My Magento site was down yesterday don't know the reason. But after searching i found manually clearing the files in cache /var/cache/ and session /var/session/ directories solve the problem.
My problem is, the site is down again today and again i cleared these directories solved the issue.
I need a permanent solution for this please help.
Contact server provider and check if the server space is enough to run a Magento website (magento creates session, cache files inside the file system).
Check file/folder permissions are correct (http://devdocs.magento.com/guides/m1x/install/installer-privileges_after.html).
If you need to clear cache directory automatically, ask the server provider to setup a cronjob to clear the cache directory in a specific time period (https://magento.stackexchange.com/questions/84186/automatically-refresh-cache).
Note: this issue is not related to Magento installation, this is something related to the server. Also ask Magento related question here: https://magento.stackexchange.com/
I hope this helps.
Related
I think I am in a bit of trouble...
I was developing online store for past month, when I have finished I changed the hosting to new company. Transferred files and database...
Today I go to System->Permissions->Users and besides me I see one unknown account.
I check this account and it's also an administrator! So I think someone hacked into my website.
During development I didn't remove install folder from my server so maybe he got there by this... Is there any other way someone could do it?
And most importantly do you reckon my password that I use to login to magento back end was compromised?
I will greatly appreciate all of the answers and tips how to make my website secure. Thank you.
If you find an unknown user account in users list, click to open the account. Then, click the Delete User button.
After that you need to install all new security patches like
SUPEE-1533
SUPEE-5344
SUPEE-5994
SUPEE-6285
For installing security patches you need to download thease security patches from magento store
https://www.magentocommerce.com/download
and after that you need to upload thease patches from magento root directory and run command via terminal like
sh SUPEE-1533(name of this downloaded patch)
repeat this for all patches
and after sucessfull installing this pathes enter you site url here
https://shoplift.byte.nl/
and then what happens
and also you can see a list of file name in you file app/etc/applied.patches.list
Hope it will help
Thanks
Magento recently make some security upgrade issue.
Use this link to check if the patch is applied on you store.
If not, I recommend to you make the upgrade.
If you find an unknown user account in users list, click to open the account. Then, click the Delete User button.
Important: Install latest security patches.
To learn how to install a patch check this link out:
https://info2.magento.com/rs/magentoenterprise/images/Installing-a-Patch-for-Magento-Community-Edition.pdf
To check your store security use the following link:
http://magento.com/security-patch
I am really new to Drupal and playing around with this existing Drupal site.
I did a FTP transfer of all the files to my local computer directory. I currently got it on a Vagrant box and I can access the site via http://192.168.56.101/html.
I can do http://192.168.56.101/html/anything-but-user and it brings me to the proper area on the site. However I can't do localhost/html/user, because it redirects me to the website URL rather than the local URL.
I tried clearing the cache (with Drush). I scanned all files in the system and changed the web url to the local URL [not sure if I need to do any other command], and I can't seem to find anything in the .htaccess files that would lead me to this.
The href="/user I would greatly appreciate any advice or help in figuring out this solution.
--UPDATED
There was a module called "Secure Pages" that was causing the user and registration links to be locked and static to prevent redirects to phishing sites. I had to disable this module using "drush pm-disable securepages" in the terminal.
Some typical items you may want to check:
Check if you get the same problem using another browser. If with another browser it works, then it is pretty sure a cookie problem. To solve that, delete the cookie in the browser where you have the problem.
Make sure "clean urls" is enabled. Refer to "https://drupal.stackexchange.com/questions/165029/clean-url-leads-to-duplicate-url-after-migration-to-another-hosting/165044?s=1%7C3.9647#165044" for more details on that.
Make sure the value of "base_url" is set correctly (in your settings.php).
If module Secure Pages is enabled, then try to (at least temporary) disable that moduel to see if it helps.
Apparently, there was a mod called "SecurePages" that was causing the URLs to be static to prevent someone from changing them and redirecting users to a phishing site.
