Lightquick Web Design - Elements of the past and the future combining to make something not quite as good as either

LightQuick Web Design - Latest News

We have just finished a new web shop for Goodwood Antiques at goodwoodantiques.co.uk. The shop features a Joomla CMS front-end using a traditional template from Joomlashack. The on-line shop is provided using the well-respected & integrated Joomla shopping cart Virtuemart. Goodwood Antiques has a unique product range of champagne and wine racks.
You are here:Home arrow Blog!
  • Decrease font size
  • Default font size
  • Increase font size
Blog!
Facebook like this button for Joomla 1.0.15 content items PDF Print
(1 vote)

Share this!

facebook-example.jpgWork continues apace for those that want the new Facebook like this button for Joomla 1.0.15. See it working beautifully just here, click on it to test!  ---->

(If you are viewing this page on it's own then you'll see the FB like box generated using the xfbml method, if you are viewing this page as one amongst many on the blog then you will see the old FB share icon)

The older method of sharing a page using the small facebook F icon is now facebook.pngdeprecated, ie. obsolete as Facebook don't want you to use it and most likely they will turn it off some time in the future. However the old version works for the moment and it is easy to use and easy to implement. You can see it in use here on the left on this image of a Joomla blog article.

The new method of inserting a Facebook Like this link requires use of the new Facebook API to generate the buttons automatically placing them anywhere on your page in the desired format. This sounds fine but in fact is reasonably difficult to set up and difficult to implement. You need to register an API key for your site and then you will need to install a new mambot. This mambot needs to create a set of og: property tags that define the page characteristics so that Facebook can pick them up and display them properly. Finally the plugin drops the Facebook code on the right place on the page. You can add the facebook like button anywhere you want on the page by using some facebook tags { facebook } { / facebook } (but without the spaces...) See an example here: Share this!

The facebook bot has been modified to have the choice of using the old share.php method as well as the new iframe/xfbml methods of dropping the Facebook code on the page. It now generates the correct og: and fb: property tags. It now generates several of the main tags, the essential ones for Facebook are og:url, og:image and og:title, the others are all optional though they may be a requirement in the future.
The facebook like this mambot works on joomla 1.0.15 content as well as with jdownloads 1.4, virtuemart 1.0.15, com_bookmarks 2.6 and frontpage content. If you look at the page source of this page (view - page source in Firefox) and have a look at the og: property tags you will see them in a similar fashion to that below:

 

<meta property="fb:app_id" content="11111111" />
<meta property="og:type" content="article" />
<meta property="og:site_name" content="Lightquick Web Design - 
High Quality, Low Cost" />
<meta property="fb:admins" content="admin ID" />
<meta property="og:description" content="Work continues apace for those 
that want the Facebook button for Joomla 
1.0. The older method of sharing a page using the small facebook icon is
now deprecated, ie. Facebook don't want you to use it as they will turn
it off some time in the future. However it works for the moment and it 
is easy t" />
<meta property="og:title" content="Facebook like this button for Joomla 
1.0.15 content items" />
<meta property="og:url" content="http://lightquick.co.uk/facebook-like-this-
button-for-joomla-1.0.15-content-items-2.html" />
<meta property="og:image" content="http://lightquick.co.uk/images/stories
/facebook-example.jpg" />

As you browse this site you will see that parts of the site are still using the old version of the Facebook share.php with the old 'F' button, this is because the old button still works best on blog pages.

The og:image tag has been awkward to implement as it required the bot to get an image from the page. Which do you choose, the first, second, third or last? It is easy enough for virtuemart as there is only one thumbnail image but for jdownloads and other content it is difficult to decide which and difficult to get the image chosen. However, it is done now and it selects the first image.

These changes have required a new version of the facebook mambot that we previously created for Joomla 1.0.15/Joostina 1.2.The old version just gave you the old share this button, the new version caters for the new functionality.

The two new methods iframe/xfbml are both catered for, however the xfbml method requires that you insert the JSDK code. We have also created another mambot that drops the SDK code in the right place. This allows you to use Facebook tags such as these within your pages.

< fb : like send="true" width="450" show_faces="true"> (no spaces)

As well as the two new mambots this FB button functionality also requires changes/hacks to the following files:

/public_html/includes/joomla.php
Changes made here to J1.0.15 allow creation on new meta 'property' tags.

/public_html/administrator/components/com_virtuemart/html/shop.product_details.php
Changes made to VM1.0.15 to allow the facebook mambot to displa/y and operate on virtuemart product items.

/public_html/administrator/components/com_virtuemart/html/shop.browse.php
Changes made here to VM1.0.15 to allow the facebook mambot to display and operate on virtuemart category descriptions.

/public_html/components/com_jdownloads/jdownloads.html.php
Changes made here to allow the facebook mambot to display and operate on mambot-controls.jpgjdownload 1.4 items.

I will include these changes as part of the package for both Joomla 1.0.15 and Joostina 1.2.

Note: Joomla differs from Mambo and Joomla 1.5 in that Joomla 1.0.15 allows mambots to operate on the text content within custom HTML modules. This means that the facebook buttons will pop up unexpectedly in module positions too. If you don't want this you can configure the mambot to remove these.

The new version of the mambot differentiates between blog pages and articles. If you are reading this article on the blog page you will notice the old blue 'F' button which shares the page using the old FB API. If you are looking at the individual article: "Facebook like this button for Joomla 1.0.15 content items" then you will see the new Facebook like this button which uses the new API. If the page is a blog it automatically uses the old API.

Progress - 98%, need to document and then tidy the code for a little more elegance. It now works in all variations and all I need to do is a little more and it will be done and ready to package.

The following stuff to do to complete:

// https?
// canonical urls
//button combinations


This bot when complete, will only be available for Joomla 1.0 and Joostina 1.2. I won't be releasing it for Joomla 1.5+ as plugins like these exist already written by better programmers than me... I am not familar with J1.5 code at all.

The original (share only) bot is here to download - Facebook Share bot for Joomla 1.0 Note the version you can download is the old version that does not provide the new functionality it just implements a facebook share using the old deprecated method.

Note that there is a donate button on that download, send a donation and I'll give you the latest and greatest version of the bot that gives you the latest linking functionality. You can see the new version in action on this page, click on the like button top right and then check your own Facebook page. You will see the like this link there. See! it works! Joomla 1.0.15 is not forgotten.

The new version can be downloaded here: Facebook Like This button for Joomla 1.0.15 Version 2.0.

Recent bugfix - There was a problem with the xfbml method where the javascript code appeared too close to the beginning of the content and was being picked up by some SEO tools. These work by automatically replacing text in the window title and meta description. It was picking up the javascript code and placing it in these fields. This bug has now been fixed and the javascript is now appearing at the bottom of the article content.

This mambot might even work on mambo, a facebook like this button mambot for Mambo! now there's a thought... If you have a Mambo site and want to test version 1.0 or 2.0 then let me know and I'll give you a copy of the later version to try. 

