Author: graphicdesigner

Rewind Offers Free Holiday Data Backups for E-Commerce Platforms

4 November,2019 E-Commerce, What's New No Comment Author: graphicdesigner

Rewind, a leading cloud data backup provider for e-commerce and cloud platforms, today announced the launch of Rewind: One-Time, a limited-time, complimentary version of its top-rated data protection software. Helping merchants on Shopify and BigCommerce, Rewind: One-Time can protect and quickly restore a retailer’s online store during the holiday shopping season.

“The holiday season can be an exciting time for merchants, but it can also be quite overwhelming with increased traffic to their stores. We’re excited to welcome the complimentary Rewind: One-Time app to our app store so that merchants can restore their data during the most critical time of the year,” said Fatima Yusuf, Strategic Partnerships Lead, Shopify.

Store uptime is essential for small and medium-sized retailers relying on cloud applications. Rewind has found that online stores have a one in five chance of losing their data at some point and time. Data disasters can happen from malicious acts, third-party integrations, or human error. Available now through December 31, 2019, Rewind: One-Time allows retailers to conduct a free, one-time backup of up to 10,000 products and related data tied to their e-commerce storefront so they can limit any downtime due to data issues.

“Data loss and the resulting downtime can be devastating to an ecommerce business. The Rewind for BigCommerce solution gives BigCommerce sellers the security they need to focus on growing their business — not recovering lost data. We’re pleased to be able to offer Rewind’s excellent integration and world-class customer support to our customers,” said MaryAnn Bekkedahl, SVP of Global Business Development, BigCommerce.

As minutes matter, retailers who take advantage of Rewind: One-Time, will be able to restore their data, to the exact day/time they installed. The one-time backup for BigCommerce includes product, brand, category, option set, and option data, while the one-time Shopify backup includes products, product images, custom collections and smart collections – the backups will be stored indefinitely in the secure Rewind Vault™.

“We want to ensure every BigCommerce and Shopify merchant knows their store data is fully protected this season so they can focus on generating sales, especially on peak days like Black Friday, Small Business Saturday and Cyber Monday,” said Mike Potter, CEO of Rewind. “With account-level data protection from Rewind: One-Time, retailers can ring in holiday sales rather than spend hours trying to recover deleted products or repair broken links and pages.”

Rewind: One-Time users can upgrade to one of the paid plan options at any time during the holiday season or beyond. Paid Rewind subscriptions add the ability for merchants to take advantage of ongoing, comprehensive backups so they can painlessly restore their full store experience (or select products, images, etc.) to any chosen date/time.

Download Rewind: One-Time

Adobe Introduces New Commerce Features For Magento

28 October,2019 E-Commerce, What's New No Comment Author: graphicdesigner

Adobe is rolling out new capabilities to its enterprise eCommerce platform Magento that are targeted to small to medium-size businesses (SMBs) and mid-market merchants, Adobe said in a press release on Monday (Oct. 22).

Adobe is unveiling these latest features at MagentoLive Europe 2019, being held in Amsterdam Oct. 22-23. The improvements to the commerce platform aim to improve customers’ shopping experience.

“We’re now at an inflection point where companies of all sizes are perpetually challenged by soaring customer expectations to deliver amazing brand experiences. We’re committed to bringing Adobe’s enterprise-grade commerce capabilities to our SMB and mid-market customers to help them grow their business,” Adobe said in the release.

The release of Magento 2.3.3 includes performance and security enhancements to help merchants stay compliant with new regulations. Enhanced features also include integrating with Adobe Stock, an Amazon sales channel for the U.K., cloud infrastructure with Microsoft and an Adobe Sensei-powered product suggestion tool.

“We’re bolstering our multi-cloud capability by making Magento Commerce available on both Microsoft Azure and Amazon Web Services,” the release said.

The “highly anticipated” Adobe Stock integration with Magento offers a searchable interface to find, preview and embed art, such as photos and videos. Adobe Stock has over 130 million images, templates, 3D assets, stock videos and premium collection images.

Adobe acquired Magento’s cloud-based eCommerce platform last year for $1.68 billion. A Shopify competitor, it counts Coca-Cola, Warner Brothers Music, Canon and Nestle as customers.

