Magento – Fix Malicious JavaScript Credit Card Hack

Recently we wrote about the new JavaScript malware issue & how to remove the malicious code from your affected website. In this blog post, we would again like to draw your attention towards JavaScript credit card hijack as the number of affecting sites are increasing. And, also a credit card hijacked shop results in almost immediate loss of money.

Credit card Hijack infects Magento site by allowing hackers to capture financial data, like credit card credentials. The malware is injected into the browser of your site’s visitors & it captures all credit card details (unencrypted yet) your client types there.

Envision Ecommerce has already suspected this malware (see earlier blog post) and its reason, i.e., Unpatched Magento shop. So, if you haven’t completely patched your Magento store yet, or couldn’t able to determine whether your site has been affected or not, or don’t know how to remove such malicious code from your Magento store, we recommend you to verify the safety of your Magento store at MageReport.com & ‘clean’ your store following the steps shared in our earlier blog – “New JavaScript Malware Issue? Ensure You Have Deployed All Magento Security Patches”.

How to Migrate Data From Magento 1 to Magento 2?

Fresh build of Magento 2 features improved performance & scalability with a brand new structure & design. There are a number of other improvements that force users to migrate to Magento 2 platform like new layout elements, CSS Preprocessing, cost effective, great UX and others. The process of migrating from Magento 1 to Magento 2 is complex enough due to the complex upgrading procedure. To make this complex process easy & simple, Magento has just released a Magento 2 Data Migration Tool to help you transferring your store data from an existing version to the latest Magento 2 in more simple & easy steps.

There are four components of Magento 2 migration, i.e., Data, extensions, themes, and customizations. But, Magento 2 Data Migration Tool can help you in transferring only data or database (specifically the contents of the MySQL database). Moreover, it doesn’t support for themes & customizations and your store’s customizations & themes can’t be automatically transformed on Magento 2.

As you can see, Magento 2 is continually developing till now. So, it is assumed that the parts of this Magento migration tool will require to be updated. Overall, it can be summed up that Magento 2 migration tool is Magento’s great innovation for migrating Magento 1 to Magento 2. It will certainly require customization and lot of technical knowledge and is not going to be easy. We recommended you to adapt this migration tool for now so as to take advantage of the newest Magento 2 features. To help in the Migration from Magento 1 to Magnento 2, Envision Ecommerce is already geared up as we know there will be obstacles that will need perfect capabilities to overcome and help you grow your eCommerce venture.

Enjoy the new release of Magento (Magento 2 Migration tool) and also read our earlier blog posts on Magento 2 features and benefits.

The Holiday Discount Week, 23 Nov to 1 Dec, 20% Off across Our Entire Store

With Thanksgiving day coming up, closely followed by Black Friday and Cyber Monday, it is the golden time to get ready your eCommerce store for the holidays to maximize your revenue growth. As a store owner, you know shoppers will spend so much on your store this holiday season, and your store should be like easy-to-use & fast responsive for better customer experience. It’s a make-or-break time for many online store owners, which on average acquire 20% of their yearly sales throughout the holiday shopping season.

To continue the excitement of upcoming holidays, we have made a whole discount week (from 23rd November to 1st December) for you. You can take advantage of this discount week for your store and avail our entire store’s product & services at 20% off  (Use Coupon Code: HOL20%). Just pick up best Magento extensions, WooCommerce plugins and our efficient eCommerce services for your eCommerce store, and get ready, set your store more efficiently & done for the holidays!

Through our discount week, we just want to make this holiday season successful for you and it is just a way to point up – how valuable you are to us.

Launch of a New Era of Ecommerce, Magento 2 is Here

In this fast-paced industry of eCommerce, the launch of Magento 2 (Nov. 17, 2015) seems like an emergence of a new era of Ecommerce. We at Envision Ecommerce are excited to expand our eCommerce capabilities by having this next generation open source e-commerce platform. We already put our hands in Magento 2 and also geared up for the challenge & taking all necessary steps.