Last Updated ( Thursday, 02 February 2012 )
 
How to redirect from a canonical to a non-canonical web address PDF Print
(0 votes)

Share this!
40340433_vicardick270.pngIf you have a lot of domains all pointing to one central domain then you might not want to have all those domains showing and instead you may want them to resolve to just one domain.

What I mean by this is probably best described by an example, you have:

mycrapshop.com
mycrapshop.co.uk
shopsthatarecrap4you.co.uk

and you want each to point to:

my-shop-is-crap.com

So if I type "mycrapshop.co.uk" URL into Chrome's search bar then you may want it to automatically show my-shop-is-crap.com.  Why would you want this? well, one reason is that in Joomla 1.0 & 1.5 site cacheing can cause problems when you are displaying cached pages for one domain when you are expecting another, both Joomla and the site visitor can become quite confused when a domain name changes from page to page.

You may well be buying similar domains as "real estate" to prevent others from stealing surrounding web estate or to cater for typing errors in domain names, my-shop-is-carp.com would be a good example in this case.

So, in host's your control panel you need to have one primary domain and the other domains are 'parked' on top. Then you find the .htaccess file in your root and you add the following redirect code after:

#
#  mod_rewrite in use

RewriteEngine On

#
# rewrite my-shop-is-crap.com (always ensure that canonical www is diverted to non-canonical form)
#
RewriteCond %{HTTP_HOST} ^www.my-shop-is-crap.com [NC]
RewriteRule ^(.*)$ http://my-shop-is-crap.com/$1 [L,R=301]

#
# rewrite mycrapshop.com
#
RewriteCond %{HTTP_HOST} ^mycrapshop.com [NC]
RewriteRule ^(.*)$ http://my-shop-is-crap.com/$1 [L,R=301]

RewriteCond %{HTTP_HOST} ^www.mycrapshop.com [NC]
RewriteRule ^(.*)$ http://my-shop-is-crap.com/$1 [L,R=301]

#
# rewrite mycrapshop.co.uk
#
RewriteCond %{HTTP_HOST} ^mycrapshop.co.uk [NC]
RewriteRule ^(.*)$ http://my-shop-is-crap.com/$1 [L,R=301]

RewriteCond %{HTTP_HOST} ^mycrapshop.co.uk [NC]
RewriteRule ^(.*)$ http://my-shop-is-crap.com/$1 [L,R=301]

#
# rewrite shopsthatarecrap4you.co.uk
#
RewriteCond %{HTTP_HOST} ^shopsthatarecrap4you.co.uk [NC]
RewriteRule ^(.*)$ http://my-shop-is-crap.com/$1 [L,R=301]

RewriteCond %{HTTP_HOST} ^shopsthatarecrap4you.co.uk [NC]
RewriteRule ^(.*)$ http://my-shop-is-crap.com/$1 [L,R=301]

The above rewrites are directed to a non-canonical form of the target domain, ie. a URL without the "www"
This is deliberate, here is an example as to why you might want this - if you have bought an SSL certificate without the www in the common name then it is essential otherwise you will get an error when visitors visit your shopping cart and try to checkout.




Last Updated ( Friday, 25 November 2011 )
 
Is Joomla 1.0.15 still secure? PDF Print
(7 votes)

Share this!

Joomla 1.0.15 is generally secure if your extensions are secure, you run on a secure server and backup regularly. At least that is my experience. Arguably more secure than a typical Joomla 1.5 site. Some of these fixes are easy to implement, some require some work and others may require capabilities that you don't currently have. Don't worry about that, just implement what you can and then return to accomplish the more difficult taskas as and when you have the necessary skills. We will be updating this page from time to time as new vulnerabilities are discovered.

Com_search Vulnerability 

However, Joomla 1.0.15 has two recently discovered vulnerabilities in the core code: The first is that the "ordering" parameter in a core module, com_search, is not properly sanitised and thus vulnerable to cross-site scripting. Using this vulnerability, attackers can compromise currently logged-in user/administrator session and impersonate arbitrary user actions available under /administrator/ functions. As the vulnerability is based on the core search functionality module, it affects all Joomla! 1.0.x based web sites.

antiquesafe01.pngExplanation: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007 (Wikipedia)

Solution: This vulnerability can be fixed - so, you need to make the following changes to search.php and search.html.php which fixes this problem.

components/com_search/search.php line 119 (approx.)
comment out these lines:

//$ordering = mosGetParam( $_REQUEST, 'ordering', 'newest');

//$ordering = preg_replace( '/[^a-z]/', '', strtolower( $ordering ) );

replace with these:

$ordering = strtolower( strval( mosGetParam( $_REQUEST, 'ordering', 'newest') ) );
$ordering = preg_replace( '/[^a-z]/', '', strtolower( $ordering ) );
$ordering = preg_replace( '~^(\w+).*$~', '\1', $ordering );

and components/com_search/search.html.php: (line 124 approx)

$ordering = strtolower( strval( mosGetParam( $_REQUEST, 'ordering', 'newest' ) ) );

add the new line just after as shown below:

$ordering = strtolower( strval( mosGetParam( $_REQUEST, 'ordering', 'newest' ) ) );
$ordering = preg_replace( '~^(\w+).*$~', '\1', $ordering );

Com_Media Vulnerability

The second core vulnerability is a potential file inclusion loophole in the com_media component, this vulnerability was first discovered in Joomla 1.5 systems but is also exploitable in Joomla 1.0.xx. Hackers will use this vulnerability to include files that may be used to perform other actions within your website. Once again, this is a sanitisation of input issue.

An company known as netshine has back-ported the Joomla 1.5 changes to prevent this type of file inclusion from occurring.

 line 34:

Replace function makesafe with this version:

function makeSafe( $file ) {
    /** Netshine Software Ltd. Security patch for Joomla 1.0.15 file uploads 2013-08-02 **/
    // Remove any trailing dots, as those aren't ever valid file names.
    $file = rtrim($file, '.');
    /** Security patch for Joomla 1.0.15 end **/
    return str_replace( '..', '', urldecode( $file ) );
}

 line 215:

 Where you find this code:

    if(!$noMatch){
        mosRedirect( "index2.php?option=com_media&listdir=".$_POST['dirPath'], 'This file type is not supported' );
    }

Add this code immediately after.

    /** Security patch for Joomla 1.0.15 file uploads 2013-08-02 **/
    if (substr($file['name'], -4, 1) !== ".")
    {
        mosRedirect( "index2.php?option=com_media&listdir=".$_POST['dirPath'], 'This file type is not supported' );
    }
    /** Security patch for Joomla 1.0.15 end **/

 

If you make the above changes then you can make CORE Joomla 1.0.15 secure again.  However there are other vulnerabilities and approaches that you can use to make your particular website more secure.

 


If you are going to continue to use Joomla 1.0, security requires that you patch the site to the latest 1.0 release, 1.0.15, it also requires that you run on a secure joomla host that uses suPHP, with all the latest security tools to securely host your site. Most importantly, you must install any utilities that you need to take very regular full backups. Then you need to take the backups! There is no better way to secure your site than regular backups.

