Magento Dirty COW Linux OS Vulnerability

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel that can allow a local user (like a web hosting account) to gain root access to the server. This can also be a huge problem if your Magento store is compromised and the attacker has the ability to upload files to your server or hosting account.

The vulnerability is present in all major Linux Operating Systems and security researchers have detected in the wild (ITW) attacks even before security patches were released by the various operating systems.

More Information:

Operating Systems:

If you manage your own server, you will need to update the kernel (and reboot your server) once the security patch is issued by your operating system providers.

If you do not manage your own server or if you are using shared hosting, contact your server administrator or hosting provider to make sure that you are protected against this vulnerability.

Magento product delete from CSV

ini_set(‘memory_limit’, ‘2048M’);
ini_set(‘max_execution_time’, 180000);
require_once ‘../app/Mage.php’;

//echo “TTT”;
$app = Mage::app(‘default’);
Mage::register(‘isSecureArea’, 1);
$row = 0;

if (($handle = fopen(“delete.csv”, “r”)) !== FALSE) {
while (($data = fgetcsv($handle, 1000, “,”)) !== FALSE) {
echo ‘Importing product: ‘.$data[0].'<br />’;
foreach($data as $d)
echo $d.'<br />’;
if($row == 1) continue; // first column ignoring of CSV
$_catalog = Mage::getModel(‘catalog/product’);
$_productId = $_catalog->getIdBySku($data[0]); // CSV column $data[0] for SKU, From CSV getting Product ID
$product = Mage::getModel(‘catalog/product’)->load($_productId);

// Test purpose is it working or not.
//if($row == 2) exit();



Can’t retrieve entity config: zeon_manufacturer/eav_attribute_option_value

It has a very simple solution


need to replace the code

array(‘manufacturer_name_table’ => $this->getTable(‘eav_attribute_option_value’)),

replace with

array(‘manufacturer_name_table’ => $this->getTable(‘eav/eav_attribute_option_value’)),

Hope it will work.
CAIDA Directory

What is Composer

Composer is a new standard for the management of PHP packages and libraries. Basically is used to manage the libraries on which the project depends.
Composer like so:

  • Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project and it will manage install/update.
  • Enables you to declare the libraries.
  • Finds out which versions of which packages can and need to be installed, and installs them.

Composer is actually inspired from npm from Node.js and Bundler from Ruby.

You might also be aware of PEAR. PEAR is an established PHP package manager that has been around for years. PEAR however, has been abandoned by many PHP developers for a number of reasons. Firstly, much of the code in PEAR is out-of-date. Secondly, PEAR forces you to install packages system wide, rather than on a project-by-project basis. This means that if you already have a project that relies on a slightly older package, you are screwed. For an excellent history of PHP packages, read Packages: The Way Forward for PHP by Phil Sturgeon.

What is LDAP?

LDAP is a Lightweight Directory Access Protocol. A directory contains objects; generally those related to users, groups, computers, printers.LDAP gives you query methods to add, update and remove objects within a directory.LDAP is also used to store your credentials in a network security system and retrieve it with your password and decrypted key giving you access to the services.
For example:

use the same login/passwd to login on an Intranet and on your local computer.
give specific permissions to a group of user. For example some could access some specific page of your Intranet, or some specific directories on a shared drive.
get all the contact details of the people in a company on Outlook for example

LDAP was designed at the University of Michigan to adapt a complex enterprise directory system (called X.500) to the modern Internet. X.500 is too complex to support on desktops and over the Internet, so LDAP was created to provide this service “for the rest of us.”

LDAP servers exist at three levels: There are big public servers, large organizational servers at universities and corporations, and smaller LDAP servers for workgroups. Most public servers from around year 2000 have disappeared, although exists for looking up X.509 certificates. The idea of publicly listing your email address for the world to see, of course, has been crushed by spam.

Disable compilation from command line

Magento Compilation – Compile, Clear, Enable and Disable from Command Line

If you have shell access running just got to shell folder

$ php shell/compiler.php

Usage:  php -f compiler.php — [options]

state         Show Compilation State
compile      Run Compilation Process
clear          Disable Compiler include path and Remove compiled files
enable       Enable Compiler include path
disable      Disable Compiler include path
help          This help


How To Export product with Category Names in Magento

ini_set(‘memory_limit’, ‘2048M’);
ini_set(‘max_execution_time’, 180000);

require_once ‘../app/Mage.php’;

// output headers so that the file is downloaded rather than displayed
header(‘Content-Type: text/csv; charset=utf-8’);
header(‘Content-Disposition: attachment; filename=products.csv’);
// create a file pointer connected to the output stream
$output = fopen(‘php://output’, ‘w’);

$userModel = Mage::getModel(‘admin/user’);

$collection = Mage::getModel(‘catalog/product’)

$attributeSetModel = Mage::getModel(“eav/entity_attribute_set”);

// $product->getModel(),$product->getProductcode(), //ColorCombination Material

foreach($collection as $product) {
$_cat = array();
$categoryName = array();

foreach ($product->getCategoryIds() as $Id) {
$_cat = Mage::getModel(‘catalog/category’)->setStoreId(Mage::app()->getStore()->getId())->load($Id);
$categoryName[] = $_cat->getName();
$categoryNameList = implode(“,”, $categoryName);

fputcsv($output, array(