Joomla Version Info, Security Tips and Changed Upgrade Items
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
* Updated 06/04/2009
* If other mods update this post, please note the date here, thank you!
This topic is meant to offer current links to Joomla version and security info. Please don't hesitate to look further into anything security related and make use of some of the tips provided here.
Get Joomla Security News by Email or RSS here! - the feedburner link for up-to-date information on Joomla Security News.
Basic Joomla Info
Security Specific
Joomla Add-ons that are a must have:
Security Checklists - a should read for everyone:
Joomla Version Specific Info
1.5.10 Saturday, 28 March 2009
Release notes listed last time I checked (please check for yourself though as there could be more updates):
RocketTheme Templates this affects have been updated as of March 30, 2009.
The Unofficial list of affected templates is: Mynxx, Akiraka, Mixxmag, Meridian, Akiraka Essentials.
1.5.9 Saturday, 10 January 2009
Release notes listed last time I checked (please check for yourself though as there could be more updates):
1.5.8 Monday, 10 November 2008
Release notes listed last time I checked (please check for yourself though as there could be updates):
1.5.7 Tuesday, 09 September 2008
Release notes listed last time I checked (please check for yourself as there could be updates):
Other Infos:
Suggested Programs:
Notes to keep handy:
- Last Edit: 8 years 4 months ago by Kat05.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Changing the "Forgot Password" and "Forgot Username" links from the Joomla core links to Community Builder (CB 1.2 RC2 +) links.
The upgrade package for Joomla to 1.5.7 includes and will overwrite one of the files that these changes were made in, so if you've upgraded recently to 1.5.7+, please check into it.
Here's the files and code changes to include the Community Builder links instead of the Joomla links (I try to keep the core link structure and allow for Joomla or any other SEO plugin to handle the url rewriting. Including the already abbreviated url here may cause this to break later if you ever change components or with future upgrades.):
In components/com_user/views/login/tmpl/default_login.php replace lines 53 and 57 with the following (the only change in these lines from the core is the link):<a href="<?php echo JRoute::_( 'index.php?option=com_comprofiler&task=lostPassword' ); ?>">
In modules/mod_login/tmpl/default.php replace lines 49 and 53 with the following (again, the only change in the lines is the link):<a href="<?php echo JRoute::_( 'index.php?option=com_comprofiler&task=lostPassword' ); ?>">
Hope this helps!
There was no change in these files from the upgrade package 1.5.7 to 1.5.8 - Last Edit: 15 years 5 months ago by Ben Lee.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
I posted a thread on how to customize your Admin template with your logo and with a more custom footer. If you are a Rockttheme member, you have access to it here:
Admin Template Alterations
.
In the upgrade package from Joomla 1.5.7 to 1.5.8, two of the files are included and will be overwritten if you don't change them. The two files are:
administrator/templates/khepri/cpanel.php
administrator/templates/khepri/index.php
Please check the above thread for details on how to do this if you are interested.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
If you're interested in security of the new release and why you may have noticed some problems with it, here's a few links to the main Joomla site where they track these issues. Sometimes there are changes that need to be made between releases and the Joomla group is now posting these in a very easy format.
The Joomla 1.5.8 info
Withing this page you'll notice a "Release Notes" section that has links to any changes and explinations of the current release.
Joomla 1.5.8 Post-Release Notes
This link lists any known issues since the release and also has solutions and explinations.
Why don't contact images display correctly in version 1.5.8?
This explains the first issue with the code and the solution is posted. If you look closely at the solution, you'll see that the only change was one to many "/" in the link. Probably why they post solutions here instead of dedicating an entirely new release to this issue.
Why does some HTML get removed from articles in version 1.5.8?
You may have noticed that when you're inserting any html tags into articles that always worked before might not work now! Here's an explanation of why and it also includes a link to the particular feature description that it's affecting.
I hope this type of thread is helpful to some of you out there and I hope to see more posts about security issues dealing with the core of Joomla. I for one have started to make a HUGE effort to keep sites 1.5 Native at all costs and if I have to hack any code, I make specific notes to myself and include them in a readme.txt file kept in with the backup folder of the site. I also pay attention to what code changes are made to the core if any of my adjustments are conflicting with it.
I make it a point to abuse the effort and generosity of the Joomla core by taking advantage of all the suggestions they make. I think you'll find that they want you to do the same.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
An easy way to stay up-to-date with the newest security releases for Joomla is to subscribe to
Joomla Security Announcements
And the Joomla Security Forum has some great Announcement posts by Brad of the Joomla team. He has posted a great deal of links and solutions to nearly every security help tip as well as how to prepare for recovering from hacks.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Edit: More Info Here -
(HOW TO) SSL, htaccess, and Menu Setup for Joomla
Updated Feb. 17, 2009 to add link to new add-on for adding or taking out www.
I saw this plugin linked to by Damo and it looks promising. Be careful when installing it and read the directions because it may make your site unreachable if it's not configured right and you'll have to follow a specific process to gain access again.
SEO Canonicalisation Plugin Plugin
Upgrading from Joomla 1.5.3 and before to 1.5.4 and after includes a new .htaccess file. If you've made changes to your .htaccess file, be sure you not them and then compare them to the new one. Remember that there is a new .htaccess file to increase security so take note of any changes and don't just simply use the old one.