  -oOo-

Other Vulnerabilities

This section lists other Joomla vulnerabilities but also lists the things you can do to resolve them:


padlock.pngFirst of all, you need to do the basics, make sure that your hosting understands the vulnerabilities inherent in Joomla and provides a configuration that supports your installation.When you look at the system information screen in Joomla 1.0 you should see the following:

 
Joomla! Register Globals Emulation: OFF
Register Globals: OFF
Magic Quotes: ON
Safe Mode: OFF
File Uploads: ON
Session auto start: OFF

Disabled Functions: dl, system, exec, shell_exec, popen, passthru, proc_open, ini_restore, symlink

If the hosting differs from this then simply host elsewhere.  You may think you know what you are doing and can host it yourself, if you can handle the security issues - well that's fine but frankly there's no need. Good Joomla hosts can be found cheaply and they will do all the sys. admin. for you.

-oOo-

padlock.pngEnsure all admin Accounts are secure with long and complicated passwords with small letters and numbers and strange characters that cannot be guessed. Make sure any or all passwords are of this type of complexity - %@£4r_fgJT#" - This will give you a fair chance at being able to foil any spambot trying to guess any password using brute force and guesswork.

-oOo- 

padlock.pngDon't share administrator passwords between sites no matter how tempting this might be. Make sure each site has its own unique administrator passwords. If you have multiple sites this can be a real pain but frankly it is necessary to ensure that if one site is compromised, the others are kept safe. You can use Firefox to securely save your passwords as long as you have a master password in place. The site passwords will be encrypted and tools are available to allow the passwords to be edited, saved and exported. With these tools in place you will be able to store unique passwords for each site.

-oOo- 

padlock.pngCheck the site is configured to work with permissions on files and folders set securely, files should be set to 644 and folders to 755, anything else is a mistake regardless of any component or extension requirement. If your host requires different settings for your site to work, then host elsewhere!

-oOo- 

padlock.pngCheck all your components are secure versions. There are lists on the net that you can check against. You may be using pre-release versions that have not passed all the security requirements, Jambook is an example, earlier versions of the product did not sanitise user input correctly leaving sites using it vulnerable, upgrade the beta versions to 1.0 and you should be safe again. Sanitising user input prevents such incursions as SQL injections. Look at the vulnerability lists for Joomla 1.0 and not those for later versions of Joomla. The good thing about running Joomla 1.0 components is that almost all of the vulnerabilities will have already been identified.

-oOo-  

padlock.png

Place a captcha on the administrator login page, user registration pages.  Walter Cedric's security images is a good one for J1.0 which can also be configured to function on the contacts page, this vital to stop bots and spammers bombarding you with junk mail.

The following files will need to modified as shown here: manual (I will improve this manual shortly as it is  incomplete  and a bit crap...)

/public_html/components/com_registration/registration.html.php
/public_html/components/com_registration/registration.php
/public_html/includes/joomla.php
/public_html/components/com_contact/contact.html.php
/public_html/components/com_contact/contact.php
/public_html/modules/mod_login.php
/public_html/administrator/index.php


To insert the captcha on the administrator login page template, for example:

/public_html/administrator/templates/joomla_admin/login.php   line 57, you simply add the following code:

                <?php
                    //security image by www.waltercedric.com
                    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages
/patches/joomla.adminlogin.html.php')) {
                        require_once ($mosConfig_absolute_path.'/administrator/components/com_securityimages
/patches/joomla.adminlogin.html.php');
                    }
                    //end security image by www.waltercedric.com
                ?>

-oOo-  

padlock.png

Enable Re-Captcha image security. Some plugins such as jom_comment can work with recaptcha, the two-tier security system run by google that is used by many large websites. It is more secure than the usual captcha and all that is needed to enable it, is a recaptcha key which is easily obtained here: http://www.google.com/recaptcha/admin/create

-oOo-   

padlock.png

Extend any other captcha you are using to 6 characters. It seems that some of the cleverer bots are now able to defeat 4 character captchas. You need to make it as difficult as you can for the bots. Unfortunately, captchas are a real pain for your real visitors. There is nothing you can do about that. Walter Cedric's security images can be extended to six characters.

-oOo-  

padlock.pngChange the default admin username to something else more secure. Create a new super administrator user first, test it and then remove the old admin account altogether. The reason it is done this way is to avoid using the default super admin id number of 62. Hackers using SQL injections will attempt to make use of the default admin id number to inject information into the user id table.

-oOo-  

padlock.pngCreate a duplicate site on a test server and keep it under wraps until it is needed for testing or as a warm standby in case the live site fails. Keep this site regularly up to date and don't slavishly copy code from live to test though as you may be copying over some nasty junk too. Check everything you copy over for hacks/infections. No need to infect both sites. You can create a duplicate site using the cpanel backup tool -  it is very easy to backup and restore a site.

-oOo-  

padlock.pngNote: Your duplicate sites are a security risk as they may have trial components installed which may be vulnerable. The trial sites may also beless secure that the live systems. Keep your passwords safe and ensure they are different to the live sites.  I was once asked to break into a live site when the administrator had gone on holiday leaving the system locked. Accessing the test site was easy, and from there I was able to reassemble hashed passwords that were the same as on the duplicate live site.

-oOo-  

padlock.pngUse Ghanja Interceptor or similar to secure the site, this is an anti- SQL injection tool that works on Joomla 1.0. A simple installation of this mambot can protect your whole website from any vulnerabilities in your extensions, it is a great tool and will prevent hackers from injecting code into your site - but remember! - just because you have it installed does not mean you can sit back and relax, you still have to fix those vulnerable extensions.

-oOo-  

padlock.png

Avoid using IE as anything other than a test tool to see if your site works. Do NOT browse the web using IE - it is embedded into your o/s and any browser hack can affect or damage your operating system. IE has traditionally been the most vulnerable of all the browsers.

 -oOo-  

padlock.png

My suggestion is Firefox, there are several plugins for FF that allow you to test and secure your website, noscript to block any nasties on any websites that you visit and SQL inject me! which tests your own site for possible SQL injections. You may not agree on my choice of browser, I do agree Chrome is a useful browser for day to day use but the tools you need for security and development are mostly available for Firefox.

-oOo-  

padlock.png Secure your own PC - Many sites are hacked from infected PCs. Install and run Malwarebytes and have a good antivirus tool such as Avast running! When you access your site through FF and if you have these anti malware and and anti virus tools running you should be protected against any bad script malware that tries to do anything nasty to your PC. These tools will make you feel a lot safer. Avoid Norton Security like the plague, it is the most interfering of all the a/v tools and often acts like a virus itself. It slows your machine down considerably, interferes with the very heart of the o/s, slowing the system, stops applications from operating correctly, is difficult to remove and insists that you regularly pay somebody money for your application to continue running... sounds like a virus to me.