I have the Kunstmaan CMS bundles (Symfony 2.4 version) installed on a project that had been working fine until a system update a couple days ago; now, when attempting to log into the admin panel (/en/admin; /en/login) I get redirected to the homepage as an anonymous user, unless I explicitly check the "Remember Me" option in the login form.
This same issue arose simultaneously across all projects using these bundles, including ones that hadn't been modified in weeks.
The admin user last_login is being modified in the database, so it is getting as far as successfully validating the login credentials, but the user session is not being updated.
I'm running CentOS 6.5 on a VM, and the following packages are all the ones that were updated that seem to have anything to do with the web hosting environment:
httpd 2.2.15-31.el6.centos.x86_64
nodejs 0.10.29-1.el6.x86_64
nodejs-devel 0.10.29-1.el6.x86_64
nodejs-packaging 7-1.el6.noarch
php54w-5.4.30-1.w6.x86_64
php54w-cli-5.4.30-1.w6.x86_64
php54w-common-5.4.30-1.w6.x86_64
php54w-gd-5.4.30-1.w6.x86_64
php54w-intl-5.4.30-1.w6.x86_64
php54w-mbstring-5.4.30-1.w6.x86_64
php54w-mysql-5.4.30-1.w6.x86_64
php54w-pdo-5.4.30-1.w6.x86_64
php54w-process-5.4.30-1.w6.x86_64
php54w-tidy-5.4.30-1.w6.x86_64
php54w-xml-5.4.30-1.w6.x86_64
The problem happens in all browsers.
I've been pulling my hair out over this for hours, so if anyone has any thoughts it would be appreciated.
Thanks.
Found the problem.
My project was saving the sessions to %kernel.cache_dir%/sessions. Because I'm hosting the project in a VM, but editing the files from my workstation proper, the permission structure in my projects dir is a bit odd; Apache is running as apache:apache while the ownership on sessions dir was 1000:1000, and the session files within are rw------- 1000:1000. Apache can't write to these files.
This had been working fine previously, so in my last system update something apparently either changed the permission structure somewhere, or started stricter enforcing of a messed up system that had no business working in the first place.
Rather than muck around with the permissions in that dir, I just changed the symfony framework config:
framework:
session:
save_path: /tmp/myprojectname
Problem solved, and I can log in normally.
You should fix your /path/to/app
E.g. http://127.0.0.1:8888/web/app_dev.php/en/admin/login
If you are still having issues: I have recorded my notes here.
I've got a Magento store that refuses to keep session information on the front end. Strangly the admin works fine. PHP independent of Magento is able to write sessions. Magentos var/ directory is writable by the webserver. I can even see files being written to var/session.
This site is running on ec2 under nginx. I wasn't having these problems previously under Apache and as far as I can tell the configuration of Magento itself is the same.
Yes this was it. I wasn't able to see this in the Firefox console, but in Chrome I could see the domain was wrong ( although it looked ok in the admin, but maybe I was confused ) updated all cookie_domain fields in core_config_data table and its working. Thanks #datasage
Does anyone know how to change location/path of cpanel account using PHP?
Basically will have a multi-brand store with SSL certs and we want this pointed to one location/directory in root.
I was able to achieve this with a small tweak in httpd.conf file, but we want to automate this and have a php plugin.
Any idea?
Note: We have dedicated servers and it's possible + tested.
Maybe with the help of cPanel API or something?
I'm not aware of anything other than tweaking the httppd.conf file. However, perhaps you could build a post account creation script that hooks into the cpanel account setup. You can view the docs on WHM. I believe you will be after the postwwwacct script.
http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/WebHome
I'm not sure your reasoning for moving these to root, unless you have disk partitions set up in such a way that the home directory won't do, but perhaps using a filesystem junction point / link to that account folder would do the trick.
You can do that over CPanel API
Look at this as starting point
https://documentation.cpanel.net/display/SDK/Guide+to+the+LiveAPI+System
And with PHP over API functions you can make changes to account location/path similar as you would do that through WHM with Home »Account Functions »Rearrange an Account... But that is only if you have more then one partition. For other methods as Joe Meyer said only tweak httpd.conf or use simbolic links to redirect folders and files (which is most unsecure method)...