Miscellany For January
tl;dr – It was a quiet month on the security front, we can now do geolocation efficiently, and we’d love to hear your “wacky” e-commerce ideas.
We had a good start to the new year. A couple new sites hit the PureNyx network, but our biggest accomplishment was finishing the core project for two huge enterprise deployments ordered up by affiliate site managers. Those are special projects for clients who love what we do so much they want us to sell them a copy of our whole system and do the hard parts to keep it running. It’s the sort of thing a lot of businesses wouldn’t do… but we’re nice like that.
In the meantime, this month’s Miscellany covers three topics:
The Apocalypse Is On Hiatus
Nobody seemed to be predicting the end of the internet this month. There weren’t any major flaws discovered in the world’s fundamental security architecture or widespread attacks using some zero day bug. There was a minor announcement near the end of the month when security firm Qualys announced a Linux vulnerability they called GHOST, but it was mostly a non-event because the underlying code had been upgraded back in 2013. The problem only affected systems deep in the infrastructure of some web hosts and it was a breeze to patch with existing upgrades.
The only thing to make us raise our eyebrows during January was the continually increasing volume of automated trolling from servers in Russia and Ukraine. Our server logs are always peppered with weird, repeated attempts to access very specific files belonging to plugins known to contain vulnerabilities. Every web host has to endure a constant, low level exploration by cybercriminals. While firms like PureNyx might not be juicy targets for criminals, we get caught up in their plots because improperly secured sites can be hijacked and made part of the “bot nets” used to blackmail firms through DDOS attacks or subverted to hide the source of direct intrusions.
This activity consists of scripted searches for files that are known to contain vulnerable code. Most of the searches we see are looking for ridiculously outdated things like the major TimThumb vulnerability patched in 2012, but we sometimes see trolling for more current concerns like the RevSlider files involved in the SoakSoak attack we discussed last month. So long as we carefully choose our technology partners, keep everything up to date, and monitor activity your sites are safe. If we don’t have the vulnerabilities they are looking for, these robots go on their way and attack somebody else… but it’s annoying to see our logs spammed by criminals and we’re brainstorming on ways to keep them even farther from our clients.
Speaking Of Other Countries…
While we support most every common feature of business websites, and a few of the rare ones, we’ve historically avoided projects that serve different content based on visitors’ location. There are several mostly accurate ways to detect user location and we’re familiar with the code to use them, but they tend to be terribly slow and resource intensive. Of course we have been recommending e-commerce solutions that base shipping options and price on postal code, but nothing that uses the actual physical location of the browser. There are a lot of good reasons to base content on physical location, whether it’s serving entirely different pages or simply asking different questions in an intelligent form, but the performance hit just wasn’t worth the trouble.
A new tool provided by our hosting partner has changed that dynamic.
Using WPEngine’s new GeoIP, which just came out of their lab, we’ve put together proof of concept services for blocking entire countries, serving alternate content, and providing pop-ups with necessary legal disclosures. This could be used to comply with Europe’s rather comprehensive (or is that draconian?) e-commerce laws, direct visitors to local business branches, or provide special offers. We’re looking forward to finding our first real world application for the tool.
Granting E-Commerce Wishes, One Proposal At A Time
We didn’t start PureNyx with the intention of focusing on e-commerce, and compared to our expertise in multisite networks it’s still not our primary specialty, but every month we were in business seemed to bring more interest from prospective clients. As a result, our 2014 development plans included a lot of tasks related to WooCommerce, payment processing, and integrations with third-party business applications. It involved a lot of research, testing, and anticipatory development culminating with the introduction of a whole lot of new capability.
So far this year, it’s paying off. Our first new site this year sells subscription packages for local food delivery and wholesales supplies to select clientele. More than half of our calls for proposal have included e-commerce components, and we’ve been able to pull out off the shelf solutions for things as varied as invoiced planning sessions to digital goods with custom DRM protection. We’re having fun with it and can’t wait to see what project appears next.
Maybe that project will be yours? If you want to get into e-commerce, even if you think your business is too complex or you want your site to do something unusual, we’d love to show you how PureNyx can put your sales on the web. All you have to do is contact us!