-oOo-  

padlock.png Change the default joomla generator tag to stop saying "Joomla 1.0" as this gives an attacker a pretty big hint as to the site CMS type and version ! How do you do this? You install a plugin that has this functionality built-in or you change some code to do this, all by yourself. Simply find and edit  /includes/frontend.php and comment out this line at approx. line 195.

//$mainframe->addMetaTag( 'Generator', $_VERSION->PRODUCT . ' - ' .
$_VERSION->COPYRIGHT);

-oOo-  

padlock.png Move/redirect your configuration.php to a secure folder, preventing anyone from reading it at all. On Cpanel simply copy the file to the root folder above public_html and rename it to joomla-configuration.php, then modify the current configuration.php to hold the following line:

<?php
require( dirname( __FILE__ ) . '/../joomla-configuration.php' );
?>  

-oOo-  

 padlock.pngUse .htaccess to protect the administrator folder. This can be done in either of two ways, simply or deny access to all  devices except from a specific IP address or set a password on the administrator folder. This is done to prevent bots from identifying the site as a Joomla site. Any bot can simply add /administrator to a site name and if the site is a Joomla one then the administrator back end will pop up. It is possible for a bot to identify which version of Joomla you are running from the back end.

The first option is only useful if you use a fixed IP address, take care of this one or you will be locking yourself out! create an .htaccess file in the administrator folder and add the following code. Replace the IP address shown with your own address.

Deny from all
Allow from 208.123.45.34 *

* You can find your own IP address by going to sites such as http://whatismyip.org. Note that if you carry out this change then you will not be able to access your site from anywhere else except for the location that has the assigned IP address.

The second option is to add a password. This is done by creating two files in the administrator folder:

.htaccess
.htpassword

The .htaccess file should contain the following code:

AuthUserFile "/home/cpanelname/public_html/administrator/.htpasswd"
AuthName "Restricted Area"
AuthType Basic
require valid-user

RewriteEngine On
RewriteRule \.htpasswd$ - [F,L]

Change the site location '/home/cpanelname/public_html' to match your own.

The .htpasswd file will contain a username and a hashed password such as this:

username:dEsRshne/GRE

The hashed password  can be created on a linux server or using a service such as found here: http://www.htaccesstools.com/htpasswd-generator/

-oOo-  

padlock.png.htaccess and .htpasswd functionality is only available on linux servers. If you are using Windows servers to host and secure  your site then you will need to find another method.

-oOo-  

padlock.pngEnable SEF URLs - Most hackers use the Google inurl: command to search for a vulnerable exploit. With SEF enabled this sort of attack is denied to an abuser. Use a package such as Artio JoomSEF or SH404SEF. Artio JoomSEF is my SEF tool of choice, it is commercial but very good and extendable.

-oOo-  

padlock.pngArtio JoomSEF has an option to force all non SEF URLs entered manually to be turned into their SEF equivalents. This quite a useful function helping to obscure standard Joomla URLs. Note though, if you are using any components that need and do not have a JoomSEF extension you may need to take care as it can break bits of your site.

-oOo-  

padlock.pngArtio JoomSEF has a vulnerability too. On all pages that are SEF-ed, Artio inserts some text in small font at the bottom of each article, "JoomSEF by Artio". This text could be used to identify the site as a Joomla site. This insertion of this text is done using various methods depending on the version of Artio you are running. How to remove this code from Artio JoomSEF 2.3.2 can be found here: . To find out how to remove this on other versions of Artio JoomSEF click here

-oOo-  

padlock.pngDo not install any extension until you know how it acts and how vulnerable it might be... Install and try it on a duplicate test site first. Review the extension on t'net and find out what the issues are. This is especially achievable on Joomla 1.0 as nearly all the issues will have already been identified. Create a list of all extensions you use and try to monitor them. For example you can use Google or security websites for staying informed about the latest vulnerabilities. Only use secure extensions that you trust implicitly.

-oOo-  

padlock.pngRemove any extensions that you don't really need. They may well be the target of hackers in the future if any inputs to their code are not properly sanitised. Use tried and tested extensions only. This applies to modules and mambots as well as components.

-oOo-  

padlock.pngFTP layer should be set to OFF - the FTP password is built into the system in plain text, easily accessible so don't enable the FTP layer on your Joomla site. On a properly configured host the FTP layer should not be needed. If you do decide to enable the FTP layer then put the configuration.php file in a secure and unreadable location such as the root folder as shown above.

-oOo-  

padlock.pngDisguise any email addresses, preferably remove any email addresses and do not allow any of them on your site. All references to email addresses should be replaced by links to a contact form.

-oOo-  

padlock.pngRemove vcards from all contact forms as bots will visit your sites to try and harvest the email addresses contained within. The idea is that you try to hide information that will be useful to spammers.

-oOo-  

padlock.pngGuestbook emails showing email addresses - some guestbooks will display the email addresses of visitors who have left their contact details. This functionality should be removed or hidden. If not possible then simply remove the email addresses from each guestbook entry.

-oOo-  

padlock.pngThere are several "recommend a friend" components - each of them allow a visitor to send one or more emails to other recipients but the downside is that they will seem to appear from your site and can be used to send spam. These sort of extensions must be protected by high quality captchas which may defeat the bots. Bear in mind that the spammers now employ hordes of humans (paid at one penny per captcha resolution) and no captcha will defeat a human spammer - my suggestion is to remove this sort of component altogether.

-oOo-  

padlock.pngThere is another minor vulnerability concerning the use of the "email this to a friend" icon that can result in spam from your site. This is NOT unique to Joomla 1.0 and in fact affects all versions of Joomla and most other CMS websites.

Joomla 1.0 has three icons enabled by default at the top of every page. The icon that causes a problem is tstamp.pnghe email icon. When clicked it pops up a little email form that allows the visitor to send a message to another email address. Bots (or human spammers)  can abuse this to send their own messages to a list of email addresses. The best thing is to disable this icon to prevent spammers from taking advantage. To disable this functionality simply open the global configuration file and open the content tab. Check the radio box relating to the email icon display so it states 'hide'. The unfortunate side-effect of this is that your genuine visitors lose the useful "email this" functionality. Bots and humans that know how to exploit this joomla vulnerability will be foiled by this simple change.

Be aware also that other tools such as jom_comment also provide this sort of functionality so it needs to be removed, both site and component-wide.

-oOo-  

padlock.pngRename the Joomla massmail component if not used. Mass mail components are a target for hackers looking for a tool to use once they have found an exploit. If you don't need it, turn it off or remove it. As the mass mail component is a core module for Joomla you can't just uninstall it. Instead use your FTP client and simply rename the folder it resides in to something obscure. The hackers will not be able to identify it and any loophole will remain unfound. Even later versions of Joomla were laid vulnerable to hacks through the massmail component. Joomla 1.5.22 was a virtual open relay that allowed spammers to email anyone.

-oOo-  

padlock.pngEnable smtp mail instead of phpmail - create a unique email account and configure the site to use the username and password, only do this if your configuration.php file is located in a secure folder. You have to add the email username and password in plain text in the configuration file and as a result on an insecure installation the email password will be visible. If you move the configuration file to a secure non-readable location the details are secure. See the instructions above. 

-oOo-

padlock.pngTurn off phpmail, php mail() function acts like an unauthenticated email client, this is an unecessary loophole in your site which you need to block. If a hacker manages to take control of a badly written extension he may be able to use it to send Spam emails. To block PHP mail you can simply ask your host to disable PHP mail for a particular domain. A friendly host will do this automatically as requested. IF you have to do it manually then you have to create a php.ini file in your site root and add the following directive.

disable_functions = mail


Note: Local php.ini files only have an effect if your server is configured to use them. You may have to ask your host to disable phpmail for the one domain and then restart apache before this change will come into effect. If your server is configured to prevent you specifying any directives then simply ask your host to turn off phpmail for a single domain. They must do this for you, if they are preventing you from specifying PHP directives. If they say they can't make the change themselves then host elsewhere.

This will have the intended effect of stopping any naughty extensions that call PHP mail directly from being able to send out emails. some of the badly-written extensions will do this. All extensions should call mosmail which is the correct method of sending email from a Joomla website.

Note: Walther Cedric's Security images is one extension that does not call email correctly. If you want email logging to work after disabling PHPmail you will need to change logger.php, in /public_html/administrator/components/com_securityimages  line 93 from this:

mail($securityImagesAdminEmail, _HASHCASH_ADMINMAILHEADER, $content, "From:
".$securityImagesAdminEmail);


to this:

mosMail($securityImagesAdminEmail,$securityImagesAdminEmail, $securityImagesAdminEmail,
" Admin Login ". $mosConfig_sitename, $content, true );


All components should be using mosmail. The only way to find out is to copy all the files down to the local PC and use a tool like baregrep to search for all occurrences of mail(   then check and change all of the occurrencies to mosmail in a similar fashion to that shown above. When this is done all your components will email correctly using SMTP authenticated mail.

-oOo-

padlock.pngThe above changes to email will prevent your site being used by spammers. If this occurs your domain and the ip address it uses may be flagged as a spam IP address.  If you are on a shared server where you share the ip address you run the risk of being shut out of the server by the host. It is possible to configure your cpanel using EXIM to keep a copy of all outgoing mail for your specified account. This mail can be sent to another address such as archive-mail@lightquick.co.uk and the result is that you can monitor all outgoing mail at your leisure in an easily readable form.

By editing the following exim configuration file in WHM  /etc/cpanel_exim_system_filter and then adding the following code at the end of the template :

### FORWARD ALL INCOMING AND OUTGOING MAIL FOR A USER ###
if ("$h_to:, $h_cc:, $h_bcc" contains "user@lightquick.co.uk")
or ("$h_from:" contains "user@lightquick.co.uk")
then
unseen deliver "archive-address@lightquick.co.uk"
endif

After a restart Exim will start forwarding the email as instructed. Note you have to have access to WHM and to the EXIM control panlel in order to do this.

-oOo-  

padlock.png

Avoid using any FTP tool on your PC that takes passwords and stores them in plaintext. Filezilla is one tool that has done this in the past and using Filezilla on Windows can be tantamount to opening an enormous door to your server and inviting all the hackers in! Use only the latest versions of a secure tool and ensure you have a method to obscure your passwords. I simply will not use filezilla at all as it is apallingly insecure program for windows...

WinSCP and WS FTP both have password obfuscation or encryption, the first is free but open source, so in almost all respects is better!

-oOo-  

padlock.png

Rename the database tables - This isn't as easy as it sounds but the benefits are great. If you rename the database tables it means that any attempted SQL injections that refer directly to the database tables by name will be unable to find them and as a result will fail.

You can do it manually - If you have CPANEL then you can access phpmyadmin where the tables will be listed. In order to change the database table names you will need to know the correct syntax for the SQL commands to rename all the tables. It can be done one table at a time but it is best to  do it via an SQL script. You will also need to modify the configuration.php file to change $mosConfig_dbprefix to refer to the renamed tables correctly.  A PHP script to do this can be found by downloading it here : It works for Joomla 1.0.15, tried and tested on several Joomla 1.0.15 sites. First of all backup your site in FULL. Edit the file and change the db_prefix to the prefix you desire. Copy the file into the root and run it thus:

http:/www.sitename.co.uk/rename.php

When you have completed the task, remove the file completely as you do not want it to exist on your site once the job is done. Subsequent to this all you need to do is change your configuration file to correspond to the new table names - something like this:

$mosConfig_dbprefix = 'pre_';

If you use this SQL script then you do so at your own risk! Take backups beforehand so that if something goes wrong then you can restore the site as it was before your changes. Some poorly written components may have the table names hard-coded into the code. These extensions may fail after the change. Personally I have not yet encountered an extension like that for Joomla 1.0.15. 

-oOo-  

padlock.pngIf you are running CPANEL then you should have access to Spam Assassin. Turn it on.  Spam Assassin works on both incoming and outgoing email. SpamAssassin is an automated email filtering system that attempts to identify spam messages based on the content of the email's headers and body. It will help to prevent any nasty hacker that tries to take over your site from sending spam. All spam can be chucked into a junk box so that you can view any spam that is caught.

-oOo-  

padlock.pngEnsure that your installation folder does not still exist. Earlier versions of CPANEL left the installation folder intact after installing Joomla 1.0. This is a significant security risk.If a hacker knows the installation folder then he can run the install script and wipe your installation. The installation folder in this case is \temp\installation\install.php - if it exists, remove it.

-oOo-

padlock.pngThe backend of the Joomla Administration page states everywhere that the site is a Joomla site. It even states the Joomla version. All a hacker has to do is to take your domain name and put \administrator at the end to see whether the site is joomla and specifically Joomla 1.0. It is very hard to obscure this information unless you make several fundamental changes to the administrator main index.php and login.php in the \administrator\templates\joomla_admin folder. What I have done is change line 23 of login.php to:

<title><?php echo $mosConfig_sitename; ?> - Administration</title>

and line 71 to:

<p>Welcome to "<?php echo $mosConfig_sitename ?>"</p>

 This simply removes the words Joomla from being visible to humans at the backend. I have also created new versions of the two image files found in the admin images folder:

header_text.png

 

/public_html/administrator/templates/joomla_admin/images/header_text.png

version.png

 

/public_html/administrator/templates/joomla_admin/images/version.png

Both these images state the CMS name and the version number. I simply use photoshop to create new versions with the information removed as shown below:

The above changes to the admin back end are largely cosmetic as you can still obtain information about the site by viewing the source. If you password protect the administrator folder then the admin backend will not be visible to anyone so the above work to obscure the site will not be necessary.

