Joomla Version Info, Security Tips and Changed Upgrade Items
-
-
- Joe Halleck
- Preeminent Rocketeer
- Posts: 5480
- Thanks: 66
- Never give up!
-
WinSCP is the best SCP client on Windows and it is FREE!
I have used it for years. - Magento - phpBB3 - Kunena - RokBridge Specialist
No Secure Tab posts unless requested.
Use the Thank You and Life Preserver Buttons!
Your signature is also great place for setup details...help us help you!
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Using Cpanel and phpMyAdmin in a secured environment.
If you're not a total guru at this stuff and just use the links your host has setup for your Cpanel connection and phpMyAdmin connection, you might want to read this post to figure out how to make sure you can use a secured connection.
Hosting has become a very lucrative pyramid scheme sort of business due to the ability of computer code to be written in a very useful but deceptively recursive fashion. Most hosts out there are reseller hosts...even the biggest ones you can think of. If fact, you'll find that most hosts even resort back to one large hosts that hosts over 22,000 of these hosts. Then these 22,000 hosts each have the ability to resell hosting accounts meaning this number grows exponentially. Visit whoishostingthis.com and enter in your domain name to see if your host is actually hosted by another larger one.
When this reselling upon reselling happens, you lose your ability to login to your Cpanel and phpMyAdmin accounts using a secured certificate. The reason for this is that certs are expensive and they are needed for every domain out there. 99% of the time a host has a single domain name assigned to an overall server account and then everyone elses domains are served from there. The host also usually has this covered by an overall SSL certificate. This means that if you are able to use this domain name instead of your personal one, you may be able to use the cert under the https protocol.
When you visit your Cpanel, check your browser address bar to see if it registers as a secure site, you should see a lock or different color behind the favicon, and then click those to see more information to make sure it's registering a true certificate. If it's not, you can email your host and ask for the overall domain name or link to login to your Cpanel area. Once logged into your Cpanel area through https, the links within, including MySQL and phpMyAdmin links, should follow with the https.
If your host tells you that you need to purchase your own certificate or that they cannot offer this, you might want to consider changing hosts. The reason for this is that most of the software out there used for hosting environment setups uses the same basic structure. This means that every person on the hosting server with an account can visit the same url and the only reason you get to your account instead of someone elses is the difference in your username and password. This means that everyone can already know where the login area is, so encryption of usernames and passwords is that much more important.
If you are a reseller host, feel free to PM me with more details on setting this up for your customers. Especially if you're using WHMCS.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Joomla 1.5.9 is out and involves security updates.
Here's the link to the main J 1.5.9 update page:
Joomla 1.5.9 released
Here's the link to the Post Release notes:
Post Release Notes for J 1.5.9
It's always a good idea to check these before you install or upgrade as you may be able to avoid some issues.
Here's the issues posted as of January 11, 2009:
Why doesn't OpenID work with version 1.5.9?
Why doesn't the Category List Filter field work?
Read through these Post Release notes as they will help you to avoid two unnecessary headaches.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Extraction Utilities
So I'm strapped for cash most of the time and that means that when I "shop" around for utilities I may need, I lean towards the free side rather than pay side.
I have a PC running Vista 64 and needed a better file extraction utility but didn't want to pay for one. I found out real quick that all utilities are not created the same. Through my experience with several out there on the market, the best one so far is 7-zip.
7-zip is a windows utility...if a Mac version is out there, one of you Mac guys chime in here...and it can be downloaded here:
7-zip.org
I was using Al-zip before and kept getting errors extracting RT source files and found that 7-zip was the best solution.
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Forms and retrieving database info.
I've needed a forms utility and had a hard time finding one that could do what I wanted. I came across ChronoForms and was very happy with the final result.
I've included a tutorial of their forum of how I went about creating and then accessing my form, database table, and then an editing form for it.
Forms and Connectivity Example start to finish!
It's the basics only, but it worked efficiently and also adopts the font and css styles of Rockettheme templates.
-
-
-
- Twisted Networx
- Sr. Rocketeer
- Posts: 169
- Thanks: 0
-
This is probably a dumb question, but what the heck...
Should I upgrade to 1.5.8? I'm running 1.5.2 now...it's what I inherited. I have the site pretty solid now and running how I want it to...blog and forums to as best as possible. thinking of upgrading, but don't want to screw anything up...suggestions? Again, for those that don't know...I'm REALLY new to Joomla...just started with it like 5wks ago!!
Thanks,
Brandon - Best Regards,
Tommy Jordan
Twisted Networx
twistednetworx.com
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
It is always best to stay updated. If they discover just a couple security vulnerabilities, let's say 2, per update, and you're running 1.5.2 verses 1.5.9, then you've opened yourself up to 14 security vulnerabilities now. The other thing to consider is that once a security vulnerability is known and then the fix is posted, it becomes that much more well known to anyone looking to attack a site. So now everything that has been discovered that makes your site vulnerable, is common knowledge to anyone with the "know-how" to carry out a distructive or abusive action.
When it comes to updating, always make a backup of both your database and all your site files. Previously in this thread I mentioned the backup component Joomlapack that is highly recommended. After that, set up a test area where you can have your entire site installed and then perform the backup on the test area. Now test, test, test, and see if everything is still working.
Finally, after you've tested things and things look good, perform the updates on the live site...AFTER HAVING BACKED UP YOUR SITE ONE LAST TIME!
Also, keep in mind that any add-ons usually get updated as well. Many of the hacked sites out there were hacked by means of an add-on rather than the actual Joomla core system. The procedure is the same for updating add-ons.
-
-
-
- Twisted Networx
- Sr. Rocketeer
- Posts: 169
- Thanks: 0
-
Hi,
I get an error message every time I try and back up my site. Is there an addin or something that is easier to back up the site with? What frequency should I back up my site...daily, weekly, etc.???
I'm considering upgrading my version of Joomla...however, I've not been able to find good "novice" instruction on how to do this...anyone? Also, will I have to in successive order? 1.5.3. - 1.5.4. etc...??
I was wondering why I'm still getting bots...very few now that I've reconfigured my forums. But I still get some registering on the frontend it seems...is there a login captcha or something that I should have there. Visit my site: www.vmwusa.org . Right now, you fill out a form to register and have to click the link to activate your account, however, I still get bots this way...what?? I thought that was supposed to prevent this?
Lastly, most of these bots are foreign ones...is it best to ban the IP and email i.e. *@corbina.net or is there some other setting that I'm supposed to set up in my forum? Also, the forum moderators are supposed to get the post BEFORE it posts to the forum, but why isn't this working? Is there a special setting I'm supposed to fix?
Sorry for all this, but I'm VERY new for those that don't know me...I just started with Joomla 5wks ago!!
Thanks for the help!
Brandon - Best Regards,
Tommy Jordan
Twisted Networx
twistednetworx.com
-
-
-
- prim
- Preeminent Rocketeer
- Posts: 17290
- Thanks: 217
-
"I'm considering upgrading my version of Joomla...however, I've not been able to find good "novice" instruction on how to do this...anyone? Also, will I have to in successive order? 1.5.3. - 1.5.4. etc...??"
Just go to this site and check the patch versions
joomlacode.org/gf/project/joomla/frs/ - Please reply with a direct link to the issue & create a new thread for each new issue.
A template is only as good as the content that goes into it
- DanG
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
Check this that is on the first page of this thread for the backup utility:
http://www.rockettheme.com/forum/index.php?f=92&t=46753&rb_v=viewtopic#p243903
Backup rule of thumb: Run backups often enough so that if you need to use a backup to reload your site, you have enough information recovered to keep you happy. If your site is updates often like a very active forum, maybe update that database daily. If you load your template and content into the joomla site once and you're done, you only need that one backup.
I've been making posts in this thread that include links to Joomla's directions for updates of each version. Here's the post just above here for 1.5.9:
http://www.rockettheme.com/forum/index.php?f=92&t=46753&rb_v=viewtopic&start=30#p265005
Here's Joomla's directions for updates:
http://docs.joomla.org/Upgrading_1.5_from_an_existing_1.5x_version
Really what you're looking to do is find the correct update package, unzip it, and FTP it over your site files overwriting the old ones with the new ones.
prim wrote:
-
Time to create page: 0.075 seconds