Commerce Cloud was launched by Adobe in March. This fully managed cloud-based version of the Magento platform is fully integrated with benchmark Adobe tools like analytics, marketing and advertising. Amazon and Google integrations were also added.

On Amazon, merchants can automatically manage their inventory directly from the Magento platform. Users can set pricing rules for the Amazon sales channel, handle multiple brands at a time with access to multiple accounts, and get access to Amazon product data.

Magento also introduced a free native integration with Google Shopping that will let Magento admins manage Google ads from the Magento dashboard, as well as Google Merchant Center accounts.

Google Launches a New Portal for Small Businesses

22 October,2019 E-Commerce No Comment Author: graphicdesigner

To celebrate International Small Business Day, Google today launched a new website that will suggest its products that seem like the best fit for a specific business.

 

 

The Google for Small Business portal was announced today at the Grow with Google Learning Center in New York City, where the company offers a variety of workshops and classes. During a break in the event, Kim Spalding, Google’s global product director for small business ads, told me that the website “gives everyone a place to start with Google products.”

After all, she said, “small business owners struggle with time” and particularly don’t have time to become experts on digital marketing.

So on the new site, they can enter their company name and website (assuming they have one), then answer a few questions about their business and their goals. Google will then create a customized, prioritized list of actions, which may involve launching ad campaigns, or building up their online presence, or installing Google Analytics.

Spalding suggested that this could be particularly useful for small businesses that are “just getting started,” as well as more established business that are starting to develop a digital strategy.

While Google for Small Business can recommend a wide range of products, Spalding pointed to two “hero tools” that are part of the lineup — Google my Business, which allows business owners to create their own profiles and websites, and is “a complete free product from start to finish,” as well as Smart Campaigns, which Google launched last year to automate the ad-buying process for small businesses.

Facebook Launches Two New Features to Help Small Businesses Grow

14 October,2019 Uncategorized No Comment Author: graphicdesigner

The holiday season is just around the corner and everyone is going crazy over shopping. Now is the high time when top brands and local sellers earn the most from customers. As small businesses, it is difficult for them to earn more customers through local strategies, which is why Facebook is taking amazing steps to help them build a strong internet presence.

As holidays are coming near, many people are looking for online options to purchase gifts for friends and family. If small businesses have a strong internet presence and helpful tools, they can easily make new customers without any hassle.

As a result of this, Facebook recently introduced two new features,

1. Customizable story option on Facebook, Instagram and Messenger – It is not easy for small businesses to create new ad campaigns for every product. By using this feature, small businesses can save a lot of money and time that they could have spent on advertising.

2. Improved Instagram Messaging for Businesses – To help small businesses grow rapidly, it is necessary for them to be organized. This new feature will help businesses to send instant replies during busy season and organize chats in separate folders to avoid any mishap.

By launching these new features, small businesses will be able to reach out to maximum customers and attract many people by their fast service. Apart from it, Facebook is also helping such small businesses to learn how to improve their business strategies to gain more audience.

Small business owners can take part in the training held by Facebook to learn where they are lacking and improve them accordingly. If these businesses can learn to adequately handle their business, there are more chances for them to enjoy benefits all year and not just during the holiday season.

These small businesses can bring a lot of growth to the local economy by investing their skills in the proper advertising and amazing customer service. Facebook’s action towards helping small businesses might seem like a pebble stone right now but it can give enormous advantages in the future.

Magento Commerce 2.2.X is Nearing the End of Support, it is Time to Upgrade!

10 October,2019 Uncategorized No Comment Author: graphicdesigner

You must have a current Magento subscription or license to receive software support. Additionally, it is recommended to always have the latest Magento version installed for optimum security and to leverage Magneto’s advanced features.

Magento continues to improve releasing updated versions. Please review the chart below for the end of software support dates for previous Magento versions:

Magento Release End of Software Support
Magento 1.x 06/2020
Magento 2.0.x 03/2018
Magento 2.1.x 06/2019
Magento 2.2.x 09/2019 (Open Source) & 12/2019 (Magento Commerce)
Magento 2.3.x – Magento 2.3.2 Latest Version

Magento has stated: Support for Magento Commerce 2.2.x ends on December 31, 2019.