-oOo-  

padlock.pngThe above list is what I do to secure a J1.0 site. It seems like a lot of work but in fact most of the above applies to Joomla 1.5+ too. Joomla 1.5 does have the added benefit of having a larger community that can assist with Joomla 1.5+ issues but if you are reading this then you don't have J1.5 and have already determined that the migration path to J1.5 is too much work to contemplate. Also, you should not assume that migration is the solution to all your problems. If you believe that then you will have to accept that you will need to rebuild your site regularly due to the increased frequency of major Joomla releases. Each Joomla release requires a full migration which is in effect a new site each and every time. So far we have had Joomla 1.0, 1.5, 1.6, 1.7, 2.5 and now 3.0. By sticking with Joomla 1.0 you have actually saved yourself a lot of time and a lot of money, all of which others have wasted on migration.

-oOo-  

  3rd party components can have their own vulnerabilities.

Virtuemart :

padlock.pngIf you have Virtuemart 1.0 installed then your site can be exploited by using a simple vulnerability where emails can be sent unsolicited from your site.

  /administrator/component/virtuemart/html/shop.recommend.php.

This page allows visitors to recommend a VM product to another potential shopper. Unfortunately the nasty spammer can get hold of this page and fill in the fields and send a spam email so that email appears to come from your site using your domain name.

Turning off this feature in VM 1.0 does not help as the page is still available by direct access. Simply delete or rename this page to something obscure to remove this vulnerability and then remember to turn off the feature in VM too.

-oOo-  

 


padlock.pngThe Virtuemart 1.1 "ask a question about this product" link can generate spam as there is no captcha on the contact form it links to.  A way around this is to  simply change the text to an image.

Modify the following file:
/public_html/administrator/components/com_virtuemart/languages/shop/english.php

find the following text labels and change them as shown below, substituting each text string for an equivalent image:

    'VM_PRODUCT_ENQUIRY_LBL' => '<img src="images/stories/ask-a-question.jpg">',
    'NAME_PROMPT' => '<img src="images/stories/enteryourname.jpg">',
    'EMAIL_PROMPT' => '<img src="images/stories/enteryouremail.jpg">',
    'MESSAGE_PROMPT' => '<img src="images/stories/enteryourmessage.jpg">',

Copy these images (or similar) to the images/stories folder:

enteryouremail.jpg enteryourmessage.jpg

enteryourname.jpg ask-a-question.jpg

 

This may help confuse the spambots as they will be unable to read the images identifying the link and the email form fields.

 

-oOo-  

 

MMSBlog :

padlock.png If you have MMSblog installed then your site email can be exploited if the hacker can access the following file:

/public_html/components/com_mmsblog/mmsblog.config.php

This file contains the login details of the user account required by MMSBlog to send mail to the site via mms messaging or content by email. If the hacker obtains the information contained therein then he can send mail just as if it is coming from your site. This file should be protected, set the file protection to o:wr w:r (0640 in octal). Check that your PHP files are not visible in plain text to the world by typing the following in your browser:

www.domain-name.com/components/com_mmsblog/mmsblog.config.php

The browser should not display the file contents.

To be thoroughly sure that the contents are safe, move the mmsblog.config.php file to the root above public_html rename it to mmsblog-configuration.php and then call it from a brand new replacement mmsblog.config.php containing just the line:

<?php
require( dirname( __FILE__ ) . '/../../../mmsblog-configuration.php' );
?>

This will keep the email address details away from prying eyes, the cpanel root that exists above public_html is not accessible and therefore any files in it can be considered safe.

 

Last Updated ( Friday, 06 September 2013 )
 
Professor Elemental wants to share a cup of tea with you PDF Print
(1 vote)

Share this!

Rather a strange thing to put on this blog but it is rather fun and it seems in keeping with the growing theme of this site.Professor Elemental is a rather strange man from the look of him but he knows his tea.

 

Last Updated ( Wednesday, 18 December 2013 )
 
Simple Page Options (SPO) Vulnerability Fixed PDF Print
(0 votes)

Share this!

pen-and-paper.pngI have been advised by the hosting company of a vulnerability in an extension we had been using on one of our sites which allows information to be obtained which could be used in a future attack on the site. The extension is the Simple Page Options Module for Joomla 1.5 which allows you to add a variety of extra functions via a very simple front end interface, what does this module do? It does the following things:

It enhances Site Title.
Replaces the Default Joomla! Generator.
Forces Compatibility View for IE8 Users.
Adds a contact and referral form.
Adds twelve social bookmarking icons.
Adds a note to users of the obsolete browser IE6.
Allows you turn off right clicking.

This is useful functionality that I don't want to lose especially when it is wrapped in such a pretty and compact package. The problem is that hackers have found that the email forms do not fully sanitise their input and on a system that is not protected by su_php it could allow some commands to be run to divulge information about the server. It is possible that it could also allow injected code to be run.

I have been in touch with the developer and I have fixed the vulnerability with his help. He has now fixed the vulnerability world wide as 10,000+ sites also use it. The vulnerability was discovered by us when someone tried to exploit the vulnerability to insert some nasty code on one of our systems. They failed of course as the system is far too secure for that to happen. Just letting you know!

The JED had already had someone flag the problem and had marked the module as being insecure...

With the new version of simple page options (SPO 1.5.17) you can now safely upgrade the module on your Joomla 1.5 site. It is available here.

Last Updated ( Wednesday, 16 November 2011 )
 
A steampunk admin template for Joomla 1.5 PDF Print
(1 vote)

Share this!

We've just created a quick hack of the standard Joomla admin template - Khepri. The hack involves swapping all the newer Joomla icons for some steampunk icons. A few changes to css complete the picture so that Joomla 1.5 starts to look a lot more Victorian!. Not to everyone's taste admittedly  but certainly to mine and to a select and superior few... The images below show the new look and feel, restrained but characterful.

steampunk-joomla-600.jpg

 

This screenshot shows the Joomla 1.5 back end with a modified form of the quickicons module displaying the main icons. When this is complete I will bundle the new module with the template.

I have just completed the 48 and 32 bit icons, now working on the 16 bit icons as used by the menus. Will then release it for testing. I'll do a 1.7 version if anyone else is really keen? Feel free to comment! If you'd like the administrator template then let me know by leaving a comment below. You can download the template here:

http://lightquick.co.uk/jdownloads/steampunk-administrator-icon-template-for-j1.5.html

steampunk-joomla-600-no2.jpg

Last Updated ( Friday, 23 March 2012 )
 
Joomla 1.0 admin backend look and feel for Joomla 1.5 PDF Print
(1 vote)

Share this!

We've just created a quick hack of the standard Joomla admin template - Khepri. The hack involves swapping all the newer Joomla icons for the older and brigher icons from Joomla 1.0. A few changes to css complete the picture so that Joomla 1.5 starts to look a lot more friendly place. When Joomla was upgraded to 1.5 the dev team decided to drop the 'chummy' look and instead adopt a more corporate look and feel. This allowed Joomla to grow up but in the process it lost a lot of the accessibility that a friendly "look and feel" provided.

joomla1.0-admin-template.jpg

If you've not used Joomla 1.0 before you won't be aware of the much more friendly and familiar back end that it always had. This was adopted from the Mambo days. If you've ever been in the backend of a Joomla 1.0 or Mambo site the above image will be very familiar.