Many of you like to have the url revert to either no "www" or to include the "www". Here's a change that was quoted from another post here on Rockettheme that includes instructions on how to do so:
Thanks to Djamil for this solution!Djamil Legato wrote:Ajax cannot performs remote requests, so if your server is not configured to redirect from domain to "www." or vice-versa, Chromatophore will consider as valid URL the $template_path you've configured.
To make it redirect, I'd suggest to try adding at top of .htaccess in the root directory (if already exists) or create it as new and add one of the two following options, based on your need:
1. Redirect from domain to www.domain :RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} !^www.domain.com$ [NC] RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
2. Redirect from www.domain to domain:RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} !^domain.com$ [NC] RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]
This is also another line in the .htaccess file that may need to be commented out or uncommented depending on your server configuration. You may have to try it both ways.## Can be commented out if causes errors, see notes above. Options +FollowSymLinks
Lastly, if you're adding image or file directories and you want to make sure that people can't just browse the directory view by visiting the url pointing to the folder, include an index file that leaves them looking at a blank screen. Use this in cases where you might be uploading several directories through ftp instead of using Joomla's media manager.
Name the file index.html, include the following lines of code, place it right in the directory, and that's it:<html> <body bgcolor="#FFFFFF"> </body> </html>
This will show a blank white screen instead of a directory listing.
-
-
-
- Joe Halleck
- Preeminent Rocketeer
- Posts: 5480
- Thanks: 66
- Never give up!
-
Good infos here.
- Magento - phpBB3 - Kunena - RokBridge Specialist
No Secure Tab posts unless requested.
Use the Thank You and Life Preserver Buttons!
Your signature is also great place for setup details...help us help you!
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Thanks Joseph, I hope to keep adding to it!
2 Must have extensions to be more secure and to protect yourself in a worst case scenario!
jSecure Authentication
Please read my notes here.
This is a plugin that lets you hide the administrator login page by using a keyword. If someone tries to go to yoursite.com/administrator they will get redirected to an error page or back to your homepage. You set the keyword to whatever you want and then visit yoursite.com/administrator/?keyword to get to the admin login.
This plugin is currently at version 1.0.5 and I recommend keeping on top of what version you're using as you always want to be up to date.
In version 1.0.5 using it on a Joomla 1.5.8 install, I had to trick the settings to make it redirect to the homepage. Using the build in setting to redirect to the index page causes an unending loop that firefox will pick up.
To get around this, choose to have it redirect to a url of your choice and delete everything in the url text box making sure it's completely blank...no spaces. Hit save. If you visit it again, you'll notice that the default text url is back in that box, but although it shows there, it wasn't saved in database.
JoomlaPack - AJAX powered backup and restore
This is a very popular backup component for Joomla that you'll see suggested by many people on this forum. It's easy to use and backs up the entire site to an installable zip file. Or, you can just backup the database.
About security and this component:
It will allow you to store the backup files on your server which is nice...unless someone gets a hold of them. The best practice for this is to run the backup, then it will let you download the backup. Once you download the backup on to your computer, delete the server side one. You can do all this from the admin control panel so it's really easy.
You can also set this to store your backups in a file above your Joomla install in your directory structure which is a good idea if you're going to keep the files on the server.
Lastly, people have asked me to look at their sites because they couldn't figure out why they had 20 pages and a 5 Gig site? They were keeping every backup they ever ran. They just hit the backup button and never even cared to see where it went. Keep track of this and clean out the directory. You don't need 60 backups. Maybe one a day for the most recent 1 or 2 weeks should be sufficient for an active site. If you have a site that you never change once it's up, 1 or 2 backups is fine.
Lot's of components out there that make things easy...just be sure you use them responsibly!
Additional info from a Rockettheme Mod:JEM618 wrote:If you don't use a software solution to make back ups of your site, you can at least do the following if you have access to a CP with your host:
A) Create a new folder. For future reference it helps to have a date, something like my_site_11.17.08
Copy your Joomla folder, or the contents of it to the new folder.
C) Archive the folder and downloaded it to your local machine.
D) Through your CP, access MySQL and back up the database. Doing so will automatically download a copy to your local machine.
Do this on a regular basis.
How often depends on the content of your site, if it doesn't change much, than weekly or bi-weekly should be enough.
I guess a good rule of thumb is to decide how much data you're willing to lose in a catastrophe; while restoring from a back up on a static site may mean only having to replace a add a few articles, on an active site it could be a nightmare.
You should also back up your site before or after any major changes; upgrading a version, adding components, etc. - Last Edit: 15 years 5 months ago by Ben Lee.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
How do I set up Joomla to make it more secure?
This is a must read link with a very good set up checkpoints on how to make your Joomla install more secure. Everyone should check this out at least once.
Security Checklist 4 - Joomla Setup
Here is the whole list of security checklists. If you have the time, it's worth the read:
Security Checklist 1 - Getting Started
Security Checklist 2 - Hosting and Server Setup
Security Checklist 3 - Testing and Development
Security Checklist 4 - Joomla Setup
Security Checklist 5 - Site Administration
Security Checklist 6 - Site Recovery
This is also a great place to start if you've been hacked. However, if you study up on this stuff, even just a little bit, you'll greatly reduce your chances of the worst happening.
-
Time to create page: 0.076 seconds