Many Many more Joomla based sites are being hacked daily at the moment – and ITS NOT JOOMLA’s fault!
Firstly let me say the sites were NOT hacked through Joomla! They were all hacked through Joomla Custom Components!
If you are running Joomla 1.0.10 then there are no known security holes in that version!
extCalender • OpenSEF • phpBB Forum (com_forum) • SimpleBoard Forum • VideoDB • Mambo-SMF Forum • LoudMouth • PollXT • HashCash • perForms • Google Page Rank Module • BSQ SiteStats • MultiBanners • MiniBB • New Article Component • Advanced Poll • JomBok • ArtLinks • PCCookBook • Mambo/Joomla SiteMap (Custom Component) • Galleria • com_spray
I write this to inform you of thiese facts, and also to let you know, as our customer, that none of the components on www.phil-taylor.com have been hacked or used to hack Joomla websites! Yippee!
You should really only install components from TRUSTED sources, from developers that you trust!
Again, ALL COMPONENTS ON PHIL-TAYLOR.com Have been HACKER SAFE certified! And have no known security issues (At this moment in time ) As experts in Joomla development we take pride in checking our components with an industry standard (expensive!) scanning solution used by the big players worldwide!
We have fixed over 50 hacked sites for new customers worldwide in the last 7 days!
Fix My Site is a very unique service offered by Phil Taylor.
(This is a fee per incident based service, no contracts and no strings involved!)
Fix My Site puts a very experienced and knowledgeable Mambo and Joomla expert at your fingertips when things go wrong on your site. For a set fee, you can have Phil Taylor (Or one of our other experts) login and take a look at that problem that has causing problems on your site.
See our site at http://www.phil-taylor.com/FixMySite
ONLY TRUST THE EXPERTS! – Beware of some other help sites that simply repair your site without giving advice on how hackers gained access or how to prevent further attacks. We are not just Joomla experts, we have huge amounts of experience in this area and can draw on this experience to provide the very best solution for you.
You have been warned!
If you want to stop hackers and do information security as a career, consider information assurance training.
As I have been doing a lot of posts recently it came to light that somehow our template disabled the commenting features on the blog. We have fixed this and now you can leave comments on the blog posts
There has been much discussion lately about how to prevent spambots from submitting forms on web sites. Many solutions have been presented, many of which impact the usability and accessibility of the web page. CAPTCHA is a classic case where the user and accessibility is directly impacted.
We do not have, and never will have, CAPTCHA support in Joomla Forms!
Why not you might ask – well simply because CAPTCHA is easily defeated – even the professionals, Google, have had their own CAPTCHA defeated!
Also they are just a pain – sometimes you cant even read them let alone copy them! Because CAPTCHAs rely on visual perception, users unable to view a CAPTCHA (for example, due to a disability or because it is difficult to read) will be unable to perform the task protected by a CAPTCHA.
Look at these links for more reasons…
There are really only a handful of good solutions for dealing with spam:
1. Dynamic Rules Engine – This is what we use for Joomla Forms. It’s a set of rules and scores that validate content as it comes in that is designed to change/adapt/grow as the spam changes. We also use sessions, hidden fields, and other “secret” methods.
2. Bayesian filters – Really only useful if the spam follows patterns. Unfortunately the type of spam seems to constantly be changing so a Bayesian filter isn’t really a great solution.
3. SPAM Services – There are companies popping up that offer web services that implement #1 and can help identify whether or not something is spam or ham (http://akismet.com is one such example). In Joomla Forms you have the option to use the Akismet API to check your submissions (Simple toggle switch! no complex programming required!)
4. IP Address Blacklists – This is sometimes useful and therefore we have implemented it in Joomla Forms. If the submitters IP Address (Which can be spoofed) is in one of 3 black lists (like spamcop.net) then the submission is rejected. This requires Joomla Forms to ping the databases to check the IP Address and its spam status.
5. Tokens – Having a “token” in the form submission can help with spoofing attempts – Joomla now does this so we also do it our way in Joomla Forms.
I hope this short blog post reassures you that we take form spam seriously in Joomla Forms. We have not discussed all our ways of defeating spam – for obvious reasons – but we hope you like what you see!
Tomorrow: Submit a file – see if fly!
Today we uploaded our latest component (com_vote) which is a Feature Request Tracker for multiple projects. This is a component that we needed for our use and will soon be released for download to the public. However before we let it loose we want to thrash it, abuse it and allow you to use it to provide us with feedback on the features you want to see in our components.
Please visit the Feature Request Tracker and enter all your Feature Requests for our components. This might be things like multipage forms in Phil-a-form or related items in KB – what ever it is please add it to the tracker.
While you are there please vote YES for the features you most want and vote NO for the features you think should take a back seat.
More features are already in the works such as being able to sponsor the development of a feature, leave your comments on a feature, subscribe for updates ona feature, etc..