Merchants or customers who are still using Magento Commerce 2.2.x should upgrade to the latest Magento Commerce release 2.3. If you continue using Magento Commerce 2.2.x for your website, this may impact website security and compliance.

Massive WordPress Infections Reported!

31 October,2018 Uncategorized No Comment Author: graphicdesigner

PublicWWW finds the most common patterns of this malware on thousands of sites:

Database Injections

Multiple variations of the injected scripts have been found. For example, when the attackers have access to the WordPress database, they inject the following script into blog posts (wp_posts table):

It loads an obfuscated script, which then loads a sequence of scripts from hxxps://www.learningtoolkit[.]club/link.php, then hxxps://mp3menu[.]org/mp3.js, and eventually redirects to tech support scam sites.

 

Reinfections of the Same Posts

On some sites, hackers aren’t even bothering to remove older versions of their scripts. You can find multiples scripts injected into the same posts by different waves of the malware campaign.

 

Malware in wp_options Table

The obfuscated learningtoolkit[.]club script that begins with “var _0xfcc4=” can also be found in the wp_options table. This happens when hackers exploit vulnerabilities in certain themes and plugins. The most common victims are sites with old tagDiv themesor unpatched versions of the Smart Google Code Inserter plugin.

In the latter case, the malware is injected into the “sgcgoogleanalytic” option where the plugin stores the Google Analytics tracking code.

 

Backdoors

If the attackers manage to get access to the file system, after uploading backdoors, they try to infect .php and .js files of the compromised sites.

The infection process begins with uploading a backdoor. We find them in site roots, in wp-content/uploads, or within other directories where the exploited vulnerability allows it.

Here are some typical names and paths of the backdoors:

The backdoor saves base64-decoded contents of the “q” parameter into the “cleartemp” file, then includes it to execute. It then immediately deletes the created file.

All the backdoors have similar content, just different parameters and names of the temporary files: cleartemptempotempltempleb, fgdfgdfg. Sometimes, the temporary files are created in /tmp or /var/tmp directories.

 

Worried That Your Website Might Be Infected? Click the Button Below to Call Us!

call-now

Second Level of the Backdoor

The code of the temporary files described above is another level of the backdoor. This time, it loads the content of a remote file (p4.txt or tpn2pp.txt) from a server with the IP address 190 .97. 167. 206, and saves it to yet another temporary file with name hjghjerg or minteasd.  It then includes the saved file to execute its base64-decoded code and deletes the file. For some reason after that, the backdoor executes the same code again, this time using the eval function.

 

Malware Injectors in Hjghjerg

Code in the hjghjerg file is responsible for injecting malware into website files. Over time, we have collected quite a few variations:

Currently, the most common version of the new infection injects the “var _0xfcc4” script into all files that have the <head> tag (for example, header.php in WordPress themes or almost any .html file).

The script is injected right after the opening <head> tag and right before the closing </head> tag. A side effect of this attack is that permissions of the infected files are changed to 777 (full permission for everyone). Keep this in mind when cleaning sites – you might want to revert their permission back to something like 644, or even a stricter file permission.

 

Payload to Infect JavaScript Files

Here’s another variation of the hjghjerg file injecting the same script into any JavaScript files with names containing jquery.

In this case, the malicious script is injected at the very top of the files immediately before their legitimate content.

The find command for the jQuery-related .js files has improved since the August version where we reported a bug that resulted in malware being injected into non-.jsfiles, including WordPress core CSS files.

 

Coding Style and Dealing with Reinfections

The coding style is very sloppy. There are no checks for errors or any fallback mechanisms.

Note: These versions try to inject new scripts into all suitable files. They don’t check if they have previous versions of the malware, which results in multiple infections of the same sites. Sometimes, the hjghjerg file contains code to replace previous payload with a new one. e.g. the examhome[.]net script to the learningtoolkit[.]club script. However, even in this case, it only takes care of one specific variation of their previous injection and neglects all other waves that used different scripts.

