisted for malware activities.

I removed that code from mysite and performed Db scan by checking blocks, pages, core_config_data and few other tables. did check code using grep linux command to find out but didn’t find any clue.

I want to know how that code injected in site. I did check admin logs, magento logs, nginx logs. Also created magento support ticket but those guys just useless and giving zero information how someone entered that code. admin access is shared with 2 person and all have secure and 20 character special character password.

Is there any way i can track from where that malware code came?
Is there any tool or way i can quickly scan and monitor for magento?

Is there any way i check who changed into db directly like logging or something?

Any help would be appreciated.

What would be a best design for a ‘cloud relay’ application?

I’d like to build a client/server application that doesn’t require the client to open a port in its firewall for incoming connection requests. In other words, the clients will be able to communicate with each other over the outgoing connections that they initiate with the server.

This will be very similar to, for example, any of several popular desktop remote control offerings available today. VNC Cloud comes immediately to mind.

My initial thought is to use SignalR at the server to accept connections from—and keep a channel open with—each client. When Client A wants to send something to Client B, it will contact the server with the appropriate routing command, which the server, in turn, will send to Client B.

(Note that this idea is based on my limited understanding of SignalR—I haven’t yet had an opportunity to work with it yet. This would be my first.)

How do these folks build these applications, in general? Is it something like what I’ve described here?

If my SignalR idea isn’t the best way, what is?

SharePoint online, external cloud storage for images and videos

I am implementing a sharepoint online and have an issue with images and videos. Basically, there are more than 30Gb of videos and images being generated every week and we need to keep them easily accessible in our sharepoint online (using also tagging and metadata for easier access and search)

I want to know what other solutions there might be for storage on the cloud for this volume of data and linking to SharePoint Online.

Any suggestions or ideas?

Point cloud clustering based on similarity in less than $O(n^2)$

not sure if this is the right place to ask this but here it goes.

Let’s assume I have some 2D points dataset consisting of facial landmarks, and I want to cluster these based on similarity so that I can refer to a notion of “prototype” of a facial expression.

As a measure between one point set and another I could be using a sum of euclidean distances.

Is there a way to obtain a set of prototypes without passing through the landmarks $ O(n^2)$ times?

To better explain what I’m thinking, let’s say I’m processing a video frame by frame.

I start with the landmarks of the first frame, and I put it in my list of prototypes because I have no other reference.

Following this, for each subsequent frame, I compare it with the first “prototype” and if it’s below a certain similarity threshold I assume it’s not unique enough and skip it, and so until I find one set of landmarks that are dissimilar enough, so now I have two “prototypes”.

From this point onward, I need to do the similarity check with two “prototypes”, and so on.

Another caveat is that I would also like to be able to store the “prototype” that the current frame matches the most.

I will also need to do a second pass through a second clip for a similar matching with the “prototypes” identified in the first pass.

Is there a more efficient way to do this, other than the naive approach?

FTP Problems on v18.04 with vsftpd and Google Cloud Platform

I’m having some unexplainable issues trying to setup FTP on vsftpd with my Google Cloud Platform compute engine. I’ve been messing with a bunch of different settings to get this going, but one issue keeps popping up.

In FileZilla, I get an error saying “Failed to retrieve directory listing.” Does anyone know a good fix? Let me know what logs etc. you need from me.

I’ve tried this on fresh installs plenty of times with no luck. The ports are all set through the firewall as well.

Thank you so much!

Is it safe to upload videos in cloud tools like video editors?

What i have is a video file(with delicate pieces of frames in it) that i want to be edited using cloud apps, without looking further in site maps and thats not always possible too, if you have to share that file instantly, i’m not sure that general assurance of discreteness will be applied by the site owners and even will be deleted if i ask for that. that must make sure it may not fall in things where its not intended to be used by someone, so i can share personal data. can owner rights be lost, or will high valuable information in upload files be lost, and security people are not often faced to upload their files to random sites to edit their work?

many tools are availible to give personal data away, https://clideo.com/ ..

Facing issues on updating magento in magento cloud, updating magento to latest version of magento 2.3.2

Right now we are working on updating magento to latest version of magento 2.3.2 right now we are runing 2.2.7.

