Joomla Sites Hacked – We help Repair them
Click here to get help with your hacked site →
Many Many more Joomla based sites are being hacked daily at the moment – and ITS NOT JOOMLA’s fault!
Firstly let me say the sites were NOT hacked through Joomla! They were all hacked through Joomla Custom Components!
If you are running Joomla 1.0.10 then there are no known security holes in that version!
extCalender • OpenSEF • phpBB Forum (com_forum) • SimpleBoard Forum • VideoDB • Mambo-SMF Forum • LoudMouth • PollXT • HashCash • perForms • Google Page Rank Module • BSQ SiteStats • MultiBanners • MiniBB • New Article Component • Advanced Poll • JomBok • ArtLinks • PCCookBook • Mambo/Joomla SiteMap (Custom Component) • Galleria • com_spray
Click here to get help with your hacked site →
I write this to inform you of thiese facts, and also to let you know, as our customer, that none of the components on www.phil-taylor.com have been hacked or used to hack Joomla websites! Yippee!
You should really only install components from TRUSTED sources, from developers that you trust!
Again, ALL COMPONENTS ON PHIL-TAYLOR.com Have been HACKER SAFE certified! And have no known security issues (At this moment in time 
) As experts in Joomla development we take pride in checking our components with an industry standard (expensive!) scanning solution used by the big players worldwide!
We have fixed over 50 hacked sites for new customers worldwide in the last 7 days!
Did your site get hacked? – we can help!
Fix My Site is a very unique service offered by Phil Taylor.
(This is a fee per incident based service, no contracts and no strings involved!)
Fix My Site puts a very experienced and knowledgeable Mambo and Joomla expert at your fingertips when things go wrong on your site. For a set fee, you can have Phil Taylor (Or one of our other experts) login and take a look at that problem that has causing problems on your site.
See our site at http://www.phil-taylor.com/FixMySite
ONLY TRUST THE EXPERTS! – Beware of some other help sites that simply repair your site without giving advice on how hackers gained access or how to prevent further attacks. We are not just Joomla experts, we have huge amounts of experience in this area and can draw on this experience to provide the very best solution for you.
You have been warned!
If you want to stop hackers and do information security as a career, consider information assurance training.
Blue Flame Forms (bfForms) v0.3.6 Released
I have just released Blue Flame Forms (bfForms) v0.3.6/bfFramework v3.5.1 to address a small issue with pagination and column ordering in bfForms
Existing customers can download the latest version at myJoomla.com
Please read the upgrade article that may be of assistance with upgrading
FAQ: Where did the required asterisks go from Forms?
We recently announced the release of bfForms v0.2.169 with a few new features, but one important change that has had quite a knock on effect, and customers have been contacting us
The Change Log in bfForms clearly states:
————— Blue Flame Forms (bfForms) v0.2.169/bfFramework 3.4.0 Released– [02-Aug-2009 22:30 UTC] ———————
+ NEW FEATURE !! – Pausable forms!
+ NEW FEATURE !! – My Forms view+ Allow JOOMLA_USERNAME, JOOMLA_NAME, JOOMLA_EMAIL placeholders
# Fixed referer bugs
# Fixed Horizontal/Vertical checkboxes/radioboxes
- Remove required stars in favour of an upcoming new feature for showing required fields
- IE8 IN-Compatibility with autogrowing text areas – so removed for now.
See, we have removed ALL asterisks from the code, so they dont show by required fields anymore. (Apart from textarea, but that is a mistake )
You are now free to implement any css you like on the required fields (look at the css classes of the input elements, then add css to those)
New secure email sending feature in Joomla 1.5.12
A great new feature in Joomla 1.5.12 that allows you to send email over SSL SMTP breaks compatibility with our extensions (If you want to use that feature).
We are aware of the issue and will release new versions that can take advantage of this new feature as soon as we can. For the time being please use the other available mail options that have been available before (PHP Mail, SMTP, SMTP With Auth and Sendmail). The new SMTP over SSL feature will will incorporate for the next versions of our extensions.