So, the friendly look is back! Now you can give your Joomla 1.5 site a 'makeunder' with a Joomla 1.0 back end.

If you are a long-time Joomla 1.5 user then you'll actually find it more intuitive and easier to identify the icons as they are so much brighter and a lot clearer... If you are a Joomla 1.0 user and you finally have to bite the bullet and upgrade your Joomla 1.0 site then make it easier for you to migrate yourself with this joomla 1.0 administrator template.

This template installs in the usual way. When you are in the Joomla back-end just select the templates menu option and then click on administrator link to view the choice of back-end templates. Simply select the joomla10 template as your default and the icons will start to change.

The change was not a complicated one, we just used the existing Joomla template and made a lot of simple changes. All credit to the original developers of the Mambo and Joomla 1.0 interfaces.

You can get it here:

http://lightquick.co.uk/jdownloads/joomla-1.0-administrator-icon-template-for-joomla-1.5.html

On top of the above we have just knocked together some Virtuemart 1.0 icons. This completes the picture so that you can keep your old cart look and feel too. 

VmQuickIcons for Virtuemart is a module to add the Virtuemart 1.0 Icons onto the Joomla 1.5 Administrator cpanel (dashboard). It gives you all the Virtuemart icons straight from the Joomla backend. This administrator module has been modified to provide the easy-to-identify VM 1.0 icons instead of the hard-to-decipher VM 1.1 versions. Works with Joomla 1.5 and VM 1.1.

This is based upon the module created by Joomspot with some simple changes. Instead of the standard VM icons we've added two that just weren't present in VM 1.0.

http://lightquick.co.uk/jdownloads/vmquickicons.html  

 

reviews.png report.png shop_categories.png shop_products.png shop_vendors.png
shop_users.png
shop_payment.png
shop_orders.png
shop_mart.png
shop_configuration.png
Installation is easy, just install it as an administrator module.

The next change will be a steampunk look and feel to Joomla 1.5. 

Last Updated ( Sunday, 23 October 2011 )
 
You do NOT need to upgrade from Joomla 1.0 to 1.5, or from Joomla 1.5 to 1.6 PDF Print
(1 vote)

Share this!

On the Joomla forums and elsewhere you often hear of people who are coerced into upgrading their Joomla installation (e.g. from Joomla 1.0 to 1.5, or 1.5 to 1.6 & 1.7 then to 2.5/3.0).  This article may help to provide clarification and possibly save a few people from going through this unnecessarily. In my opinion you only need to upgrade when the underlying technologies (PHP) becomes unavailable. As this is not going to happen for years then your old site should still keep working for 'yonks'.

GPL License = It's YOURS!

 

This is the best thing about Open Source software. Joomla is released under the GPL public license and from a legal perspective, it is YOUR software. This means that nobody can tell you what to do with it.  If you don't want to upgrade it, then that's fine.  If you want to customise it to suit your needs, that's also fine.  If you want to add more features?  Fine.  Nobody can take it back.  It's not a lease or a rental - you own it!

If you have a heavily customised site that is built on J1.0 that works really well, is on a secure server, well backed up and does the job, then it is safe and secure so what's the point of upgrading? There are many Thousands of J1.0 sites out there and joomla 1.0 has been forked by others and is still supported by them.

 

Upgrades vs Updates vs Migrations:

The move from J1.0 to j1.5 was a migration and a pretty big one. Bear in mind if you have two or three J1.0 sites, then each might take a few days to migrate, it is often deemed easier to create the site from scratch. Lets make it clear - that is a new site that you have to pay for in time or money.

magnifier1.6.pngJ1.5 to J1.6 is another migration...not an upgrade. J1.7 and J2.5 will also be migrations. A migration means exporting your data and importing it into the new database, finding updated versions of all your extensions, modules and plugins and upgrading each in turn, including all the corresponding data...

As time goes on the tools to do a migration are becoming more available but the fundamental fact is that a migration is a risky task and it takes effort. It is an uninteresting and boring task to all concerned. No-one really benefits much, and it is a significantly time-consuming chore.

Having said this, if you want to take advantage of the latest and greatest extensions then you need a version that is well supported in this respect... Joomla 1.0 has been around for years so plenty of extensions are still available. Joomla 1.5 has been the platform of choice for developers for an equally long time and extensions will be available for years to come. J1.6/7 arrived and then disappeared in an equally short time, Joomla 2.5 is here and is not equally well supported, yet...


Security Updates:

truecrypt.pngWe are NOT talking about the minor security releases that the Joomla team releases (e.g. from Joomla 1.5.08 to 1.5.26).  These are important!  Ensure your version of Joomla is fully patched, so if you have the Joomla 1.0 version you should be running 1.0.15.

If you are running on a well secured server, have regular backups and implement a good security regime with regard to passwords &c you should be safe and secure.

 

 

 

End of life for PHP 5.2:

programs-128.png

Support for PHP 5.2 is gradually but inexorably diminishing. Joomla 1.0 requires PHP 5.2 and if your host upgrades to PHP 5.3 then the site will appear to fall over in a heap of errors.

Assigning the return value of new by reference is deprecated
Function eregi() is deprecated
Function eregi_replace() is deprecated
Function split() is deprecated 

The only way to fix this is to upgrade your site so that it is compatible with PHP 5.3, there is an article here that shows you how to do this.

 

Other Vulnerabilities:

avirus.png

When you install the latest version of a software product then you are deliberately acting as a guinea pig for all the bugs and issue that will inevitably arise. For instance, Joomla 1.5.22 introduced an open relay vulnerability and early versions of Joomla 1.7 had performance problems, running particularly slowly in comparison to Joomla 1.0. Joomla 1.7 has complex SELECT statements that seem to be causing site slowdowns when the site has a lot of content. Due these typical problems it is always best to avoid upgrading to a major version within the first year. This is when the majority of bugs will be identified and fixed, vulnerabilities will be closed down. This is not a good period to be building a new website or upgrading an old. With this approach in mind, 1.7 must be avoided until mid-way through 2012 and Joomla 2.5 must not even be approached until 2013! Until then I intend to stick to the solid old Joomla 1.5.

 

Joomla Platform Release Dates:

Joomla 1.0 - September 2005 (no longer supported by Joomla team)
Joomla 1.5 - January 2008 (support ends April 2012)
Joomla 1.6 - 10 January 2011 (already no longer supported by Joomla team)
Joomla 1.7 - 06 June 2011
Joomla 2.5 - January 2012

So, to clarify:

 

1.  You do NOT need to upgrade your site from Joomla 1.0 to 1.5
I've got dozens of clients who are still running Joomla 1.0 sites just fine.  There a re no security vulnerabilities in this software, and if you do not need features that exist only in a newer platform, there is no reason to upgrade to later versions of Joomla. However, you must make the site compatible with PHP 5.3. This entails a day of work by someone competent with PHP websites. There is an article here that shows you how to do this.