I following the guide for 2.3 branch found at https://devdocs.magento.com/guides/v2.3/cloud/project/project-upgrade.html

I have taken following steps :

Step1: Update ece-tools version

On local workstation, perform an update using Composer

composer update magento/ece-tools

Add, commit, and push code changes.

git add -A && git commit -m “Update magento/ece-tools” && git push origin

Step2: Back up the database

Create a local backup of the remote database.

magento-cloud db:dump

when i run this command in my terminal i get ‘magento-cloud’ is not recognized as an internal or external command, operable program or batch file.

Back up code and media.

php bin/magento setup:backup –code [–media]

To back up Staging or Production environment database before deploying

php vendor/bin/ece-tools db-dump

Step3: Complete the upgrade

I have PHP 7.1.30 version

Before completing the upgrade, update the autoload property I follow all the steps giving in https://devdocs.magento.com/guides/v2.3/comp-mgr/cli/cli-upgrade.html#update-autoload

set the upgrade version using

composer require magento/product-community-edition 2.3.2 –no-update

Then Update the project

composer update

After composer update i get some error

Your requirements could not be resolved to an installable set of packages.

Problem 1

- magento/magento-cloud-metapackage 2.2.7 requires magento/product-enterprise-edition 2.2.7 -> satisfiable by magento/product-enterprise-edition[2.2.7] but these conflict with your requirements or minimum-stability.  - magento/magento-cloud-metapackage 2.2.7 requires magento/product-enterprise-edition 2.2.7 -> satisfiable by magento/product-enterprise-edition[2.2.7] but these conflict with your requirements or minimum-stability.  - Installation request for magento/magento-cloud-metapackage >=2.2.7 <2.2.8 -> satisfiable by magento/magento-cloud-metapackage[2.2.7]. 

Can you please guide me how can i solve this issue..

Thanks in advance.

My composer.json is

{ "name": "magento/project-enterprise-edition", "description": "eCommerce Platform for Growth (Enterprise Edition)", "type": "project", "version": "2.3.2", "license": [     "OSL-3.0",     "AFL-3.0" ], "repositories": {     "repo": {         "type": "composer",         "url": "https://repo.magento.com"     },     "amasty": {         "type": "composer",         "url": "https://composer.amasty.com/enterprise/"     } }, "require": {     "magento/magento-cloud-metapackage": ">=2.2.7 <2.2.8",     "gene/bluefoot": "^1.0",     "amasty/promo": "^2.2",     "sashas/bug-from-email": "^2.0",     "amasty/shopby": "^2.11",     "amasty/label": "^1.10",     "connectpos/rest-api": "^1.1",     "magento/product-community-edition": "2.3.2",     "magento/product-enterprise-edition": "2.3.2" }, "config": {     "use-include-path": true }, "autoload": {     "psr-4": {         "Magento\Framework\": "lib/internal/Magento/Framework/",         "Magento\Setup\": "setup/src/Magento/Setup/",         "Magento\": "app/code/Magento/",         "Zend\Mvc\Controller\": "setup/src/Zend/Mvc/Controller/"     },     "psr-0": {         "": [             "app/code/",             "generated/code/"         ]     },     "files": [         "app/etc/NonComposerComponentRegistration.php"     ],     "exclude-from-classmap": [         "**/dev/**",         "**/update/**",         "**/Test/**"     ] }, "autoload-dev": {     "psr-4": {         "Magento\Sniffs\": "dev/tests/static/framework/Magento/Sniffs/",         "Magento\Tools\": "dev/tools/Magento/Tools/",         "Magento\Tools\Sanity\": "dev/build/publication/sanity/Magento/Tools/Sanity/",         "Magento\TestFramework\Inspection\": "dev/tests/static/framework/Magento/TestFramework/Inspection/",         "Magento\TestFramework\Utility\": "dev/tests/static/framework/Magento/TestFramework/Utility/"     } }, "minimum-stability": "alpha", "prefer-stable": true, "extra": {     "magento-force": true,     "magento-deploystrategy": "copy" }, "require-dev": {     "allure-framework/allure-phpunit": "~1.2.0",     "friendsofphp/php-cs-fixer": "~2.13.0",     "lusitanian/oauth": "~0.8.10",     "magento/magento-coding-standard": "~1.0.0",     "magento/magento2-functional-testing-framework": "~2.3.14",     "pdepend/pdepend": "2.5.2",     "phpunit/phpunit": "~6.5.0",     "sebastian/phpcpd": "~3.0.0",     "squizlabs/php_codesniffer": "3.3.1" }}