More reading: PHPMailer version used in 1.5 does not allow secure connection to SMTP servers
UPDATE 02/Jul/09 6:47pm GMT: The additional code has now been written to support GMail/SSL/TLS connections for bfForms email sending – if you need this update before the official release please email me direct
Joomla Forms – An update
I had a worrying email this morning, someone thought I had abandoned Joomla Forms! Well I know its been a long time since the first release of Joomla Forms was made but really I apologize for the long time between releases, however Christmas, New Year, Wife separation, Kids etc all got/get in the way..
I’m working very hard on the code base for forms, along with a rebrand to a new name (Blue Flame Forms (bfForms)) and wanted to blog about the upcoming release as a taster for those waiting (patiently – Eighteen 5 STAR Reviews) and those critics that leave negative reviews (One person!).
So what has been acheived so far:
+ NEW FEATURE !! – Manual resize of textareas when submitting forms
+ NEW FEATURE !! – Automatic resize of textareas when submitting forms
+ NEW FEATURE !! – Fancy Multiple Select Alternative
+ NEW FEATURE !! – Redirect Browser with POST/GET of submitted data
+ NEW FEATURE !! – sh404SEF SEF Extension, now all urls to forms are SEF
+ NEW FEATURE !! – Automatically Generate the content of the emails send – ONE CLICK!
+ NEW FEATURE !! – Ability to set the default checked checkboxes and radioboxes
+ NEW FEATURE !! – Ability to copy form elements and have them actually work
+ NEW FEATURE !! – Integration with ListMessenger to subscribe/unsubscribe behind the scenes
+ NEW FEATURE !! – Execute ANY PHP script on form submission – thanks Kenneth
And the number one requested feature:
+ NEW FEATURE !! -Ability to embed forms in module areas or content items!
Along with this over 50 bugs have been identified, researched, fixed and are awaiting this next release. We have also made some sweeping changes to our own framework so that the overall speed of the application has increased, making creating great forms with Joomla even faster!
However, with all these changes we have had some regressions, in-particular the handling of validations has had to be completely overhauled to make it work under the new framework, and as a solution we are implementing a brand new way of displaying the validation errors This will all improve the ability for YOU to modify the layout and style of the validation errors (yeah we admit it looked rubbish in the first release )
When can you get the next version?
Again, I’m sorry its taking so long, but I will get there and release when I am happy of the quality of the product and its new features, and not before.
Thanks for all your support, for a tiny sum that most of you paid for this application (Only £9.99) I think you are getting a lot more than your moneys worth 
Update: WOW It was 12 July 2008 when I last released forms! Sorry about the delay – it seems a long long time ago because it is…
A Blank White Page Is Still An Error Page
Sometimes, due to a PHP error, a Joomla Extension can stop working and, without displaying an error, lead you to a blank page.
In that case, to find out why, do following:
- Check server error logs (not access logs) if you have access to them. (cPanel or other control panels often allow this)
- Go to Joomla Administration → Global configuration and enable Error Reporting to Maximum, you can also turn on debugging. – try the action again – if you still get a blank page then goto 3
- put the following code at the END of the configuration.php file BEFORE the closing ?>
ini_set( 'display_errors', true ); error_reporting( E_ALL );
- Check the source of the white page – there might be still some HTML/Errors in the Page Source (Look in your web browser for the “View Source” option)
One of these should give you a nice detailed error message – which you can either email me directly or Google to find a solution
Remember this: A White Page is just an Error Page where the error message has been suppressed by your configuration.
Help my site is offline and showing an error!
Or worse, just a blank page!
Dont panic! Dont make it worse! Just request our help and we will get you up and running as soon as we can, nothing is impossible, although some things take a bit longer . Relax, Sit back, and await our resolution.
This is a pay per incident service, our normal set fee is GBP£50 to cover an hour of work on your problem. If we dont fix it then there is no fee payable. Can’t be fairer than that!.
OpenId and Joomla 1.5.1
I don’t often write about OpenId, although its something I love and have a lot of experience with
It appears that Joomla 1.5.1 has problems with OpenId authentication, well not really, the OpenId authentication is not the problem, the problem is in Joomla core.