2.  You will NOT need to upgrade your site from Joomla 1.5 to 1.6
We've all got dozens of clients who are still running Joomla 1.5 sites just fine.  There are no security vulnerabilities in this software, as long as you have the latest release, version 1.5.23. If you do not need features that exist only 1.6, there is no reason to upgrade (1.6 provided nested categories and ACLs). Remember Joomla 1.6 is  unsupported by the Joomla team so if you upgrade to 1.6 you are already out of date! 1.6 is already unsupported in any case.

3.  You will NOT need to upgrade your site from Joomla 1.5 to 1.7
If you do not need features that exist only 1.7 there is no reason to upgrade (Nested categories and ACLs, enhanced security and improved migration tools). 1.7 is already unsupported in any case.

4.  You will NOT need to upgrade your site from Joomla 1.5 to 2.5
Joomla 2.5 LTS is here but I don't plan on using Joomla 2.5 for production sites until all the extensions I use are compatible with it and the majority of Joomla's core bugs have been ironed out, 12 months after it is released - we can let others serve as the guinea pigs...

5.  You NEED to update your Joomla software when security patches are released.   (These updates typically only take a few minutes to install.)

There is a really informative diagram at http://www.themepartner.com which sets out a flow chart regarding the decision making process for deciding to upgrade or not. I may create one of my own as it leaves out a couple of options. However, it is still a very good guide. Have a look at it here: click the image to view a bigger version. Kudos goes to themepartner for creating this succinct document.

Upgrade Joomla

To sum up:

 

Older versions of Joomla can easily run faster then later versions, speed being one of the metrics Google uses to determine website ranking. Joomla 1.5+ are heavier and slower beasts. Joomla 1.0 is a fine CMS and with all the tools and plugins available you can still create a fine site with it. Google ranking is achievable with any Joomla CMS. Joomla has been upgraded in a certain direction because that is what the current Joomla devs want to do, nothing more. Joomla 1.0 has been successfully forked and is being used today in another notable CMS, namely Joostina. Joomla 1.5 will carry on being the Joomla mainstay for years to come. The regular and frequent release schedule of current Joomla is a reason for NOT upgrading. 

Last Updated ( Monday, 12 November 2012 )
 
Steampunk Rocketdock/Stardock icons now available PDF Print
(1 vote)

Share this!

At last I have found the time to iconise the PNG images I have been using as steampunk icons in Rocketdock as my replacement taskbar, feel free to download. They look very steampunk and are a suitable replacement for the default icons that come with Rocketdock. If you are into Steampunk then these will spruce up your desktop. Compatible with MobyDock, ObjectDock, RK Launcher, and Y\'z Dockor your default Windows icons. Each icon image is combined within one ico file so that you have icons sized at 16, 32, 48 or 128 bytes all in one. You can see them below looking good in my Rocketdock taskbar. You can download them here: http://rocketdock.com/addon/icons/38398


 

Some of the steampunk icons I've created and used in Rocketdock or Stardock as my replacement taskbar, feel free to download. They look very steampunk and are a suitable replacement for the default icons that come with Rocketdock. If you are into Steampunk then these will spruce up your desktop.

These are just a few of the icons available in the set.

synchronise-73.png wireless-73.png electric fan poster
wireless-73.png wireless-73.png wireless-73.png

wireless-73.png

wireless-73.png
wireless-73.png wireless-73.png wireless-73.png safari2.png  remote-viewer.png
 wireless-73.png  wireless-73.png wireless-73.png wireless-73.png Alethiometer.png  
wireless-73.png  wireless-73.png wireless-73.png wireless-73.png remote-viewer  
iconoid.png safari.png wireless-73.png martian-photo-73.png martian-photo-colour-179.png  

You can download them here: http://rocketdock.com/addon/icons/38398

Last Updated ( Friday, 14 October 2011 )
 
Apologies to IE users - bug in IE8's Lookahead Downloader PDF Print
(1 vote)

Share this!

pith-helmet.pngIt seems that IE users have been having problems with the blog page caused by Artio JoomSEF creating a weird URL for any Joomla blog category page. It was creating the page http://lightquick.co.uk/blog/index.php and this meant that the base URL changed so that no images would display. Each image had an extra /blog inserted into the URL. Strangely enough this problem did not mainfest itself on Firefox or Chrome and those browsers worked perfectly well all the time. Only IE had the issue. As I use Firefox exclusively for all development I did not see the problem myself. I have now manually changed the SEF URL to default to blog.html rather than /blog/index.php and it now seems to work on all browsers. Next time I purge the SEF URLs I must remember to make this same change every time. Once again, apologies IE users, summat strange happened and I don't really know why... fixed now though.

(later update)

I figured out why this happened. I realised it was also affecting the downloads page too so finally some digging was required. The issue is a result of using Artio JoomSEF with a jdownloads SEF extension and a serious IE8 bug.

The problem is only in IE and does not manifest in any of the other major browsers. The bug has been admitted by Microsoft  and is directly related to IE8's Lookahead Downloader. It appears that it loses the base reference after its first use. This means that it gets confused and assigns the wrong path to all css and images. Microsoft state that the bug is fixed but it does not appear to be so in the version of IE8 that I am running.  I reckon the fix made its way into IE9 but not IE8. The problem is similar to that in the blog where the images all show with a red 'x'.

The only solution is to edit your site template index.php file and to add the following line just after the <head> tag:

<base href="http://lightquick.co.uk">

ff-eating-ie.pngSimply replace http://lightquick.co.uk with your domain name. This forces IE8 to use the base HREF in all of the css/js/image lookups. IE8 will no longer try to anticipate what the URLs are likely to be and get it wrong. It will now use the correct URL as defined by you.

With IE9+ only running on Windows 7+ then it means that XP users like myself are left high and dry and with bugs like this downloader bug it is time to really think about choosing another browser. Microfarts state as an excuse that you ought to really be choosing a 'modern' browser. Well I sort of agree, I recommend that if you are serious about using the web then instead of IE you should use any of the other main browsers, Firefox, Opera or Safari. I would recommend Chrome too but it does not need any advertising...

 

 

 

Last Updated ( Friday, 23 December 2011 )
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Results 71 - 80 of 208

Cookies

By EU law we have to leave this message about cookies - In order to deliver a personalised, responsive service and to improve the site, it remembers and stores information about how you use it. This is done using simple text files called cookies which sit on your computer. These cookies are completely safe and secure and will never contain any sensitive information. They are used only by Lightquick or the trusted partners we work with ie. Google. By continuing to use this site you accept the use of these cookies. Remember all sites use these cookies but if you are unhappy with this cookie usage, then unfortunately we have to ask you to leave the site.

 

RSS feeds listed below - Select the format of feed that you require.