 

Hotopponents Version of the hjghjerg File

Some versions of the hjghjerg file inject different variations of the scripts.  In this case, it’s an external script from hxxps://hotopponents[.]site/site.js?wtr=1injected into files with the <head> tag and an obfuscated code that loads “hxxps://hotopponents[.]site/site.js?wtr=2” injected into jQuery related JavaScript files.

 

Cross-site Infections

As you might have noticed, the injector uses the find command that starts searching for victim files from the server root level: “find / …”. This means that if the site and account isolation on the server is not good enough, even one compromised site will be enough to infect all sites that share the same account – or even the whole server, in a worst-case scenario.

Of course, it’s hard to break out of the account level using this approach, even if the find command locates files that belong to different accounts (which doesn’t happen on most properly configured shared servers). Most likely, the script will not have sufficient permissions to modify them – unless the files had too broad permissions (e.g. 666 or 777) in the first place. This could happen, for example, if those third-party sites had been infected with the same malware and then cleaned without restoring the original permissions (remember, the injector changes permissions to 777?).

Another approach used by the same campaign can theoretically be successful in breaking out of the compromised account on a small number of misconfigured shared servers since it only needs read permissions.

 

Database wp-config.php Vector

The following code is also found in some variations of the hjghjerg file.

This injector searches for all wp-config.php files on the server and then reads database credentials from them. After that, it connects to the mySQL database, searches for the “wp-posts” tables there, and appends the malicious scripts at the end of WordPress posts (post_content field).

On most modern shared servers, the scope of this injector will also be limited to the compromised account. However, if the account isolation is not properly configured (which still rarely happens on some servers of small/amateur hosting providers), all WordPress sites on the server can be infected because of just one vulnerable site.

 

Conclusion

This long-lasting malware campaign demonstrates that all aspects of website security matter. Hackers don’t go for just a single vulnerability. They use a constantly updated kit of tools and exploits that help them maximize the effectiveness of their attacks.

Fully patched themes and plugins, strong passwords changed after any compromise, correct server configuration and site isolation, strict permissions of files with sensitive data – missing any of these components increases chances of a website compromise.

If you believe your site has been compromised by this attack, we can help. Contact us immediately at (888) 766-3315, or send an email by clicking HERE.

If your website is very outdated it may be for the best to do complete redesign sooner rather than later. This should also improve your security immensely. Visit THIS page to learn more and get a quote. We have special offers in store for our repeated customers.

Celebrate Mother’s Day with Simplio Web Studio and Get 20% off on SEO Packages

5 May,2017 Giving Back No Comment Author: graphicdesigner
Image: Mother’s Day

Image: www.swatinstitute.com

Mother’s Day is just a week away and now it’s time to enjoy 20% off on SEO Packages’ , says Simplio Web Studio. 14th May is celebrated as Mother’s Day, honoring the mother of the family. This day we salute to motherhood, maternal bonds, and to the influence of the mother’ s in society.

The Simplio Web Studio has been a valued Website design, Development, and SEO service provider in Miami, FL. We strive hard to provide maximized results for the search engine optimization. Our team analyzes and optimizes both the websites content, structure, and incoming backlinks. We primarily divide our SEO optimization into two parts: On-site SEO and Off-site SEO. Our SEO Strategy, makes sure that it matches your targeted audience, current website structure, and visibility.

Through this offer of 20% off on SEO Packages, our company and its team pay their tribute to the sacrifices of Mothers. The Simplio Web Studio has a record to always deliver their work on time. Search Engine optimization always plays an important role in boosting online businesses. Through SEO you can reach your business to enormous people. To make sure that our SEO strategy match your business our team keep themselves updated. With various research on your business, we can provide you the results that you get.

Other than Search Engine Optimization we are the designer of Websites of various businesses. We provide complete web solutions of all kinds. We believe that no project is too big for us and no task is too difficult. We work with all kinds of platforms and codes. Also, we are the creator of HTML5 websites as well as code in PHP.

Our Works include:

Web Design
SEO
Logo Design
Graphic Design
Pay Per Click
Providing e-Commerce solutions
Designing Mobile Apps
Video Productions