Magento released it’s new security patch SUPEE-6285 for Magento enterprise and Magento Community edition

Magento 2.0
Magento 2.0

Magento is one of the best and widely used ecommerce platforms and according to a survey, businesses using Magento had more than £520b worth transaction in the year 2014. In the past few months, Magento experienced hundreds of hacking attempts and some of the web stores were compromised. Considering the severity of this issue Magento released it’s May patched for Magento EE and Magento CE version which helped retailers to secure their store and save the confidential information leakage.

Yesterday Magento released another security patch to address this issue. Magento suggests that although there are no confirmed reports of attacks related to these issues to-date, but it is important that you immediately deploy the patch in order to protect your store.

This patch addresses the following security issues:

  • It prevents attackers from posing as an administrator to gain access to the last orders feed, which contains personally identifiable information that can then be used to obtain more sensitive information in follow-on attacks. Check to see if you have been compromised by reviewing your server logs for someone trying to reach the /rss/NEW location.
  • It closes a number of security gaps including cross-site scripting (XSS), cross-site request forgery (CSRF), and error path disclosure vulnerabilities.

Magento has created patches for both Magento Enterprise and Magento Community Editions. For Magento Enterprise Edition, a patch is available for Enterprise Edition 1.9 and later releases. For Magento Community Edition, a patch is available for Community Edition 1.4.1 to 1.9.1.1 and is part of the core code of their latest release, Community Edition 1.9.2, which is now available for download.

Do you own a Magento store and looking for someone to help you secure your store and apply the patch? Please Get in touch now

 

5 easy steps to process ONLINE REFUND in Magento

Magento refund customer

To refund an item in an order, you’ll need to create a credit memo. There are two ways to do this, depending on how the invoice was created.

If the order was placed using a payment method that automatically creates invoices (like PayPal or a credit card gateway in authorize and capture mode), or if it was placed using a method that doesn’t accept any actual payment information (like “pay by check”), you’ll need to click the “Credit Memo” button on the main order information screen to create a credit memo.

If the order was placed using a credit card gateway in authorize only mode, and you created the invoice(s) for the order manually, you’ll need to first click on the invoice that contains the payment you want to refund (under Invoices), and click on the “Credit Memo” button from within the invoice.

In simple words, Refunds are processed offline when the customer paid for the goods using cash on delivery, cheque or any other manual method whereas, online refunds are when the customer paid using their Credit/Debit card via Authorize.net or any other online payment gateway.

To refund the customer, please create an online refund using the following procedure:

  • Go to the order details page and click on Invoices from the left side menu. Do not click on Credit Memo whilst the information tab is selected.
  • On the invoices tab, click on the invoice # and you will see the invoice landing page
  • On this page, now click on Credit Memo to create an online refund
  • Fill in the details and the quantity to refund
  • Once you are happy with the refund, you will see two buttons at the bottom of the page i.e. Refund offline & Refund. Since it is an online refund so CLICK ON REFUND button. Do not click Refund offline otherwise you will be taken to the offline page again.

Once you have made an online refund now, the transaction will appear in Authorize.net/your payment gateway and the money will be refunded to the customer.

Are you running Magento community edition and would like to refund the money as store credit? Since Magento community edition does not have a default store credit option so check this Store credit extension from MageWorx and get everything up to date.

Looking to buy reliable Magento extensions? Try Xtento Magento extensions.

Learn how to fix ‘Destination folder is not writable or does not exists’ or ‘Upload HTTP Error’ error.

Learn how to fix Destination file or folder not writeable
Learn how to fix Destination file or folder not writeable

Sometimes whilst adding new product images you may exprience this error and some times it is not clear as to why this error has occurred. To fix this issue, do the following steps in order and it will resolve it:

  1. Go to your magento installation directory and open /lib/varien/file/uploader.php
  2. Search for function ‘public function save($destinationFolder, $newFileName = null)’ or ‘if (!is_writable($destinationFolder))’
  3. Copy $destinationFolder variable and append it to  ‘throw new Exception(‘Destination folder is not writable or does not exists.’)’ so it becomes ‘throw new Exception(‘Destination folder is not writable or does not exists.’.$destinationFolder);’
  4. Go back to your magento admin panel and try to upload the images again
  5. You will see the same error but this time the destination folder path will be shown too
  6. Copy the path, go to your FTP client or SSH and set the file permissions to 777 (it has to be 777 not 775)
  7. Once done, upload the file back to the server
  8. Logout from the Magento admin and login again
  9. Go to the product and this time the images will be uploaded

 

Learn how to locate your stolen or lost Android phone using Google search ‘Find My Phone’?

Mobile phones have become an integral part of our daily life and nobody can imagine a single day without having to use it. Google now let’s you find your phone via Google search.

According to a survey, there are more than 1 billion devices running on Android and with this number in mind, the number of devices lost everyday is increasing too. Therefore, considering this issue, Google has taken another step towards helping the mobile owners to find their phones using ‘Find my phone’ service.

To retreive the location of your phone, please do the following:

Open Google and make sure you sign in using the account linked to your Android device.

Type ‘Find my Phone’ in the search results and hit search.

The next step will prompt you to login again for security purposes.

Google Find my phone

Sign in again and in the next step Google will try to locate your phone

find-my-phone-location

And there you go !!

Google-find-my-phone

Once you have located your phone, you can perform the following:

  • Ring your phone
  • Lock it
  • Erase data from it
Taken from Google photos