This component is not yet stable, and features are being added (to the actual component) as fast as we can for our own needs. Already this component has been requested several times and therefore we have made the current SVN version available for purchase for early adopters only. This component is compatible with Joomla 1.5.x and Joomla 1.0.x
So please add all your feature requests as soon as possible for possible inclusion in the next versions of your components!
Since our move to Jersey last year we have been renting out our home in Tewkesbury. Now our tenants are moving on (back to their flood damaged, and now repaired home) our property is now available again.
A beautifully presented double fronted detached house on Saxon Park offered for let with four bedrooms (En-suite to master) plus seperate family bathroom, two genuinely seperate reception rooms and an 11′ square fitted kitchen/breakfast room with adjacent utility.The property occupiers a good size plot with a sunny landscaped rear garden, rear access to garage and off road parking.Viewing Highly recommended
The property is in Saxon Park, Tewkesbury – Just off the M5 motorway Junction 9.
All enquires should be made through our local agent,
We are gearing up to release a new component, and some huge bug fixes to Joomla KB and Joomla Tags – we have already warned you in advance that we will only be supporting PHP5 in the future (in line with a load of other projects) and this blog post is a reminder that Joomla KB and Joomla Tags (and anything new we release in the future) will be only capable of working on a server with PHP5 installed.
mosDirectory, Phil-a-form and mosListMessenger will continue to work on PHP4.x and will only have bug fixes applied to them (using PHP4 syntax).
We will make this fact clear on the buy now pages for these components – and we will ~NOT~ be providing refunds to existing customers or new customers if they are not running PHP5 – Why you may ask? Well Official support for PHP4 ended a long time ago and community support for PHP4 is ending this year – PHP6 will be released soon and its time we all moved forward – Please google this change if you want to see what others are saying on the subject. Moving to PHP5 we are in good company !
To check what version of PHP your server is running – you can go to System Info in the Joomla Admin console, and then click PHP tab – the version number is in there – you need at least PHP 5.2 in order to run Joomla KB and Joomla Tags.
Ok so this older news now, but I forgot to publish it to my blog for my loyal followers to read
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.3 [Vahi]. This release is earlier than scheduled in order to correct a database name validation error introduced in 1.5.2. It has been a month since Joomla! 1.5.2 was released on March 23, 2008. The goal is to provide regular, frequent updates to the Joomla! end user community containing the latest bug fixes and minor enhancements.
Brian Teeman has just raised an interesting point…
A while back we (re-)introduced live chat direct from the admin console of Joomla Knowledgebase and Joomla Tags. The service provider we selected was liveperson.net – a very well known and trusted company that provides realtime chat. We implemented they custom live chat buttons and invitation service to speed up our response times to support requests.
Live chat in extension administrator has been a great tool for our users and we chat to many of you throughout the week. We also use this on our website like millions of others do.
The liveperson code pings liveperson to see if I am online and logged in ready to chat, if so it displays a chat image relevant to my availability status. Having investigated this in the light of the recent CSRF vulnerbilitys discovered in Joomla, we have decided to withdraw the feature from the admin console of all our components as the image is loaded from the liverperson server (which should not be assumed to be safe – although probably is). In theory, this embedded image could be used to launch a CSRF attack on a logged in Joomla admin. Although it is important to point out that Liveperson’s servers daily pass the Hacker Safe certification. (As do our servers)
WE KNOW OF NO SUCH USE OF THIS TOOL AS AN ATTACK – But we want to be safe, not sorry
Furthermore, The liveperson software not only allows us to chat to you in realtime, but (unfortunately as a side effect) allows us to see when you on the admin page of our component when it is installed on your site. This doesnt give us any access to your site, just a few details like the domain name, and web browser used. All communication to liveperson.net is over SSL and is secure.
With immediate effect (sometime later today) we will be re-releasing Joomla Tags and Joomla Knowledgebase with removed chat integration. This will remove all traces of the liveperson.net code from our components.
If you are concerned about this, and If you would like to immediatly remove the chat integration you can follow these instructions and live chat will be disabled on your site.
It has only been 4 months since we reintroduced this, and not one person has complained, but we wanted to pre-empt upsetting anyone. In an effort to provide the best support we can, we are always looking for great ways to interact with our customers….
… With that being said, I am working on a cool new component, for exactly that purpose, for getting feedback from customers on exactly what they want, what features they want to see in our components (and what they dont want to see) but more on that later…
If you are a developer like me, who struggles with regular expressions then this blog post is for you.
I stumbled upton this online regex tool which lets you evaluate regex expressions in several languages (including PHP PCRE and PHP POSIX) with instant results. You can choose which functions to use, such as match, match all, replace, split etc. It also offers some basic help and hints. It’s really handy when working on those painful expressions.
It also uses neat Web2.0 ajax to give you a realtime view of your expected results
The special offer has now ended – all prices are back to our standard prices
To hear about the next special offer before anyone else please ensure you are on our mailing list: