InfoTales

Recently came across an article about Shoply, a new marketplace which aims to allow any one to sell any thing. It lets you register, add few products for free and than promote it. Charges some % on each transaction. Paid packages are also available which let you add up to 100 products.

It offers a nice social aspect for the store which allow to tweet for products and good sharing options like facebook etc. In a developer’s point site look pretty good with web2.o style etc.  I tried registering on site to see it from seller point of view. Over all its good idea and can be ideal for people selling things from home or small shop.

You can see the site at shoply.com

Data mining is all about data, i.e. extracting valuable information from the raw data. Data mining is the procedure of analyzing data from different dimensions and then summarizing it into useful information.  Data mining or knowledge discovery is often used in large organization to get meaning full information from the huge raw data collected from its different information systems. Data mining is expected to be “one of the most revolutionary Read the rest of this entry »

Magento allows to configure multiple ways to search in catalog. For community edition these options are “Like”, “Fulltext” and “Combine”. Like is the default method selected, but this is not the best method and is more resource consuming.

For better performance and results, “Fulltext” should be selected in this configuration. You can configure selection time by going to System » Catalog » Catalog Search » Search Type in Magento admin panel.

Fulltext searching feature is implemented with mysql fulltext searching. Fulltext search allows to make complex search against any text.

For fulltext searching Magento uses separate index maintained in MyISAM engine as InnoDB engine does not support fulltext indexes. Once you have enabled fulltext searching you should ensure that “Catalog Search Index” index is up to date. This can be done from System» Index Management and clicking on “Reindex Data” against “Catalog Search Index”.

More on Magento Performance

Magento provides a rich admin panel to manage all aspects of store(s). Admin panel operations are resource consuming because it does not use much cache etc. The pages also consume more memory.

So its good idea to dedicate a separate web server for admin panel operations. This way one may customize certain setting for admin area. This can be done by having a synced copy of Magento code on moth servers, and setting the admin url to new server. Option can also be configured during install.

More on Magento Performance

Based on Google Analytics (GA) visitor stats blow are the most visited pages on this blog during May, 2010.

1. Serving images from cookie less domain
2. Magento getting timeout errors, even with max_execution_time set to zero, on WAMP
3. Web Performance Optimization

This month site received highest traffic during a month, beating last months record.

Recently some one notified me about a serious security issue in osCommerce and CRE Loaded. Due to this issue any one can see orders information, customer information and do so many things in admin area, without login. It was hard to believe but its true.

I tried it on local osCommerce installation and it worked like a magic. In screen shot below, you can see configuration of a store. Just by changing URL other configurations can also be seen.

Similarly any one can see orders placed, information of single order, customer email, customer name and other information. The issue still exists in latest version of osCommerce v2.2 RC2a (as seen in screen shot above).

The issue is also found in CRE Loaded PCI Pro 6.4, so it should also exist in all older versions as well. Below is screen shot for CRE Loaded site, where orders information is visible.

Its also possible to see single order details with customer name, address, email, payment information etc.

The issue is fixed in CRE Loaded 6.4.1 version, which is latest version at the moment. This means any one using older version must take measures quickly, or they will remain open to hackers and information theft.

I am not writing the actual method to get into admin area, as doing it will make it public, and will create high risk for so many osCommerce, CRE Loaded sites.

Immediate fix for this serious security issue is simple one.

Fix for osCommerce and CRE Loaded 6.2 and older

1. Backup admin/includes/application_top.php in case something goes wrong
2. Open file admin/includes/application_top.php in some php or text editor.
3. Find line
   $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);
4. Replace the first occurrence of the line with this
   $PHP_SELF = $HTTP_SERVER_VARS['SCRIPT_NAME'];
5. For CRE, find line
   $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);
   remove it or replace it with above line
6. Save the file

Fix for CRE Loaded 6.3 and 6.4.0

1. Backup admin/includes/application_top.php in case something goes wrong
2. Open file admin/includes/application_top.php in some php or text editor.
3. Find line
   $PHP_SELF = (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
4. Replace the line with this
   $PHP_SELF = $_SERVER['SCRIPT_NAME'];
5. Save the file

It is highly recommended to follow guidelines mentioned in http://www.infotales.com/hardening-protecting-cre-loaded-admin-area/. Following these guidelines will further secure admin area from hackers attack.

There are few things which can be done in php configuration to help speed up Magento site.

Realpath Cache:

A lot of file I/O is done to run Magento site. This file I/O can be improved with faster hard disk. There is more can be done to improve this. PHP configuration allows to configure size of memory which can be used to cache realpaths, which help improve file I/O. The configuration is realpath_cache_size. Increase its value give more cache space.
Also increase the value for realpath_cache_ttl to 3600 to 7200 to increase the time of cache.

Memory Limit

Also its good idea to increase page memory limit to be used by PHP. You can increase it by increasing value of memory_limit configuration.

Remove unused extentions

See if you disable any unused php extension to save some more memory. There few extension which are used by Magento in default installations. These include PDO_MYSQL, simplexml, mcrypt, hash, gd, dom, iconv2, SOAP (list may increase in case of more Magento extensions and features.). If server is running other site please check required extensions for those as well.

More on Magento Performance

Disclaimer: Above recommendations are extracted based on “Magento Enterprise Edition Whitepaper” and my prior knowledge so no liabilities are accepted. Be sure the benchmark and adjust values according to your environment.

Does server location matters for Google? I have been asked this question several time, and the answer is YES. If your server is in Europe you gonna get more traffic from Europe than you get from other regions, despite the high search volume in other regions, and content for global audience.

This blog is live example of this effect. The server is located in Europe and few .co.uk domains are hosted on same server, so the site gets more traffic from UK than it gets from USA. The domain is .com domain so it does not associate it self with UK or Europe. Also don’t have any content specifically targeting Europe or UK.

See image blow to get a clear picture.

Based on Google Analytics (GA) visitor stats blow are the most visited pages on this blog during April, 2010.

1. /topic/web-performance-optimization/
2. /serving-images-from-cookie-less-domain/
3. Home page

This month site received highest traffic during a month, beating last months record.

HTML5 is coming, there are few tags which will not be supported in HTML 5, here is the list