The new Magento 2.0 platform features unmatched flexibility, enhanced performance & scalability, improved conversion rates & business agility and many other productivity improvements. Apparently, it differs from the previous beta version of Magento 2 as it supports brands, retailers, and businesses in offering cost effective & engaging omnichannel shopping experiences at a faster pace. It also supports users with several other benefits in the cloud computing field like security, dramatic scale, security and performance enhancements.

Despite countless features of this new Magento 2.0 platform (like a modern code base and modular architecture & more), the main features come down to the followings:

  • Open & Flexible Architecture
  • Engaging Shopping
  • Enhanced Business Agility and Productivity
  • Enterprise-grade Scalability and Performance
  • Secure Payments
  • Easier Maintenance and Upgrades

Both Magento Enterprise Edition 2.0 and Magento Community Edition 2.0 (based on this new Magento 2 platform) are accessible to download. The next generation commerce – Magento 2 is much bigger & multi-faceted than explaining in only one blog post, so, in order to deliver every aspect of this new Magento 2, we will keep posting & update you regarding this new platform.

New JavaScript Malware Issue? Ensure You Have Deployed All Magento Security Patches

A new type of malware issue called JavaScript Malware issue has been affecting Magento based stores. This malware issue exploits vulnerability in Magento & forwards credit card information externally from your site’s checkout pages. The malware infects the Magento store through Admin or database access (weak passwords, phishing, and other un-patched vulnerabilities). It seems that there is no new attack vector, and the impacted sites are facing this issue only due to lack of Shoplift Patch (February 2015) or the security patch was deployed after they were compromised. Thus, it is recommended to all unpatched Magento shops that they should deploy all security patches in a timely manner.

However, if you have not deployed previous security patches and find indication in the server logs or otherwise that credit card details may have been sent externally from your site, you should review your files, configurations, and backend accounts.

How to Determine You have Been Affected by New JavaScript Malware Issue?

As a Magento merchant, you should open the main page and view the page source. Look for the strings mentioned below. If you found any of below strings, it means that your site has been compromised.

  • eval ( atob (
regexp (“ checkout

Regexp (‘checkout

Regexp (“onepage

Regexp (‘onepage

Regexp (“onestep

Regexp (‘onestep
  • the case of those strings can be dissimilar (For e.g, regexp, RegExp, etc.)
  • However, if it is the case where you don’t find any of the above strings, you should carefully review your Admin configuration, taking account of your Admin accounts, follow best security practices, and deploy all security patches.

 How to Remove Malicious Code if Your Site is Affected?

Begin by scanning your Magento site with a tool such as magereport.com. Deploy all security patches. Make sure that there are no any unknown files in the system. If you find unknown admin accounts while reviewing, it is recommended you to remove all such accounts. After removing such accounts, change the current passwords of the rest admin accounts to strong ones. As a Magento merchant, you should always follow best security practices summarized in the Magento User Guide. And, also review some parts (mentioned below) of your Admin configuration and remove any malicious code found.

  • Configuration->General->Design->HTML Head->Miscellaneous Scripts
  • Configuration->General->Design->Footer->Miscellaneous HTML

After removing such malicious code from your Magento based site, it is recommended you to review some server log files mentioned below. If you found such files or URLs, it means that your Magento site is totally compromised.

/downloader/Maged/Maged.php
/downloader/cache.php
/jquery.php
/jquery.pl
/css.php
/opp.php
/xrc.php
/order.php
/jquerys.php
/var/extendware/system/licenses/encoder/mage_ajax.php
/js/index.php

If you suspect your site has been compromised and you haven’t applied previous Shoplift security patch, implement such security patches immediately to stop this new JavaScript Malware issue attack.

Recommended product to solve this issue successfully.

Spreading Smile – Envision Ecommerce’s Visit to Orphanage

This blog post is surely different from others that are posted here on Envision Ecommerce. But, we feel really happy about sharing our personal experience with everyone here. It’s just a call to all of us to remember to help & make smiling those who are not fortunate as we are.

Today as shared in our earlier blog, “Help Orphans this Diwali with Envision Ecommerce – Contribute a Smile“, we went to the orphanage and we would like to share our experience at Bal Niketan orphanage in Chandigarh/Panchkula. Bal Niketan is a national award winning Indian orphanage and has been helping underprivileged children since 1983. Presently, there are 42 children and they are studying in eight good schools of Panchkula. After completing education, a number of Bal Niketan’s children have been rehabilitated in their life, and currently standing on their own feet.

20151107072938We interacted with kids, asked for their names and also introduced ourselves to them & proceeded to play a few games with them. They were eager to play such games and that joy radiated from their eyes touched us deep now. Some of them also sang some songs for us. It was really an emotionally enlightning experience for us to contribute a smile on the faces of kids.

We are very grateful that we had the opportunity to visit such a place. Every one of us has certainly realized that how fortune we are to be living present life and how they live a very simple life & yet they are very happy. Envision Ecommerce will also endavour to do more for these Orphans.

20151107073622

Envision Ecommerce Partners with Veeqo to Bring OmniChannel Services to Merchants

In today’s eCommerce world, technology is changing day by day, offering online merchants with endless channels, speed and alertness to keep their inventory management‘s complexity at an ease. A multi channel inventory management system (or OmniChannel system) is an emerging technology in the eCommerce industry. It helps most online businesses in keeping their inventory right when selling across marketplaces like Ebay, Amazon, Etsy etc..

We at Envision Ecommerce are always on the go – working from existing to an emerging technology to keep us connected with the latest trend of eCommerce industry to help online businesses. In order to do the same, we have partnered with Veeqo – multi channel inventory management software to make seller’s lives easier. We just come together to optimize inventory systems for most of the online businesses & stores & to keep their shipping on time.

Envision Ecommerce is constantly striving to expand and work with such emerging eCommerce technologies & trends, and also thrilled to see the effective results of this partnership for online merchants like merchants with well managed inventory systems, on-time shipping and, in short, we can say – “Easy lives of Sellers”.

Get in touch with Envision Ecommerce to know more about OmniChannels and see how we can help you expand your business and make your inventory management across multiple channels easy.

Now You Can Set Special Hours in Google My Business

Google’s Marissa Nordahl (Local Merchant Operations Team Lead at Google Inc) this week announced the launch of “Special Hours” in Google My Business listings.

“Special Hours” – seems a new & important program aimed at helping business owners in informing their customers about special hours (either longer or shorter store hours) on the basis of upcoming holidays. Now, business owners can add certain special hours or even a special store event to their local listings within their Google My Business listings.

Screenshot of how the special hours looks:

google-my-business-special-hours-1446555941

The holiday season is just around the corner. Thus, it is most important for business owners to have this new feature for their store so that customers can get correct information like when they can visit your business. Moreover, a disclaimer will also be available for customers to get that “hours might differ” for a particular store & holiday.

Disclaimer Screenshot:

google-my-business-special-hours-disclaimer

As per Google, there are three methods (A complete Guide from Google) to set special hours for your business:

(A) Set special hours via spreadsheet.

(B) Set special hours online.

(C) Set hours that extend into the next day.

All these methods necessitate your business’s regular hours. And, Google would not allow you to manage your special hours without providing your regular hours.

Blog Credits: SearchEngineLand

Help Orphans this Diwali with Envision Ecommerce – Contribute a Smile

Envision Ecommerce family understands its Corporate Social Responsibility & desires to brightenup the lives of underprivileged kids this Diwali. In order to do the same, we are contributing our donations (in terms of cash & kind) to Bal Niketan – a national award winning “Home” for orphans.

We thought to make this initiative even larger and we invite you all to be a part of this charity and donation activity. We invite you to contribute in terms of Cash & Kind, Sweets, Packed Food and anything else that you can donate to bring smile, this Diwali, on the face of these children. Envision Ecommerce is thus extending everyone an opportunity to be part of this “Smile Sharing Initiative“.

Diwali is a great opportunity where we can bring the smile and real light to the lives of underprivileged Orphans without wasting that money on such fumes & crackers.

Lets Spread some Smile. Happy Diwali.