Migration schedule:

• 17/Feb 12 Friday night from 10PM GMT: servers ENTERPRISE & PEGASUS
• 18/Feb 12 Saturday night from 10PM GMT: servers ATLANTIS & STARGATE

Our other servers are already in the new centre and therefore unaffected. Further details have been sent to all clients involved in the migration via email.

Centro Data Centre

The Centro data centre opened for business in June 2009. Located in Hemel Hempstead, the centre is set within a secure 50,000 sq ft compound and has 3MVA of HV power through redundant supplies, and multiple fibre providers on-site. The facility has been fitted out to a high specification, with all infrastructure installed with a minimum of N+1 redundancy, and certain key elements at 2N. A state-of-the-art IP CCTV system and access control system provides security, including man-traps and biometric iris scanners.

The facility uses highly energy efficient design principles, with enclosed rack hot aisle containment and economical chilled water cooling allowing standard rack densities of 4kW, rising up to a maximum of 24kW.

Source: HotLinx Magazine

Under construction - Cables ready for 2,500A interconnect to Suite 1 LV panel

For a mini tour of the data centre, please head over to the Gyron blog: http://www1.uk.gyron.net/mini-tour-of-centro-datacentre.

Migration

From 10pm GMT (London/UK), the servers will be physically moved by van to their new data centre. All website content, login details, IP addresses and name servers will remain exactly as they are. The maintenance window is until 6am, but we will be working as swiftly as possible to finish ahead of this deadline.

Our helpdesk will remain online and if you have any queries, please don’t hesitate to get in touch. You don’t need to log in, just send us you query.

This tutorial guides you through setting up Magento Multi-Store on Shared Hosting with cPanel with the “parked domain” method. The set-up has been tested on our servers and works perfectly with all TerraNetwork hosting accounts. Any problems, feel free to contact support and we can take a look.

Shared Hosting Caveat: Whilst it’s perfectly possible to run Magento on Shared Hosting it does require more resources than other carts. If your shop gets busy or you have a large number of SKUs, then you may wish to consider an upgrade to Semi-Dedicated or Dedicated Hosting.

The set-up has been tested with Magento Community Edition 1.6.1.0 on Shared Hosting with cPanel on PHP5.3.

• Adding another shop in Magento
• Adding a parked domain to cPanel
• Modifying .htaccess
• Setting up SSL for checkout

Adding another shop in Magento

First off we need to add a second shop in Magento. We’re using a dummy name “example.com”. Please replace with the real domain you wish to us.

Create Root Category

1. Log into your Magento admin
2. Go to the Catalog tab and select “Manage Categories”
3. Click on the “Add Root Category” button on the left
4. For “Name” enter example.com. Set the dropdown for “Is Active” to “Yes”.
5. Click “Save Category” button.

Create Website

1. Go to the “Systems” tab and select “Manage Stores”.
2. Click on the “Create Website” button.
3. For the “Name” enter example.com and for the code example. The code will be important later when we need to modify .htaccess.
4. Click on the “Save Website” button.

Create Store

1. Click on the “Create Store” button.
2. For the “Website”, select example.com from the dropdown. For the “Name” enter “Example” or any value of your choice. For the “Root Category” select example.com from the dropdown.
3. Click on the “Save Store” button.

Create Store View

1. Click on the “Create Store View” button.
2. For the “Store” select the store you created in the last step, in our case Example. For “Name” enter Example View. For “Code” enter example_view. Set “Status” to “Enabled”.
3. Click on the “Save Store View” button.

Change Base URL

1. Go the “System” tab and select “Configuration”.
2. For “Current Configuration Scope” (located near top left) change the dropdown menu from “Default Config” to example.com
3. Select “Web” from the left sidebar under the “General” section.
4. For both the Unsecure and Secure sections, uncheck the “Use Default” box next to the Base URL; and enter the URL for your own shop example.com. Make sure to include the trailing backslash.
5. Click the “Save Config” button.

Modify URL redirecting

1. Still under “System -> Configuration” change the “Current Configuration Scope” to “Default Config”.
2. Select “Web” from the left sidebar under the General section.
3. For “URL Options -> Auto-redirect to Base URL” set to “No”.
4. Click the “Save Config” button.

Adding a parked domain to cPanel

1. Change the domain’s DNS name servers to your servers. If in doubt, ask your hosting provider for help.
2. Log into your cPanel and go to “Domains -> Parked Domains”
3. Add the domain example.com and click “Add Domain”

Modifying .htaccess

1. Either log into your cPanel and go to “Files -> File Manager” or connect to your site via an FTP program.
2. Navigate to /home/USER/public_html/.htacess (where USER is your cPanel username).
3. Add to the file the following lines as below. The “Host” is the main part of your domain name. “CODE” is the website code you defined in Magento admin. RUN_TYPE should always be “website”.
   
4. Save the file and if you using FTP, upload to your site

Done!

If all has gone to plan, then you will now have the same instance of Magento running on two separate domain names.

Setting up SSL Certificates for Checkout

With the set-up as described above, the only option if you need an SSL Certificate for checkout is to go for a Multi-Domain cert. Multi-domain SSL certificates allow for one cert to be applied to separate domain names on 1 IP. In the past these used to be prohibitively expensive; but prices have tumbled dramatically and are now feasible even for smaller shops.

Multi-Domain Certs should not be confused with WildCard SSL Certs. WildCard covers sub-domains (www.mydomain.com, shop.mydomain.com). Multi-Domain Certs cover separate domain names (mydomain.com, myothershop.com). When ordering a Multi-Domain Cert please bear in mind that www.mydomain.com and mydomain.com will be counted as 2 domains.

For the Dedicated IP, please contact your hosting provider. For Multi-Domain Certs, you can for example try Comodo or GoDaddy.

So there you have it – a Magento multi-shop set up with secure checkout on a Shared Hosting account. And for customers of TerraNetwork, if you run into any issues, feel free to drop us a support ticket, we’re here to help!

FTP is is the method by which you can down and upload files from a server.

FTP login details are a desirable target for hackers, giving easy access to your site’s files. Not surprisingly, the PCI consortium which looks after security standards for online merchants has taken an interest in FTP security, and in May 2011 raised the threat level of plain text FTP login to Critical as plain text FTP login can be exploited.

PCI compliancy is required from all merchants who accept payments directly on their website, for example via PayPal Pro or SagePay. And as of May 2011, any merchant undergoing PCI testing is likely to fail if plain text FTP login is enabled on the server. McAfee have already raised the level to 4 (fail). Security Metrics is expected to follow suit.

For customers hosted by us this means that plain FTP login is being phased out from our servers. So if plain FTP login is out, what can you use instead? Two options: a) use FTP over SSL which is works for all FTP logins and is supported by all major FTP programs; or b) use SFTP/SSH.

Both methods are already support by our servers, so even if plain FTP login is currently still working for you, we’d recommend to switch to a secure method now.

For tutorials on this & step-by-step guides for popular FTP browsers, please head over to our knowledgebase: https://support.terranetwork.net/web/knowledgebase/138/FTP–FTP-over-SSL-and-SSH.html.

FTP program password storage warning

Some FTP programs such as FileZilla store FTP login details in plain text on your PC/Mac. Hence, even if the connection is securely encrypted with FTP over SSL, the stored FTP logins is easily obtained should the machine become infected with malware.

Hence, with programs such as FileZilla which do not encrypt the stored data, the FTP login details should never be stored. Instead, enter the details afresh with each connection request.

Looking at programs that do employ encryption for stored passwords such as Ipswitch WS_FTP, the situation is better but not perfect. Passwords are encrypted, so a casual malware attack won’t be able to get them; but a hacker intent on obtaining the password can break it.

In my view, storing a password for frequent FTP use is likely to be a necessity. Using an FTP program that encrypts stored FTP logins is a must, and Ipswitch WS_FTP is the one I’d recommend. But equally important is the overall security of the PC/Mac.

• Who is affected?
• Will my site break?
• Continuing to use PHP5.2
• How can I make my site compatible?
• Quick Fix solutions

Who is affected by PHP5.3?

Any site that runs PHP scripts is affected by which PHP version runs on the server. You can quickly check if your site uses PHP by looking at the file names of your website – if it ends in .php, then your site is PHP driven.

Another way to check is your software. Many popular open source websites such as WordPress, PrestaShop, OpenCart, Magento, Zen Cart, osCommerce, Joomla, Drupal etc are built with PHP.

Will my site break if I don’t upgrade?

It depends but most likely yes.

Zen Cart has a fatal error with date_diff() which will stop the site from displaying.

osCommerce has a check for register_globals and if this is off, it will also stop it from displaying (register_globals is OFF by default in our PHP5.3 version but can be re-enabled).

For other sites, the most likely outcome of your site not working properly with PHP5.3 is deprecation warnings being generated. The warnings are meant to alert site owners that functions used in their website will be removed in future PHP versions. Whether this causes any problems will depend on your software.

Continuing to use PHP5.2

To avoid any problems with older software, TerraNetwork is making a secondary PHP5.2 build available to site owners. This will stay in place until end of March 2012 and provide another 6 months to upgrade sites.

For details please see https://support.terranetwork.net/web/knowledgebase/136/PHP-52-Build-switch-a-site-to-using-PHP-52.html or for help please contact support.

What do I need to do to make my site PHP5.3 compatible?

Best option is always to upgrade your software to the latest version. This will not only keep you compatible with the latest PHP version, but also apply bug fixes and most importantly, security patches to your site.

A list of PHP5.3 compatible software versions is available here: http://www.terranetwork.net/blog/2011/03/php5-3-is-coming/#versions.

Quick Fix

A quick fix is only meant as temporary solution, and should never be seen as a substitute for updating the code properly. Primarily because running out-of-date software is an open invite to any hacker taking an interest in your site.

But if you’re in a tight spot and need to buy extra time until your developer can upgrade the site, then you can simply adjust the error recording on your site to exclude deprecation notices from being recorded.

Zen Cart 1.3.8. and 1.3.7

In Zen Cart, the error recording needs to be adjusted in the two application_top.php files (frontend and admin):

error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

NB: Zen Cart also has an error with the function date_diff – this can only be fixed by upgrading the site. For details please see http://www.zen-cart.com/forum/showthread.php?t=140960.

To re-enable register_globals, please contact support for a local php.ini file.

osCommerce MS2.2

In osCommerce, the error recording needs to be adjusted in the two application_top.php files (frontend and admin):

error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

For details see http://forums.oscommerce.com/topic/341737-function-ereg-replace-is-deprecated/.

To re-enable register_globals, please contact support for a local php.ini file.

Magento 1.3

In index.php change

error_reporting(E_ALL | E_STRICT);

to

error_reporting(E_ALL & E_STRICT & ~E_DEPRECATED);

Open downloader/Maged/Pear.php and change

error_reporting(E_ALL & ~E_NOTICE);

to

error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

Open lib/Varien/Pear.php and change

error_reporting(E_ALL & ~E_NOTICE);

to

error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

Source http://www.magentocommerce.com/boards/viewthread/54158/.

WordPress 2.x

In the wp-config.php file add this line:

error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

Then in wp-load.php change

if ( defined('E_RECOVERABLE_ERROR') )
	error_reporting(E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR);
else
	error_reporting(E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING);

to

error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);

And in the wp-settings.php file change

// Add define('WP_DEBUG',true); to wp-config.php to enable display of notices during development.
if (defined('WP_DEBUG') and WP_DEBUG == true) {
	error_reporting(E_ALL);
} else {
	if ( defined('E_RECOVERABLE_ERROR') )
		error_reporting(E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR);
	else
		error_reporting(E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING);
}

to

// Add define('WP_DEBUG',true); to wp-config.php to enable display of notices during development.
if (defined('WP_DEBUG') and WP_DEBUG == true) {
	error_reporting(E_ALL);
} else {
 error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
}

Source: http://wordpress.org/support/topic/php-deprecated-warnings-on-every-screen.

PrestaShop | opencart | Joomla! | Drupal

PrestaShop, opencart, Joomla! and Drupal should honour the default server php.ini setting.

Related Resources

• http://www.terranetwork.net/blog/2011/03/php5-3-is-coming/

The update from the PrestaShop team is included in full below:

PrestaShop Security Fix

Last night, the PrestaShop’s official website, prestashop.com, was hacked, resulting in the misappropriation of a script intended for transcribing news information in the Back Office of PrestaShop stores.

The entire PrestaShop team dedicated ourselves to identifying and fixing this issue as quickly as possible. That fix has been completed.

Has my shop been infected?

This only affects PrestaShop versions 1.4/1.4.1/1.4.2/1.4.3/1.4.4, but not all shops using these versions are necessarily affected

If you use one of these versions, please check for any of the following symptoms:

• A her.php file is at the root of /modules folder
• A .php file different from index.php is in the upload and download folders
• Your footer.tpl file has been modified
• Your tools/smartyv2 folder is missing

If you fulfill one of these conditions, your shop may have been infected. However, it is easy to fix just by following the instructions listed below.

What should I do?

1. Change your database password (or contact your webhost if you do not know how to do it). Once you have done that, open the settings.inc.php file in your /config folder and replace your old password with the new one. See below:
2. Download the fix published by PrestaShop available on http://addons.prestashop.com/fr/herfix/
3. Upload it to the root folder of your shop with your FTP client (Filezilla, Transmit…)
4. Go to the url http://www.myshop.com/herfix.php (where myshop.com is replaced by the domain name of your site)
5. The fix is now applied. Please do not forget to delete the herfix.php file previously uploaded at the root of your shop
6. Rename the admin folder
7. Change the password of all admins of your shop

If you need any help or have any additional questions, you can email us at moc.pohsatserpnull@ytiruces. You will receive an answer at the soonest.

The whole PrestaShop team wants to deeply thank the community for its help in identifying this issue.

We have already seen sites exploited via this vulnerability and urge all WordPress site owners to check their sites now to see if they are affected.

The timbhumb exploit

An image resizing utility called timthumb.php is widely used by many WordPress themes. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory.

Source: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

What to do next

1. Check your site via FTP or File Manager in cPanel. Go to the themes folder and see if your site has a timthumb.php or thumb.php file. If not, you’re fine.
2. If you have the script, open it and check if it contains the $allowedSites array. If not, then your version of the script is secure, but we’d still recommend to upgrade to the latest version: http://code.google.com/p/timthumb/.
3. As quick fix, empty the $allowedSites array and save the file.
4. Check for exploits in the /cache/ or /tmp/ folder of your site. Malicious file names usually consist of a long string of letters and numbers with a .php extension. If you find any of these files, you’ve been hacked. See the WP site on how to recover from a hack: http://codex.wordpress.org/FAQ_My_site_was_hacked.
5. On affected sites, you may also find suspicious entries in the error_log which state that the uplaoded PHP file is a not a valid PNG format.
6. Regardless of whether you were hacked or no, update the script to the latest version: http://code.google.com/p/timthumb/.
7. If you like your security tight, there’s no harm in changing your DB and FTP/cPanel password just in case.
8. Lastly, don’t forget that if you are unsure how to check your site or how to change passwords, you can contact support: Helpdesk. Please include the site name as well as FTP/cPanel username and password in your ticket.

Any users of Woo Themes (who provide our free Premium Themes), please head over to Woo for the fix: http://www.woothemes.com/2011/08/timthumb-security-flaw-patch/. The solution is simply to replace the code in thumb.php with the latest timthumb version.

Elegant Themes published this advice: http://www.elegantthemes.com/blog/theme-changesbug-fixes/timthumb-vulnerability-security-update.

And WebsiteDefender has put together a list of affected themes and plugins, although please be aware that the list is unlikely to be complete, so always check your own site manually: http://www.websitedefender.com/web-security/timthumb-vulnerability-wordpress-plugins-themes/.

Demo | Download | by Organic Themes US$69

A clean, modern theme showcasing images in an eye-catching slider on the homepage. The theme includes a portfolio category with 1, 2 or 3 columns, slider, pages and options to change homepage content.

Blogfolio

Demo | Download | by Themify US$39

This theme gives maximum space to images and comes with an image slider on homepage, homepage customisation options, grid or list layout and 4 different skins.

Work

Demo | Download | by Theme Trust US$49

A clean, dark theme that focusses attention on the images. Template includes a slider on the homepage and ability to chose between one, two, three, and four column gallery layouts.

Expositio

Demo | Download | by WP Shower | FREE

A free minimalist sideway scrolling portfolio. A great way to showcase images especially for visitors with larger screens. Can be customised for white or dark background.

PhotoCraft

Demo | Download | by Templatic US$65

A high impact portfolio theme featuring a large slider on the homepage with multiple effects and gallery layout. Includes customisable homepage and unlimited colour schemes.

Craft

Demo | Download | by Theme Trust US$49

A sleek portfolio theme, ideal for artists who want to include text with their images. Theme comes complete with slider, Flickr/Twitter integration and customisation options.

Deep Focus

Demo | Download | by Elegant Themes US$39

An elegant, grey theme that combines a photo gallery with the features of a normal blog. Comes complete with a CMS-style homepage and light box for the gallery.

Portfolium

Demo | Download | by WP Shower FREE

A flexible grid-based theme available for free download. The portfolio pages allow showcasing of multiple images with one slider, ideal for artists who want to show several aspects of one work or project.

Work-a-holic

Demo | Download | by Graph Paper Press US$49

A clean grid-based layout with 2 or 3 column layout, ideal for showcasing images and photography.

Elefolio

Demo | Download | by Woo Themes US$70

Combines Tumblog publishing with a portfolio layout to showcase work and projects. Comes integrated with Twitter, social media links and uses the Woo theme framework to allow further customisation.

You can find full information here: https://www.x.com/view-blog-post.jspa?blog=1542&blogPost=5811

You can also check PayPal’s system status and scheduled maintenance at:
https://www.x.com/community/ppx/system_status

If this post is too daunting, then please contact us and we can talk you through what you need to do.

Your website

First off, you must have a copy of your site to be able to transfer it to us. If the server is online, then we can help you to take a full backup. But if the server (and your site) is offline, then you need to have a copy of your website (files, database) stored locally on your PC/Mac. If not, consider if any web development agency you may have worked with could have a copy.

If you do have a copy, then you can upload it to our server via the access details we sent. If you encounter any problems or have queries, just open a support ticket and we’re here to help.

If you don’t have a copy of your site, then the situation is trickier. You could decide to put up a temporary info page and continue to try to get in touch with Web Mania to get a backup of your site. Or you can decide to start afresh. If the latter, we can get you on your way with a free install of a software of your choice.

Setting up a new Hosting account

Next step is to sign up for a new hosting account. For smaller sites, our Starter package is excellent value. To get started, please see the hosting package overview or go straight to our sign up page support.terranetwork.net/web/cart.php.

All packages include one free domain name, help with uploading your files or install of a new software if you prefer to start fresh. For non-ecommerce sites, we also offer a free WordPress install with a free Premium WP Theme of your choice. For details click here.

Once you have the new hosting account, we’d also recommend to set up any email accounts you use. These won’t work until the domains are pointed to our server, but best to get this done in advance.

.UK Domains

If your domain ends in .uk, then you can use Nominet to quickly change registrars as long as you can access the registrant email address.

1. Check the registrant contact details via WHOIS www.nominet.org.uk/other/whois/.
2. If you have access to the registrant email, then go to secure.nominet.org.uk/auth/access-your-account.html, enter the registrant email. You will receive a password reset URL via email. Follow the steps, then log into the Nominet account.
3. In your Nominet account at the top bar, select “Your Domains -> Registrar Change”, follow the steps and for IPS TAG, please enter “LIVEDOMAINS” “TERRANETWORK” and advise us via support ticket that the IPS TAG has been modified. The Nominet transfer fee is £12 inc VAT and this covers multiple domains as long as they are transferred together.

Recovering a .uk domain name and repointing can usually be done within 24 hours.

If the registrant email address is not an address you can access, then contact www.nominet.org.uk/about/contact/ directly, explaining the situation and asking them to give you access to your domain.

.COM Domains

For .com domains, Web Mania are a reseller for OnlineNIC. First check via WHOIS that you the domain registrant email address is an address you can access: www.onlinenic.com/domain-whois/. If the registrant email is not one you can access, you must ask OnlineNIC to change it a working email you can access, otherwise the transfer process will fail.

Then, get in touch directly with www.onlinenic.com, explaining that you have tried to contact Web Mania without success, and ask them to:

1. Change the Nameservers to ours (nameserver settings as per your hosting welcome email from us)
2. Change registrant email address if necessary
3. Unlock the domain
4. Generate an EPP / Transfer Key (or Auth Code) – once received, please send to us via support ticket

We can then start the transfer process, which usually takes 7-10 days and involves approval of the transfer via registrant email address. Due to the length of the transfer process, if at all possible, try to get the nameservers changed first (this will take effect within 24 hours of the change being made).

Like our other servers this new server comes with x2 quad-core Intel “Nehalem” CPUs, which are multi-threaded to provide 16 CPUs.  Again, like our other servers, we are using SAS hard drives which run at 15,000 revolutions per minute.  This means that they can read and write data at more than twice the speed of standard server hard drives, which operate at only 7,200 revolutions per minute.  Raid 1 is incorporated as standard.

Our other shared servers will be upgraded to PHP 5.3+ in the Autumn of this year, but as this is a brand new server it starts life with PHP 5.3.6