We have tested SVN revision 10044, and the following problems were identified:
- The RegEx for a Username does not allow a hyphen in the username – meaning an OpenId of www.phil-taylor.com would be invalid. This is because Joomla uses the OpenId Url as the username.
- The frontend login module, html element for the login areas “username” field was inconsistant with the Javascript that powers the OpenId switcher
- The backend admin login module, The html element for the login areas “username” field was not the same for the frontend and the admin login – causing confusion in openid.js
- The “Save” in user manager fell over with the hyphen as well.
- The login page, when viewed through the com_user component did not allow/display OpenId login option because of JS issue again.
Well I have fixed all these problems today – and I am providing this patch file (OpenId Patch for Joomla 1.5.1 SVN rev10044) to anyone who wishes to get OpenId working. Remember it was developed on SVN Rev 10044 and may not work on earlier revisions, although it is easy to manually view the patch file and apply the differences.
Maybe someone from the core team would like to get this patch reviewed by the JBS? and applied to the core.
Discussion on this can happen at this forum thread on joomla.org
So what am I left with after this path?
- I can now login to the front end of Joomla 1.5.x SVN rev 10044 with my OpenId of “www.phil-taylor.com” using the login module or com_user component
- I get auto registered as a “Registered” User, with my real name provided by my OpenId profile
- I can login to admin (using normal credentials) and promote this openid user to a superadmin
- I can now login to the backend end of Joomla 1.5.x SVN rev 10044 with my OpenId of “www.phil-taylor.com”
Cool eh? I think so!
Opps mosDirectory v2.5.1 released ;-)
In our ecitement to get v2.5.0 out the door we made a small mistake – Opps – which meant mosDirectory users were left secure from the recent exploit, but unable to edit listings 
We have quickly fixed this and now the download of mosDirectory available at myJoomla.com is now v2.5.1 (The only file changes is admin.directory.php, oh and the version number in directory.xml)
mosDirectory v2.5.0 Released – A Security Upgrade!
The Bad News:
It has come to our attention overnight that an exploit for earlier versions of mosDirectory has been published on the internet. We have tested this exploit and can confirm that all versions of mosDirectory are affected.
We have personally emailed all customers who have purchased mosDirectory over the last three years.
The Good News:
We have worked hard this morning to secure mosDirectory from this exploit and we have just uploaded and released mosDirectory v2.5.0 which fixes all known problems.
YOU MUST UPGRADE TO mosDirectory v2.5.0 AS SOON AS POSSIBLE – to avoid your site being compromised.
The code of mosDirectory was written several years ago (Three in fact) and since then our experience and security levels have increased significantly in this area. The reported exploit is in code that was written three years ago and has never been identified as a problem before today.
We trust the quickness of our release of mosDirectory v2.5.0 after the confirmation of the exploit assures you of our dedication to your sites security! (Lets see Microsoft patch files within 4 hours of a bug report )
You can download the latest version from https://secure.myjoomla.com
To upgrade, just uninstall the component, and reinstall the new one, no data is lost in the process.
Fireboard Conflict With JoomlaKB and JoomlaTags
We have become aware this week of a minor conflict between Fireboard and JoomlaKB & JoomlaTags (Well any component running through our bfFramework) when running both in Joomla 1.0.x (i.e. NOT Joomla 1.5)
We have identified the conflict and have found a very simple solution, we are busy automating the process of fixing this conflict so that it is easy to fix on your sites.
The error is:
Fatal error: Call to undefined function jimport() in components/com_fireboard/fireboard.php on line 204
The root cause is that our bfFramework is designed to work on Joomla 1.0.x and 1.5.x platforms with the same files, to do this we confuse our code into knowing what version of Joomla it is hosted within. The problem is that the way we do this confuses Fireboard into thinking it is actually in Joomla 1.5.x and therefore fireboard gives an error saying it cannot call function “jImport” (Which is a Joomla 1.5.x function).
The quick fix for this is to force fireboard into knowing it is in Joomla 1.0.x
Here is the patched Fireboard File
Download this file, extract the zip, and upload the fireboard.php to /components/com_fireboard/fireboard.php