From donnamarievincent at yahoo.com Thu Mar 5 17:55:13 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Thu, 5 Mar 2009 14:55:13 -0800 (PST) Subject: [joomla] CB user integraiton with shopping cart system Message-ID: <177049.2071.qm@web35602.mail.mud.yahoo.com> Does anyone know of a synchronization/integration with a shopping cart system? There isn't one for Virtuemart/CB. Beat mentioned in the forum that it's a major undertaking. ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott at wolpow.com Thu Mar 5 18:11:16 2009 From: scott at wolpow.com (Scott Wolpow) Date: Thu, 05 Mar 2009 18:11:16 -0500 Subject: [joomla] CB user integraiton with shopping cart system In-Reply-To: <177049.2071.qm@web35602.mail.mud.yahoo.com> References: <177049.2071.qm@web35602.mail.mud.yahoo.com> Message-ID: <49B05C14.4080402@wolpow.com> There is one for VM and CB http://www.joomlapolis.com/component/option,com_mtree/task,listcats/cat_id,142/Itemid,55/ Scott On 3/5/2009 5:55 PM, Donna Marie Vincent wrote: > Does anyone know of a synchronization/integration with a shopping cart > system? There isn't one for Virtuemart/CB. Beat mentioned in the > forum that it's a major undertaking. > > ------------------------------------------------------------------------ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com - info at joomsites.com > > Tel.: (718) 874-6741 - Fax: (646) 731-6861 > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.557 / Virus Database: 270.11.8/1984 - Release Date: 3/4/2009 7:17 PM > From donnamarievincent at yahoo.com Thu Mar 5 18:16:13 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Thu, 5 Mar 2009 15:16:13 -0800 (PST) Subject: [joomla] CB user integraiton with shopping cart system In-Reply-To: <49B05C14.4080402@wolpow.com> References: <177049.2071.qm@web35602.mail.mud.yahoo.com> <49B05C14.4080402@wolpow.com> Message-ID: <941250.81698.qm@web35603.mail.mud.yahoo.com> Thanks, but I don't think that one works. :-) At least from what I read in the forums. It's for an old version of VM. But I'll try it out. ________________________________ From: Scott Wolpow To: NYPHP at lists.nyphp.org; SIG at lists.nyphp.org Sent: Thursday, March 5, 2009 6:11:16 PM Subject: Re: [joomla] CB user integraiton with shopping cart system There is one for VM and CB http://www.joomlapolis.com/component/option,com_mtree/task,listcats/cat_id,142/Itemid,55/ Scott On 3/5/2009 5:55 PM, Donna Marie Vincent wrote: > Does anyone know of a synchronization/integration with a shopping cart system? There isn't one for Virtuemart/CB. Beat mentioned in the forum that it's a major undertaking. > > ------------------------------------------------------------------------ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com - info at joomsites.com > Tel.: (718) 874-6741 - Fax: (646) 731-6861 > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.557 / Virus Database: 270.11.8/1984 - Release Date: 3/4/2009 7:17 PM > _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at zaunere.com Thu Mar 5 19:57:02 2009 From: lists at zaunere.com (Hans Zaunere) Date: Thu, 5 Mar 2009 19:57:02 -0500 Subject: [joomla] IP Hosting and Cached Host Name Message-ID: <080e01c99df6$7685ddd0$63919970$@com> Hello, So for a site that isn't using name virtual hosting, I'm having issues with Joomla caching erroneous hostnames during link creation/etc. For example, if someone points badman.badplace.com to www.mysite.com and happens to hit a page that hasn't been cached yet, the URLs generated now point to http://badman.badplace.com/some-url which is obviously a bad thing. I understand that now $live_site variable isn't supported. How can this be resolved? Thanks, H From donnamarievincent at yahoo.com Thu Mar 5 22:13:33 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Thu, 5 Mar 2009 19:13:33 -0800 (PST) Subject: [joomla] CB user integraiton with shopping cart system References: <177049.2071.qm@web35602.mail.mud.yahoo.com> <49B05C14.4080402@wolpow.com> Message-ID: <405440.57592.qm@web35607.mail.mud.yahoo.com> I located a newer version of the plugin and module, but take a look at the readme file: "This module will run the sync-users command for CB silently whenever it is shown. "Just publish, set it to not display the title, and it will run a sync-users each time it's shown. "Ensure that you publish this on every page the CB login module is shown, as you need the user database to be synced before the user attempts to login." Considering that I have a login module on every page (in the header), the sync will occur on every page load. Isn't that a bit much? ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 ________________________________ From: Scott Wolpow To: NYPHP at lists.nyphp.org; SIG at lists.nyphp.org Sent: Thursday, March 5, 2009 6:11:16 PM Subject: Re: [joomla] CB user integraiton with shopping cart system There is one for VM and CB http://www.joomlapolis.com/component/option,com_mtree/task,listcats/cat_id,142/Itemid,55/ Scott On 3/5/2009 5:55 PM, Donna Marie Vincent wrote: > Does anyone know of a synchronization/integration with a shopping cart system? There isn't one for Virtuemart/CB. Beat mentioned in the forum that it's a major undertaking. > > ------------------------------------------------------------------------ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com - info at joomsites.com > Tel.: (718) 874-6741 - Fax: (646) 731-6861 > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.557 / Virus Database: 270.11.8/1984 - Release Date: 3/4/2009 7:17 PM > _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott at wolpow.com Thu Mar 5 22:48:44 2009 From: scott at wolpow.com (Scott Wolpow) Date: Thu, 05 Mar 2009 22:48:44 -0500 Subject: [joomla] CB user integraiton with shopping cart system In-Reply-To: <405440.57592.qm@web35607.mail.mud.yahoo.com> References: <177049.2071.qm@web35602.mail.mud.yahoo.com> <49B05C14.4080402@wolpow.com> <405440.57592.qm@web35607.mail.mud.yahoo.com> Message-ID: <49B09D1C.3030301@wolpow.com> My guess is that it has to sync each time because it does not write to the CB table. SW On 3/5/2009 10:13 PM, Donna Marie Vincent wrote: > I located a newer version of the plugin and module, but take a look at > the readme file: > > "This module will run the sync-users command for CB silently whenever > it is shown. > > "Just publish, set it to not display the title, and it will run a > sync-users each time it's shown. > > "Ensure that you publish this on every page the CB login module is > shown, as you need the user database to be synced before the user > attempts to login." > > Considering that I have a login module on every page (in the header), > the sync will occur on every page load. Isn't that a bit much? > > ------------------------------------------------------------------------ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com - info at joomsites.com > > Tel.: (718) 874-6741 - Fax: (646) 731-6861 > > > ------------------------------------------------------------------------ > *From:* Scott Wolpow > *To:* NYPHP at lists.nyphp.org; SIG at lists.nyphp.org > *Sent:* Thursday, March 5, 2009 6:11:16 PM > *Subject:* Re: [joomla] CB user integraiton with shopping cart system > > There is one for VM and CB > > http://www.joomlapolis.com/component/option,com_mtree/task,listcats/cat_id,142/Itemid,55/ > > Scott > > On 3/5/2009 5:55 PM, Donna Marie Vincent wrote: > > Does anyone know of a synchronization/integration with a shopping > cart system? There isn't one for Virtuemart/CB. Beat mentioned in > the forum that it's a major undertaking. > > > > ------------------------------------------------------------------------ > > Donna Marie Vincent > > JoomSites, LLC > > Web Development with Joomla!? WDP > > www.JoomSites.com > - info at joomsites.com > > > > Tel.: (718) 874-6741 - Fax: (646) 731-6861 > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > New York PHP SIG: Joomla! Mailing List > > http://lists.nyphp.org/mailman/listinfo/joomla > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > ------------------------------------------------------------------------ > > > > No virus found in this incoming message. > > Checked by AVG. > > Version: 7.5.557 / Virus Database: 270.11.8/1984 - Release Date: > 3/4/2009 7:17 PM > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.557 / Virus Database: 270.11.8/1984 - Release Date: 3/4/2009 7:17 PM > From ircmaxell at yahoo.com Fri Mar 6 08:55:56 2009 From: ircmaxell at yahoo.com (Anthony Ferrara) Date: Fri, 6 Mar 2009 05:55:56 -0800 (PST) Subject: [joomla] IP Hosting and Cached Host Name Message-ID: <492824.86945.qm@web110503.mail.gq1.yahoo.com> $live_site is supported... Just fill it in... --- On Thu, 3/5/09, Hans Zaunere wrote: > From: Hans Zaunere > Subject: [joomla] IP Hosting and Cached Host Name > To: joomla at lists.nyphp.org > Date: Thursday, March 5, 2009, 7:57 PM > Hello, > > So for a site that isn't using name virtual hosting, I'm > having issues with > Joomla caching erroneous hostnames during link > creation/etc. > > For example, if someone points badman.badplace.com to > www.mysite.com and > happens to hit a page that hasn't been cached yet, the URLs > generated now > point to http://badman.badplace.com/some-url which > is obviously a bad thing. > > I understand that now $live_site variable isn't > supported.? How can this be > resolved? > > Thanks, > > H > > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From lists at zaunere.com Fri Mar 6 11:14:41 2009 From: lists at zaunere.com (Hans Zaunere) Date: Fri, 6 Mar 2009 11:14:41 -0500 Subject: [joomla] IP Hosting and Cached Host Name In-Reply-To: <492824.86945.qm@web110503.mail.gq1.yahoo.com> References: <492824.86945.qm@web110503.mail.gq1.yahoo.com> Message-ID: <09d901c99e76$a84c6c00$f8e54400$@com> > $live_site is supported... Just fill it in... Yeah, apparently this is the only solution. I looked through the code too, and JURI is using HTTP_HOST, which won't exist in this case. Seems as though it could use SERVER_NAME or at least failover to it. H > > So for a site that isn't using name virtual hosting, I'm having issues with > > Joomla caching erroneous hostnames during link creation/etc. > > > > For example, if someone points badman.badplace.com to www.mysite.com and > > happens to hit a page that hasn't been cached yet, the URLs generated now > > point to http://badman.badplace.com/some-url which is obviously a bad thing. > > > > I understand that now $live_site variable isn't supported.? How can this be > > resolved? From dan.horning at planetnoc.com Fri Mar 6 11:22:30 2009 From: dan.horning at planetnoc.com (Daniel Horning) Date: Fri, 6 Mar 2009 11:22:30 -0500 Subject: [joomla] IP Hosting and Cached Host Name In-Reply-To: <09d901c99e76$a84c6c00$f8e54400$@com> References: <492824.86945.qm@web110503.mail.gq1.yahoo.com> <09d901c99e76$a84c6c00$f8e54400$@com> Message-ID: <001b01c99e77$bfeae930$3fc0bb90$@horning@planetnoc.com> You COULD cheat it a bit and setup rewrite rules in .htaccess for any cases that don't match a list of domains RewriteEngine On RewriteCond %{HTTP_HOST} !^www\.validdomain1\.com #list each domain that should exist RewriteCond %{HTTP_HOST} !^validdomain1\.com #list each domain that should exist RewriteCond %{HTTP_HOST} !^www\.validdomain2\.com #list each domain that should exist RewriteCond %{HTTP_HOST} !^validdomain2\.com #list each domain that should exist RewriteCond %{HTTP_HOST} !^www\.validdomain3\.com #list each domain that should exist RewriteCond %{HTTP_HOST} !^validdomain3\.com #list each domain that should exist RewriteRule ^(.*) http://www.defaultdomain.com/$1 [L,R=301] #rewrite to a default domain This was my method of making sure that people were on valid domains Just a thought -- Dan Horning American Digital Services - Where you are only limited by imagination. dan.horning at planetnoc.com :: http://www.americandigitalservices.com 1-518-444-0213 x502 . toll free 1-800-863-3854 . fax 1-888-474-6133 15 Third Street, PO Box 746, Troy, NY 12180 (by appointment only) -----Original Message----- From: joomla-bounces at lists.nyphp.org [mailto:joomla-bounces at lists.nyphp.org] On Behalf Of Hans Zaunere Sent: Friday, March 06, 2009 11:15 AM To: 'NYPHP SIG: Joomla' Subject: Re: [joomla] IP Hosting and Cached Host Name > $live_site is supported... Just fill it in... Yeah, apparently this is the only solution. I looked through the code too, and JURI is using HTTP_HOST, which won't exist in this case. Seems as though it could use SERVER_NAME or at least failover to it. H > > So for a site that isn't using name virtual hosting, I'm having issues with > > Joomla caching erroneous hostnames during link creation/etc. > > > > For example, if someone points badman.badplace.com to www.mysite.com and > > happens to hit a page that hasn't been cached yet, the URLs generated now > > point to http://badman.badplace.com/some-url which is obviously a bad thing. > > > > I understand that now $live_site variable isn't supported.? How can this be > > resolved? _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php From compustretch at gmail.com Mon Mar 9 11:15:29 2009 From: compustretch at gmail.com (Compustretch) Date: Mon, 9 Mar 2009 11:15:29 -0400 Subject: [joomla] Joomla Meeting on 3/12? Message-ID: Just wondering, bc it would be wonderfully ironic if there were no meeting the one month I could actually attend. best to all, Forest -------------- next part -------------- An HTML attachment was scrubbed... URL: From sikileng at gmail.com Mon Mar 9 11:28:44 2009 From: sikileng at gmail.com (Steve) Date: Mon, 9 Mar 2009 18:28:44 +0300 Subject: [joomla] Converting HTML Template to JOOMLA Templates Message-ID: HI guys Anyone with a tutorial or applications that can help me convert HTML templates too work on joomla 1.5 Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From donnamarievincent at yahoo.com Mon Mar 9 11:29:01 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Mon, 9 Mar 2009 08:29:01 -0700 (PDT) Subject: [joomla] Joomla Meeting on 3/12? In-Reply-To: References: Message-ID: <334418.92264.qm@web35606.mail.mud.yahoo.com> I can't believe it's time for the next meeting already and I still haven't had a minute to update the site yet! I will do it today. Sorry. ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 ________________________________ From: Compustretch To: NYPHP SIG: Joomla Sent: Monday, March 9, 2009 11:15:29 AM Subject: [joomla] Joomla Meeting on 3/12? Just wondering, bc it would be wonderfully ironic if there were no meeting the one month I could actually attend. best to all, Forest -------------- next part -------------- An HTML attachment was scrubbed... URL: From compustretch at gmail.com Mon Mar 9 11:32:55 2009 From: compustretch at gmail.com (Compustretch) Date: Mon, 9 Mar 2009 11:32:55 -0400 Subject: [joomla] Converting HTML Template to JOOMLA Templates In-Reply-To: References: Message-ID: Are you in New York? If you come to the Joomla meeting on Thursday I'm sure anyone there could show you how to do this in about 5 minutes. -?orest On Mon, Mar 9, 2009 at 11:28 AM, Steve wrote: > HI guys > > Anyone with a tutorial or applications that can help me convert HTML > templates too work on joomla 1.5 > > Thanks > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From donnamarievincent at yahoo.com Mon Mar 9 11:37:59 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Mon, 9 Mar 2009 08:37:59 -0700 (PDT) Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 Message-ID: <818283.31271.qm@web35604.mail.mud.yahoo.com> Topics for this Thursday's meeting: 1. Joomla Extension Demo - TBD* 2. KickApps for Joomla: "From social networking and user-generated content to video-sharing and widgets, social media & online communities have emerged as a very effective way to grow and increase audience engagement. We?ll discuss nine steps for creating a successful social media website." -- Michael Chin, SVP Marketing, KickApps ------------------------------------------------------------------------------- For more information (when, where, etc.), see the NYC JUG website at http://www.joomlanyc.org *Please contact me if you would like to present a demo ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From bobbysoho at hotmail.com Mon Mar 9 11:52:51 2009 From: bobbysoho at hotmail.com (Bobby w) Date: Mon, 9 Mar 2009 11:52:51 -0400 Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 In-Reply-To: <818283.31271.qm@web35604.mail.mud.yahoo.com> References: <818283.31271.qm@web35604.mail.mud.yahoo.com> Message-ID: Where exactly will the meeting be held and what are the hours? Thanks. Date: Mon, 9 Mar 2009 08:37:59 -0700 From: donnamarievincent at yahoo.com To: joomla at lists.nyphp.org Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 Topics for this Thursday's meeting: 1. Joomla Extension Demo - TBD* 2. KickApps for Joomla: "From social networking and user-generated content to video-sharing and widgets, social media & online communities have emerged as a very effective way to grow and increase audience engagement. We?ll discuss nine steps for creating a successful social media website." -- Michael Chin, SVP Marketing, KickApps ------------------------------------------------------------------------------- For more information (when, where, etc.), see the NYC JUG website at http://www.joomlanyc.org *Please contact me if you would like to present a demo Donna Marie VincentJoomSites, LLCWeb Development with Joomla!? WDPwww.JoomSites.com - info at joomsites.comTel.: (718) 874-6741 - Fax: (646) 731-6861 _________________________________________________________________ Hotmail? is up to 70% faster. Now good news travels really fast. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From donnamarievincent at yahoo.com Mon Mar 9 11:59:03 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Mon, 9 Mar 2009 08:59:03 -0700 (PDT) Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 In-Reply-To: References: <818283.31271.qm@web35604.mail.mud.yahoo.com> Message-ID: <411904.21895.qm@web35605.mail.mud.yahoo.com> As per the website mentioned in the the email (http://www.joomlanyc.org): Location: KickApps, 29 W. 38th Street, betw. 5th and 6th Aves., 5th Floor Time: 6:30pm-8pm ________________________________ From: Bobby w To: joomla at lists.nyphp.org Sent: Monday, March 9, 2009 11:52:51 AM Subject: Re: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 Where exactly will the meeting be held and what are the hours? Thanks. ________________________________ Date: Mon, 9 Mar 2009 08:37:59 -0700 From: donnamarievincent at yahoo.com To: joomla at lists.nyphp.org Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 Topics for this Thursday's meeting: 1. Joomla Extension Demo - TBD* 2. KickApps for Joomla: "From social networking and user-generated content to video-sharing and widgets, social media & online communities have emerged as a very effective way to grow and increase audience engagement. We?ll discuss nine steps for creating a successful social media website." -- Michael Chin, SVP Marketing, KickApps ------------------------------------------------------------------------------- For more information (when, where, etc.), see the NYC JUG website at http://www.joomlanyc.org *Please contact me if you would like to present a demo ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 ________________________________ Hotmail? is up to 70% faster. Now good news travels really fast. Find out more. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bobbysoho at hotmail.com Mon Mar 9 14:50:52 2009 From: bobbysoho at hotmail.com (Bobby w) Date: Mon, 9 Mar 2009 14:50:52 -0400 Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 In-Reply-To: <411904.21895.qm@web35605.mail.mud.yahoo.com> References: <818283.31271.qm@web35604.mail.mud.yahoo.com> <411904.21895.qm@web35605.mail.mud.yahoo.com> Message-ID: Duh on me! :) Thanks Date: Mon, 9 Mar 2009 08:59:03 -0700 From: donnamarievincent at yahoo.com To: joomla at lists.nyphp.org Subject: Re: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 As per the website mentioned in the the email (http://www.joomlanyc.org): Location: KickApps, 29 W. 38th Street, betw. 5th and 6th Aves., 5th Floor Time: 6:30pm-8pm From: Bobby w To: joomla at lists.nyphp.org Sent: Monday, March 9, 2009 11:52:51 AM Subject: Re: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 Where exactly will the meeting be held and what are the hours? Thanks. Date: Mon, 9 Mar 2009 08:37:59 -0700 From: donnamarievincent at yahoo.com To: joomla at lists.nyphp.org Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 Topics for this Thursday's meeting: 1. Joomla Extension Demo - TBD* 2. KickApps for Joomla: "From social networking and user-generated content to video-sharing and widgets, social media & online communities have emerged as a very effective way to grow and increase audience engagement. We?ll discuss nine steps for creating a successful social media website." -- Michael Chin, SVP Marketing, KickApps ------------------------------------------------------------------------------- For more information (when, where, etc.), see the NYC JUG website at http://www.joomlanyc.org *Please contact me if you would like to present a demo Donna Marie VincentJoomSites, LLCWeb Development with Joomla!? WDPwww.JoomSites.com - info at joomsites.comTel.: (718) 874-6741 - Fax: (646) 731-6861 Hotmail? is up to 70% faster. Now good news travels really fast. Find out more. _________________________________________________________________ Windows Live? Contacts: Organize your contact list. http://windowslive.com/connect/post/marcusatmicrosoft.spaces.live.com-Blog-cns!503D1D86EBB2B53C!2285.entry?ocid=TXT_TAGLM_WL_UGC_Contacts_032009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From li_gordon at yahoo.com Mon Mar 9 15:37:17 2009 From: li_gordon at yahoo.com (Laura Gordon) Date: Mon, 9 Mar 2009 12:37:17 -0700 (PDT) Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 In-Reply-To: <818283.31271.qm@web35604.mail.mud.yahoo.com> References: <818283.31271.qm@web35604.mail.mud.yahoo.com> Message-ID: <695762.88549.qm@web31808.mail.mud.yahoo.com> Can we also have some time set aside to discuss joomladay nyc, as I iwll have quotes, and ll of the details by thursday night. -- Laura ? www.RytechSites.com Create Dynamic Websites for your Company with Joomla! CMS Create Captivating Websites for your Business with HTML/FLASH ....the choice is yours! ________________________________ From: Donna Marie Vincent To: Joomla Users Group List Sent: Monday, March 9, 2009 11:37:59 AM Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 Topics for this Thursday's meeting: 1.? Joomla Extension Demo - TBD* 2.? KickApps for Joomla:? "From social networking and user-generated content to video-sharing and widgets, social media & online communities have emerged as a very effective way to grow and increase audience engagement. We?ll discuss nine steps for creating a successful social media website." -- Michael Chin, SVP Marketing, KickApps ------------------------------------------------------------------------------- For more information (when, where, etc.), see the NYC JUG website at http://www.joomlanyc.org *Please contact me if you would like to present a demo ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com? -? info at joomsites.com Tel.: (718) 874-6741? -? Fax: (646) 731-6861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From li_gordon at yahoo.com Mon Mar 9 15:39:27 2009 From: li_gordon at yahoo.com (Laura Gordon) Date: Mon, 9 Mar 2009 12:39:27 -0700 (PDT) Subject: [joomla] Converting HTML Template to JOOMLA Templates In-Reply-To: References: Message-ID: <285388.19293.qm@web31801.mail.mud.yahoo.com> I suggest Media65, it includes a complete tutorial that is outstanding,?plus the tools to convert from a dreamweaver html template into joomla... http://www.m65.net/ -- Laura ? www.RytechSites.com Create Dynamic Websites for your Company with Joomla! CMS Create Captivating Websites for your Business with HTML/FLASH ....the choice is yours! ________________________________ From: Compustretch To: NYPHP SIG: Joomla Sent: Monday, March 9, 2009 11:32:55 AM Subject: Re: [joomla] Converting HTML Template to JOOMLA Templates Are you in New York? If you come to the Joomla meeting on Thursday I'm sure anyone there could show you how to do this in about 5 minutes. -?orest On Mon, Mar 9, 2009 at 11:28 AM, Steve wrote: HI guys Anyone with a tutorial or applications that can help me convert HTML templates too work on joomla 1.5 Thanks _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From sikileng at gmail.com Tue Mar 10 06:14:18 2009 From: sikileng at gmail.com (Steve) Date: Tue, 10 Mar 2009 13:14:18 +0300 Subject: [joomla] Converting HTML Template to JOOMLA Templates In-Reply-To: References: Message-ID: Thanks laura will check the link and to compustretch am actually in kenya but if u can send a tutorial or a link i will appreciate it.. thanks guys On Mon, Mar 9, 2009 at 6:32 PM, Compustretch wrote: > Are you in New York? > > If you come to the Joomla meeting on Thursday I'm sure anyone there could > show you how to do this in about 5 minutes. > > -?orest > > > > On Mon, Mar 9, 2009 at 11:28 AM, Steve wrote: > >> HI guys >> >> Anyone with a tutorial or applications that can help me convert HTML >> templates too work on joomla 1.5 >> >> Thanks >> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From maureen at whyhunger.org Tue Mar 10 17:26:29 2009 From: maureen at whyhunger.org (Maureen Kelly) Date: Tue, 10 Mar 2009 17:26:29 -0400 Subject: [joomla] Seeking Joomla programmer Message-ID: Immediate Work Needed on site in New York City. Seeking a Joomla programmer for temporary work to rename and organize 740 backend pages on a non-profit CMS website in an effort to better reflect individual section names for ease of ongoing search and edit. Please send resume, previous Joomla websites, along with time and cost estimate to maureen at whyhunger.org Maureen Kelly, Content Manager Food Security Learning Center Global Movements Program WHY (World Hunger Year) 505 8th Ave., Suite 2100 New York, NY 10018 phone: 212-629-8850 direct: 212-629-5169 web: whyhunger.org email: maureen at whyhunger.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitch.pirtle at gmail.com Tue Mar 10 22:54:47 2009 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Tue, 10 Mar 2009 22:54:47 -0400 Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 In-Reply-To: <695762.88549.qm@web31808.mail.mud.yahoo.com> References: <818283.31271.qm@web35604.mail.mud.yahoo.com> <695762.88549.qm@web31808.mail.mud.yahoo.com> Message-ID: <330532b60903101954p7fa2741cl753a4bf6c06758c2@mail.gmail.com> Yup, we should definitely discuss it. As for the Joomla Extension TBD, can I demo MetaMod? I'm having a hell of a lot of fun playing around with it, and am starting to think it is the swiss army knife of module tools. Also as a heads up, WebTechNY will be tomorrow night at KickApps. The planned speaker ended up not being able to make it, so we're going with Josh (the guy that sits across from me) making an impromptu demo of the Widget Studio. He's the product manager of the Widget Studio and gives a much more compelling demo than I can. I know it is two days in a row (yucky for me too) but if you're interested and can make it, please do! -- Mitch On Mon, Mar 9, 2009 at 3:37 PM, Laura Gordon wrote: > Can we also have some time set aside to discuss joomladay nyc, as I iwll > have quotes, and ll of the details by thursday night. > > -- Laura > > > www.RytechSites.com > > Create Dynamic Websites for your Company with Joomla! CMS > > Create Captivating Websites for your Business with HTML/FLASH > > ....the choice is yours! > > ________________________________ > From: Donna Marie Vincent > To: Joomla Users Group List > Sent: Monday, March 9, 2009 11:37:59 AM > Subject: [joomla] Joomla User Group Meeting this Thursday -- Mar. 12, 2009 > > Topics for this Thursday's meeting: > > 1.? Joomla Extension Demo - TBD* > > 2.? KickApps for Joomla:? "From social networking and user-generated content > to video-sharing and widgets, social media & online communities have emerged > as a very effective way to grow and increase audience engagement. We?ll > discuss nine steps for creating a successful social media website." -- > Michael Chin, SVP Marketing, KickApps > > > ------------------------------------------------------------------------------- > For more information (when, where, etc.), see the NYC JUG website at > http://www.joomlanyc.org > > > *Please contact me if you would like to present a demo > > > > ________________________________ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com? -? info at joomsites.com > Tel.: (718) 874-6741? -? Fax: (646) 731-6861 > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From donnamarievincent at yahoo.com Fri Mar 13 10:17:16 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Fri, 13 Mar 2009 07:17:16 -0700 (PDT) Subject: [joomla] Artiseer Message-ID: <543557.53108.qm@web35601.mail.mud.yahoo.com> Has anyone tried http://www.artisteer.com for making Joomla templates? ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From barrie at compassdesigns.net Fri Mar 13 10:26:16 2009 From: barrie at compassdesigns.net (Barrie North) Date: Fri, 13 Mar 2009 10:26:16 -0400 Subject: [joomla] Artiseer In-Reply-To: <543557.53108.qm@web35601.mail.mud.yahoo.com> References: <543557.53108.qm@web35601.mail.mud.yahoo.com> Message-ID: <53efb6970903130726k710d6371od317cda24cffb4b9@mail.gmail.com> Yes, its pretty nifty... As a template vendor, I think its awesome. There are *so* many vendors/websites that are selling averagely coded templates at high prices, with lackluster support, *cough* Mr Monster *cough*. This tool will seperate the wheat from the chaff.... They have a free trial, check it out. Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html On Fri, Mar 13, 2009 at 10:17 AM, Donna Marie Vincent < donnamarievincent at yahoo.com> wrote: > Has anyone tried http://www.artisteer.com for making Joomla templates? > > > ------------------------------ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com - info at joomsites.com > Tel.: (718) 874-6741 - Fax: (646) 731-6861 > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at sbritton.com Fri Mar 13 14:22:32 2009 From: steve at sbritton.com (Stephen Britton) Date: Fri, 13 Mar 2009 14:22:32 -0400 Subject: [joomla] Artiseer In-Reply-To: <53efb6970903130726k710d6371od317cda24cffb4b9@mail.gmail.com> References: <543557.53108.qm@web35601.mail.mud.yahoo.com> <53efb6970903130726k710d6371od317cda24cffb4b9@mail.gmail.com> Message-ID: Interesting... looks Windows-only and there is no Mac version :-( On Fri, Mar 13, 2009 at 10:26 AM, Barrie North wrote: > Yes, its pretty nifty... > > As a template vendor, I think its awesome. There are *so* many > vendors/websites that are selling averagely coded templates at high prices, > with lackluster support, *cough* Mr Monster *cough*. > > This tool will seperate the wheat from the chaff.... > > They have a free trial, check it out. > > Barrie North > ~Fully Managed Joomla Sites~ > www.simplweb.com/joomla > ~Join the Community at compassdesigns.net~ > www.compassdesigns.net/join-the-community.html > > > On Fri, Mar 13, 2009 at 10:17 AM, Donna Marie Vincent > wrote: >> >> Has anyone tried http://www.artisteer.com for making Joomla templates? >> >> >> ________________________________ >> Donna Marie Vincent >> JoomSites, LLC >> Web Development with Joomla!? WDP >> www.JoomSites.com? -? info at joomsites.com >> Tel.: (718) 874-6741? -? Fax: (646) 731-6861 >> >> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Stephen Britton Technology Consultant Internet / VoIP / Tech Support e-mail: sbritton at gmail.com cell phone: 914-661-0040 From mitch.pirtle at gmail.com Fri Mar 13 17:45:10 2009 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Fri, 13 Mar 2009 17:45:10 -0400 Subject: [joomla] Artiseer In-Reply-To: References: <543557.53108.qm@web35601.mail.mud.yahoo.com> <53efb6970903130726k710d6371od317cda24cffb4b9@mail.gmail.com> Message-ID: <330532b60903131445q18201217kbab3f83b1104e8c1@mail.gmail.com> Windows only? Welcome to the nineties, baby! -- Mitch, shaking his head, vaguely remembering no less than 5 apps that did this a decade ago On Fri, Mar 13, 2009 at 2:22 PM, Stephen Britton wrote: > Interesting... looks Windows-only and there is no Mac version :-( > > On Fri, Mar 13, 2009 at 10:26 AM, Barrie North > wrote: >> Yes, its pretty nifty... >> >> As a template vendor, I think its awesome. There are *so* many >> vendors/websites that are selling averagely coded templates at high prices, >> with lackluster support, *cough* Mr Monster *cough*. >> >> This tool will seperate the wheat from the chaff.... >> >> They have a free trial, check it out. >> >> Barrie North >> ~Fully Managed Joomla Sites~ >> www.simplweb.com/joomla >> ~Join the Community at compassdesigns.net~ >> www.compassdesigns.net/join-the-community.html >> >> >> On Fri, Mar 13, 2009 at 10:17 AM, Donna Marie Vincent >> wrote: >>> >>> Has anyone tried http://www.artisteer.com for making Joomla templates? >>> >>> >>> ________________________________ >>> Donna Marie Vincent >>> JoomSites, LLC >>> Web Development with Joomla!? WDP >>> www.JoomSites.com? -? info at joomsites.com >>> Tel.: (718) 874-6741? -? Fax: (646) 731-6861 >>> >>> >>> _______________________________________________ >>> New York PHP SIG: Joomla! Mailing List >>> http://lists.nyphp.org/mailman/listinfo/joomla >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >> >> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > > > -- > Stephen Britton > Technology Consultant > Internet / VoIP / Tech Support > e-mail: sbritton at gmail.com > cell phone: 914-661-0040 > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From maureen at whyhunger.org Fri Mar 20 08:01:28 2009 From: maureen at whyhunger.org (Maureen Kelly) Date: Fri, 20 Mar 2009 08:01:28 -0400 Subject: [joomla] Joomla programmer needed Message-ID: <3417F229-A7B8-4DB3-A598-F48577DEE93B@mimectl> Seeking a Joomla programmer for temporary work to rename and organize 740 backend pages on a non-profit CMS website in an effort to better reflect individual section names for ease of ongoing search and edit. Also looking for Joomla design work.. Please send resume, previous Joomla websites, along with time and cost estimate to maureen at whyhunger.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From li_gordon at yahoo.com Sat Mar 21 12:52:00 2009 From: li_gordon at yahoo.com (Laura Gordon) Date: Sat, 21 Mar 2009 09:52:00 -0700 (PDT) Subject: [joomla] problem with fake registrations Message-ID: <299764.94236.qm@web31807.mail.mud.yahoo.com> Hi all, I am having a problem with registrations in joomla. I am using version 1.0.15, we have a fake organization creating fake accounts through the registration page. I have blocked the domain's ip from accessing the site, but we are still getting the fake registrations. What should I do next? thanks, Laura www.RytechSites.com Create Dynamic Websites for your Company with Joomla! CMS Create Captivating Websites for your Business with HTML/FLASH ....the choice is yours! -------------- next part -------------- An HTML attachment was scrubbed... URL: From fgabrieli at gmail.com Sat Mar 21 13:51:57 2009 From: fgabrieli at gmail.com (Fernando Gabrieli) Date: Sat, 21 Mar 2009 14:51:57 -0300 Subject: [joomla] problem with fake registrations In-Reply-To: <299764.94236.qm@web31807.mail.mud.yahoo.com> References: <299764.94236.qm@web31807.mail.mud.yahoo.com> Message-ID: Laura, did you check if it is possible to set a Captcha in Joomla? I am not sure but that would help you with this problem Best Fernando 2009/3/21 Laura Gordon > Hi all, > > I am having a problem with registrations in joomla. I am using version > 1.0.15, we have a fake organization creating fake accounts through the > registration page. > > I have blocked the domain's ip from accessing the site, but we are still > getting the fake registrations. > > What should I do next? > > thanks, > Laura > > > www.RytechSites.com > > Create Dynamic Websites for your Company with Joomla! CMS > > Create Captivating Websites for your Business with HTML/FLASH > > ....the choice is yours! > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott at wolpow.com Sat Mar 21 17:44:24 2009 From: scott at wolpow.com (Scott Wolpow) Date: Sat, 21 Mar 2009 17:44:24 -0400 Subject: [joomla] Lower Nav Message-ID: <49C55FB8.9070501@wolpow.com> Client wants to have a lower nav, that matches upper nav. Is there a way to have it in two positions? If I have to create a second menu, I rember Athony talking about a means to use the same links rather than creating new ids. Scott Wolpow From donnamarievincent at yahoo.com Sat Mar 21 17:48:35 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Sat, 21 Mar 2009 14:48:35 -0700 (PDT) Subject: [joomla] Lower Nav In-Reply-To: <49C55FB8.9070501@wolpow.com> References: <49C55FB8.9070501@wolpow.com> Message-ID: <889583.23813.qm@web35605.mail.mud.yahoo.com> You can publish the menu in two places. Go to modules and create a new menu module using the same menu. If you want to make a second menu with duplicate links, add a link as an "alias" type and it will give it the same Itemid as the original link. ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 ________________________________ From: Scott Wolpow To: NYPHP at lists.nyphp.org; SIG at lists.nyphp.org Sent: Saturday, March 21, 2009 5:44:24 PM Subject: [joomla] Lower Nav Client wants to have a lower nav, that matches upper nav. Is there a way to have it in two positions? If I have to create a second menu, I rember Athony talking about a means to use the same links rather than creating new ids. Scott Wolpow _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From donnamarievincent at yahoo.com Sat Mar 21 17:57:37 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Sat, 21 Mar 2009 14:57:37 -0700 (PDT) Subject: [joomla] problem with fake registrations In-Reply-To: References: <299764.94236.qm@web31807.mail.mud.yahoo.com> Message-ID: <724551.90679.qm@web35606.mail.mud.yahoo.com> Captcha doesn't help if it's a human entering the registrations. It can only stop robots. ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 ________________________________ From: Fernando Gabrieli To: NYPHP SIG: Joomla Sent: Saturday, March 21, 2009 1:51:57 PM Subject: Re: [joomla] problem with fake registrations Laura, did you check if it is possible to set a Captcha in Joomla? I am not sure but that would help you with this problem Best Fernando 2009/3/21 Laura Gordon Hi all, I am having a problem with registrations in joomla. I am using version 1.0.15, we have a fake organization creating fake accounts through the registration page. I have blocked the domain's ip from accessing the site, but we are still getting the fake registrations. What should I do next? thanks, Laura www.RytechSites.com Create Dynamic Websites for your Company with Joomla! CMS Create Captivating Websites for your Business with HTML/FLASH ....the choice is yours! _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From barrie at compassdesigns.net Sun Mar 22 07:54:07 2009 From: barrie at compassdesigns.net (Barrie North) Date: Sun, 22 Mar 2009 07:54:07 -0400 Subject: [joomla] Lower Nav In-Reply-To: <49C55FB8.9070501@wolpow.com> References: <49C55FB8.9070501@wolpow.com> Message-ID: <53efb6970903220454r176243eewdb636c1ff5e28729@mail.gmail.com> If you want them to be linked, create two modules that use the same menu. The set up submenu items Then, here is the sneaky part, have the first to expand only "to zero" and the second to expand "1-99". Then you'll have a split menu where the second set dynamically change based on the users site navigation choices. Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html On Sat, Mar 21, 2009 at 5:44 PM, Scott Wolpow wrote: > Client wants to have a lower nav, that matches upper nav. > > Is there a way to have it in two positions? > > If I have to create a second menu, I rember Athony talking about a means to > use the same links rather than creating new ids. > > Scott Wolpow > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From leam at reuel.net Mon Mar 23 10:28:58 2009 From: leam at reuel.net (Leam Hall) Date: Mon, 23 Mar 2009 10:28:58 -0400 Subject: [joomla] Comment add-on? Message-ID: <49C79CAA.2020208@reuel.net> Any preferences for adding Comment capability to a Joomla 1.5 site? Preferences are free, some semblance of anti-spam, and the ability to administratively drop an inappropriate comment. Leam From leam at reuel.net Mon Mar 23 10:41:08 2009 From: leam at reuel.net (Leam Hall) Date: Mon, 23 Mar 2009 10:41:08 -0400 Subject: [joomla] A funny thing happened on the way to the Menu Manager... Message-ID: <49C79F84.7000506@reuel.net> No great technical revelation here, just a bit of Monday morning humor. While going back through Barrie's book I again saw some of the Menu Manager options like: # Leading 1 # Intro 4 Columns 2 # Links 4 I've been shell scripting for a while and this is the first time I've realized three of the options aren't commented out... Leam From atirjavid at gmail.com Mon Mar 23 13:26:01 2009 From: atirjavid at gmail.com (Atir Javid) Date: Mon, 23 Mar 2009 13:26:01 -0400 Subject: [joomla] Hello. I am offering professional Joomla design and development. Message-ID: <4cfc14cf0903231026h73e11f02ue531048c0888205a@mail.gmail.com> Hello, My name is AJ. I am an OO PHP5 Developer. I have experience using MVC design pattern in various CMS/Frameworks. I use primarily Joomla. I have developed numerous Joomla powered websites. Some of my Joomla clients include http://www.prehab.com/index.php -- Pre Surgury Rehabilitation http://www.nycoda.com/index.php -- New York Dramatic Arts Competition http://www.queenscommunityhouse.org/index.php -- Queens Community House http://www.bambooyogini.com/index.php -- Holistic Fitness and Such (Integrated Eventlist/GroupJive/Fireboard/CommunityBuilder to work together) http://www.justincutting.com/index.php -- Photographer's Image Gallery http://www.oldgold4cash.com/index.php -- Sell Used Gold I am currently available for any PHP project. Compensation can be negotiated upon discussion of project details. Thank you very much. Sincerely, Atir Javid IT Consultant & Software Developer http://www.FrostedWeb.com atirjavid at gmail.com (225)328-1234 From donnamarievincent at yahoo.com Mon Mar 23 17:18:02 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Mon, 23 Mar 2009 14:18:02 -0700 (PDT) Subject: [joomla] several 1.0 sites hacked this week! Message-ID: <410875.32775.qm@web35607.mail.mud.yahoo.com> Several of my clients' 1.0.15 sites have been hacked this week! Is there a problem with 1.0? I don't see an announcement on joomla.org ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From donnamarievincent at yahoo.com Mon Mar 23 17:19:22 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Mon, 23 Mar 2009 14:19:22 -0700 (PDT) Subject: [joomla] Comment add-on? In-Reply-To: <49C79CAA.2020208@reuel.net> References: <49C79CAA.2020208@reuel.net> Message-ID: <238736.1533.qm@web35605.mail.mud.yahoo.com> I use jXtended.com's commenting system. Not free, but I trust them. $30 ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 ________________________________ From: Leam Hall To: NYPHP at lists.nyphp.org; SIG at lists.nyphp.org Sent: Monday, March 23, 2009 10:28:58 AM Subject: [joomla] Comment add-on? Any preferences for adding Comment capability to a Joomla 1.5 site? Preferences are free, some semblance of anti-spam, and the ability to administratively drop an inappropriate comment. Leam _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From donnamarievincent at yahoo.com Mon Mar 23 18:52:06 2009 From: donnamarievincent at yahoo.com (Donna Marie Vincent) Date: Mon, 23 Mar 2009 15:52:06 -0700 (PDT) Subject: [joomla] bludomain.com's flash templates Message-ID: <971294.72480.qm@web35605.mail.mud.yahoo.com> Has anyone used BluDomain's flash templates? They cost $400! ________________________________ Donna Marie Vincent JoomSites, LLC Web Development with Joomla!? WDP www.JoomSites.com - info at joomsites.com Tel.: (718) 874-6741 - Fax: (646) 731-6861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From barrie at compassdesigns.net Mon Mar 23 19:20:51 2009 From: barrie at compassdesigns.net (Barrie North) Date: Mon, 23 Mar 2009 19:20:51 -0400 Subject: [joomla] Comment add-on? In-Reply-To: <238736.1533.qm@web35605.mail.mud.yahoo.com> References: <49C79CAA.2020208@reuel.net> <238736.1533.qm@web35605.mail.mud.yahoo.com> Message-ID: <53efb6970903231620o473ad953r1c52e61d9770a7a0@mail.gmail.com> I use Azrul's Jomcomment. Seems to be the most mature solution out there... Barrie North On 3/23/09, Donna Marie Vincent wrote: > I use jXtended.com's commenting system. Not free, but I trust them. $30 > > > > ________________________________ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com - info at joomsites.com > Tel.: (718) 874-6741 - Fax: (646) 731-6861 > > > > > > ________________________________ > From: Leam Hall > To: NYPHP at lists.nyphp.org; SIG at lists.nyphp.org > Sent: Monday, March 23, 2009 10:28:58 AM > Subject: [joomla] Comment add-on? > > Any preferences for adding Comment capability to a Joomla 1.5 site? > Preferences are free, some semblance of anti-spam, and the ability to > administratively drop an inappropriate comment. > > Leam > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html From graham at nuthinwerked.com Tue Mar 24 12:12:11 2009 From: graham at nuthinwerked.com (Graham Spice) Date: Tue, 24 Mar 2009 12:12:11 -0400 Subject: [joomla] Anyone want to take over a project? In-Reply-To: Message-ID: Hello Joomla NYC- I created a project called gigCalendar a few years ago and it has been very successful. I?m not in a position right now to focus my energies on gigCalendar and would love to hand it off to someone interested in taking it to Joomla 1.5. Contact me directly if you?re interested: captgigcal at gmail.com Best- Graham Spice http://gigcalendar.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From scott at wolpow.com Tue Mar 24 18:56:11 2009 From: scott at wolpow.com (Scott Wolpow) Date: Tue, 24 Mar 2009 18:56:11 -0400 Subject: [joomla] Anyone want to take over a project? In-Reply-To: References: Message-ID: <49C9650B.6070509@wolpow.com> I may be interested, what are the details? Scott On 3/24/2009 12:12 PM, Graham Spice wrote: > Hello Joomla NYC- > > I created a project called gigCalendar a few years ago and it has been > very successful. I?m not in a position right now to focus my energies > on gigCalendar and would love to hand it off to someone interested in > taking it to Joomla 1.5. Contact me directly if you?re interested: > captgigcal at gmail.com > > Best- > Graham Spice > > http://gigcalendar.net > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > ------------------------------------------------------------------------ > > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.557 / Virus Database: 270.11.25/2019 - Release Date: 3/23/2009 6:51 PM > From masimko at verizon.net Wed Mar 25 23:23:22 2009 From: masimko at verizon.net (Mark Simko) Date: Wed, 25 Mar 2009 23:23:22 -0400 Subject: [joomla] several 1.0 sites hacked this week! Message-ID: <1238037802.7402.271.camel@jersey> Several of my clients' 1.0.15 sites have been hacked this week! Is there a problem with 1.0? I don't see an announcement on joomla.org I just saw that my site was hacked the other day. Fortunately they bunged it up a bit, so the code didn't run, but instead gave an error message. What they had done is append javascript to the index.php file. It was disguised as ascii codes, and there were several var defined and substituted in, but the result was that it attempted to open a hidden iframe directed to siplank.com. When I tried to open siplank.com in a web browser (yes, I did that! I do lots of crazy things out of curiosity) Firefox stopped it with a warning about the site being known for malware. I'm running 1.5.9 on a shared host. I will be calling my host and asking them what they can find out from their logs as to what happened. From atirjavid at gmail.com Thu Mar 26 03:59:15 2009 From: atirjavid at gmail.com (Atir Javid) Date: Thu, 26 Mar 2009 03:59:15 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <1238037802.7402.271.camel@jersey> References: <1238037802.7402.271.camel@jersey> Message-ID: <4cfc14cf0903260059r562ebc27jcf048e8cafffef78@mail.gmail.com> Top 10 Stupidest Administrator Tricks >From Joomla! Documentation 10. Use the cheapest hosting provider you can find. Preferably use a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers. 9. Don't waste time with regular backups. Maybe the hosting provider will help you out. 8. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem. 7. Use the same username and password for everything. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere. 6. Install your brand new beautiful Joomla!-powered site, and celebrate a job well done. Don't worry about it again. After all, if you don't make any more changes, what can go wrong? 5. Do all upgrades on the live site right away. Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused. 4. Trust third-party extensions. Install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing. 3. Don't worry about updating to the latest version of Joomla! Hey, nothing has gone wrong so far, and if it ain't broke don't fix it! Same plan for the third-party extensions. Too much work; life's a beach. 2. When your site gets cracked, panic your way into the Joomla! Forums. Start a new post with a very familiar title: "My Site's Been Hacked! (sic)" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions you installed. 1. Once your site's been cracked, fix the defaced index.php file and assume all else is well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming action. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site. From atirjavid at gmail.com Thu Mar 26 04:00:47 2009 From: atirjavid at gmail.com (Atir Javid) Date: Thu, 26 Mar 2009 04:00:47 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <4cfc14cf0903260059r562ebc27jcf048e8cafffef78@mail.gmail.com> References: <1238037802.7402.271.camel@jersey> <4cfc14cf0903260059r562ebc27jcf048e8cafffef78@mail.gmail.com> Message-ID: <4cfc14cf0903260100g741e989cj9bf6654f8f4166c@mail.gmail.com> You should look into upgrading to 1.5.9 for all your 1.0 sites. Check all your logs to try and find out HOW they got in. AFAIK there are no known security holes atm. From barrie at compassdesigns.net Thu Mar 26 08:59:29 2009 From: barrie at compassdesigns.net (Barrie North) Date: Thu, 26 Mar 2009 08:59:29 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <1238037802.7402.271.camel@jersey> References: <1238037802.7402.271.camel@jersey> Message-ID: <53efb6970903260559h60ed0a6av4676b41d4e96739f@mail.gmail.com> We got hacked last month by a brute force attack on our FTP password. Once they had that, they got into the Joomla files. Any site can be hacked. The other half of the equation is vigilance and backups :) Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko wrote: > > Several of my clients' 1.0.15 sites have been hacked this week! Is > there a problem with 1.0? > > I don't see an announcement on joomla.org > > I just saw that my site was hacked the other day. Fortunately they > bunged it up a bit, so the code didn't run, but instead gave an error > message. > > What they had done is append javascript to the index.php file. It was > disguised as ascii codes, and there were several var defined and > substituted in, but the result was that it attempted to open a hidden > iframe directed to siplank.com. When I tried to open siplank.com in a > web browser (yes, I did that! I do lots of crazy things out of > curiosity) Firefox stopped it with a warning about the site being known > for malware. > > I'm running 1.5.9 on a shared host. I will be calling my host and asking > them what they can find out from their logs as to what happened. > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitch.pirtle at gmail.com Thu Mar 26 10:34:26 2009 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Thu, 26 Mar 2009 10:34:26 -0400 Subject: [joomla] bludomain.com's flash templates In-Reply-To: <971294.72480.qm@web35605.mail.mud.yahoo.com> References: <971294.72480.qm@web35605.mail.mud.yahoo.com> Message-ID: <330532b60903260734t5eea1be0n895ada496d03752d@mail.gmail.com> "They cost $400!" I think you just answered your own question ;-) -- Mitch 2009/3/23 Donna Marie Vincent : > Has anyone used BluDomain's flash templates?? They cost $400! > > ________________________________ > Donna Marie Vincent > JoomSites, LLC > Web Development with Joomla!? WDP > www.JoomSites.com? -? info at joomsites.com > Tel.: (718) 874-6741? -? Fax: (646) 731-6861 > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From paul at gubavision.com Thu Mar 26 10:52:08 2009 From: paul at gubavision.com (paul at gubavision.com) Date: Thu, 26 Mar 2009 10:52:08 -0400 Subject: [joomla] bludomain.com's flash templates In-Reply-To: <330532b60903260734t5eea1be0n895ada496d03752d@mail.gmail.com> References: <971294.72480.qm@web35605.mail.mud.yahoo.com> <330532b60903260734t5eea1be0n895ada496d03752d@mail.gmail.com> Message-ID: <20090326105208.65223hur2wjgxf2w@204.14.90.11> No expert here. I looked at what they offered and it is nicely done. I did have some issues with how their sites displayed on Firefox Mac OSX. Could I do it myself probably not. Could I hire someone to do it for that money? Maybe? Do I have any volunteers? I think you can buy the template for $200 if you host it yourself. It is hard for me to tell I find their wording is kind of cryptic. I don't like that there is limits to what you can do as far as amount of galleries etc. That would be the deal breaker for me. If you look at something like livebooks it seems like a bargain. Paul Guba Quoting "Mitch Pirtle" : > "They cost $400!" > > I think you just answered your own question ;-) > > -- Mitch > > 2009/3/23 Donna Marie Vincent : >> Has anyone used BluDomain's flash templates?? They cost $400! >> >> ________________________________ >> Donna Marie Vincent >> JoomSites, LLC >> Web Development with Joomla!? WDP >> www.JoomSites.com? -? info at joomsites.com >> Tel.: (718) 874-6741? -? Fax: (646) 731-6861 >> >> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From masimko at verizon.net Thu Mar 26 16:39:58 2009 From: masimko at verizon.net (Mark Simko) Date: Thu, 26 Mar 2009 16:39:58 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: References: Message-ID: <1238099998.6583.11.camel@jersey> On Thu, 2009-03-26 at 12:00 -0400, joomla-request at lists.nyphp.org wrote: Top posting because of the length of the prior post. The tone of this response appears condescending, although it may not have been meant that way. Perhaps it's just the title that gives the post that appearance. I can think of several reasons why a site may still be running an older version of Joomla! than the latest and greatest. It may be that the client does not want to pay for the work involved in an upgrade, or that the client cannot afford to pay for it. Or, perhaps the extensions being used on the site do not have stable 1.5 versions yet. There may be reasons why the site is run on a shared host. To some that may seem like a less than ideal situation, but for others, shared hosting and low hosting fees may fit them better. I think the original post about being hacked was meant to be informative and perhaps intended to spark a discussion. This reply seems like a lecture. If so, it's unwarranted. If I'm wrong about the intent, then I apologize, but sometimes the elitist tone gets my ire up. Mark > Top 10 Stupidest Administrator Tricks > >From Joomla! Documentation > > > 10. Use the cheapest hosting provider you can find. > > Preferably use a shared server that hosts hundreds of other sites, > some of which are high-traffic porn sites. Don't check the list of > recommended hosting providers. > > 9. Don't waste time with regular backups. > > Maybe the hosting provider will help you out. > > 8. Don't waste time adjusting PHP and Joomla! settings for increased security. > > Hey, the install was brain-dead easy. How bad could the rest be? > Worry about those details only if there's a problem. > > 7. Use the same username and password for everything. > > Use the same username and password for your on-line bank account, > Joomla! administrator account, Amazon account, Yahoo account, etc. > Hey, who has time to keep track of so many passwords? And anyway, > since you don't change passwords, it's easier to just use the same one > all the time, everywhere. > > 6. Install your brand new beautiful Joomla!-powered site, and > celebrate a job well done. > > Don't worry about it again. After all, if you don't make any more > changes, what can go wrong? > > 5. Do all upgrades on the live site right away. > > Who needs a development and testing server anyway? If an > installation fails, you'll just uninstall it again. That will > hopefully also undo any damage the installation caused. > > 4. Trust third-party extensions. > > Install all the cool-looking stuff you can find. Anyone smart > enough to write a Joomla! extension will provide perfect code that > blocks every known exploit attempt, now and forever. After all, almost > all this stuff is provided for free by well-meaning, good-hearted > people who know what they are doing. > > 3. Don't worry about updating to the latest version of Joomla! > > Hey, nothing has gone wrong so far, and if it ain't broke don't > fix it! Same plan for the third-party extensions. Too much work; > life's a beach. > > 2. When your site gets cracked, panic your way into the Joomla! Forums. > > Start a new post with a very familiar title: "My Site's Been > Hacked! (sic)" Be sure not to leave relevant information, such as > which obsolete versions of Joomla! and third party extensions you > installed. > > 1. Once your site's been cracked, fix the defaced index.php file and > assume all else is well. > > Don't check raw logs, change your passwords, remove the entire > directory and rebuild from clean backups, or take any other overly > paranoid-seeming action. When the attackers return the next day, > scream loudly that you've been "hacked again," and it's all Joomla!'s > fault. Ignore the fact that removing a defaced file is not even step > one in the difficult process of fully recovering a cracked site. > > From atirjavid at gmail.com Thu Mar 26 18:19:08 2009 From: atirjavid at gmail.com (Atir Javid) Date: Thu, 26 Mar 2009 18:19:08 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <1238099998.6583.11.camel@jersey> References: <1238099998.6583.11.camel@jersey> Message-ID: <4cfc14cf0903261519t77cb4bb5y2bd3eff19176adc5@mail.gmail.com> I posted the 10 top things for fun, its a funny thing. Don't take it as condescending please, its not meant like that, instead learn from it. Just good fun :) On Thu, Mar 26, 2009 at 4:39 PM, Mark Simko wrote: > On Thu, 2009-03-26 at 12:00 -0400, joomla-request at lists.nyphp.org wrote: > > Top posting because of the length of the prior post. > > The tone of this response appears condescending, although it may not > have been meant that way. Perhaps it's just the title that gives the > post that appearance. > > I can think of several reasons why a site may still be running an older > version of Joomla! than the latest and greatest. It may be that the > client does not want to pay for the work involved in an upgrade, or that > the client cannot afford to pay for it. Or, perhaps the extensions being > used on the site do not have stable 1.5 versions yet. > > There may be reasons why the site is run on a shared host. To some that > may seem like a less than ideal situation, but for others, shared > hosting and low hosting fees may fit them better. > > I think the original post about being hacked was meant to be informative > and perhaps intended to spark a discussion. This reply seems like a > lecture. If so, it's unwarranted. If I'm wrong about the intent, then I > apologize, but sometimes the elitist tone gets my ire up. > > Mark > >> Top 10 Stupidest Administrator Tricks >> >From Joomla! Documentation >> >> >> 10. Use the cheapest hosting provider you can find. >> >> ? ? Preferably use a shared server that hosts hundreds of other sites, >> some of which are high-traffic porn sites. Don't check the list of >> recommended hosting providers. >> >> 9. Don't waste time with regular backups. >> >> ? ? Maybe the hosting provider will help you out. >> >> 8. Don't waste time adjusting PHP and Joomla! settings for increased security. >> >> ? ? Hey, the install was brain-dead easy. How bad could the rest be? >> Worry about those details only if there's a problem. >> >> 7. Use the same username and password for everything. >> >> ? ? Use the same username and password for your on-line bank account, >> Joomla! administrator account, Amazon account, Yahoo account, etc. >> Hey, who has time to keep track of so many passwords? And anyway, >> since you don't change passwords, it's easier to just use the same one >> all the time, everywhere. >> >> 6. Install your brand new beautiful Joomla!-powered site, and >> celebrate a job well done. >> >> ? ? Don't worry about it again. After all, if you don't make any more >> changes, what can go wrong? >> >> 5. Do all upgrades on the live site right away. >> >> ? ? Who needs a development and testing server anyway? If an >> installation fails, you'll just uninstall it again. That will >> hopefully also undo any damage the installation caused. >> >> 4. Trust third-party extensions. >> >> ? ? Install all the cool-looking stuff you can find. Anyone smart >> enough to write a Joomla! extension will provide perfect code that >> blocks every known exploit attempt, now and forever. After all, almost >> all this stuff is provided for free by well-meaning, good-hearted >> people who know what they are doing. >> >> 3. Don't worry about updating to the latest version of Joomla! >> >> ? ? Hey, nothing has gone wrong so far, and if it ain't broke don't >> fix it! Same plan for the third-party extensions. Too much work; >> life's a beach. >> >> 2. When your site gets cracked, panic your way into the Joomla! Forums. >> >> ? ? Start a new post with a very familiar title: "My Site's Been >> Hacked! (sic)" Be sure not to leave relevant information, such as >> which obsolete versions of Joomla! and third party extensions you >> installed. >> >> 1. Once your site's been cracked, fix the defaced index.php file and >> assume all else is well. >> >> ? ? Don't check raw logs, change your passwords, remove the entire >> directory and rebuild from clean backups, or take any other overly >> paranoid-seeming action. When the attackers return the next day, >> scream loudly that you've been "hacked again," and it's all Joomla!'s >> fault. Ignore the fact that removing a defaced file is not even step >> one in the difficult process of fully recovering a cracked site. >> >> > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From atirjavid at gmail.com Thu Mar 26 19:29:00 2009 From: atirjavid at gmail.com (Atir Javid) Date: Thu, 26 Mar 2009 19:29:00 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <53efb6970903260559h60ed0a6av4676b41d4e96739f@mail.gmail.com> References: <1238037802.7402.271.camel@jersey> <53efb6970903260559h60ed0a6av4676b41d4e96739f@mail.gmail.com> Message-ID: <4cfc14cf0903261629i11ea67cdv8cf366b941b20699@mail.gmail.com> Hello Barrie, May I inquire as to how you verified the attack? I know that FTP bruteforcing is extremely difficult, and that is very improbable. What you may have faced was a dictionary attack, which may have worked with some luck if you had a weak password. A password including a mix of 1) UPPERCASE 2) lowercase 3) punctuation/!#$., 4) numbers and have a good strong/long password you would never fall victim to dictionary. As for bruteforce, an ftpd simply denies access after 3 or 5 (configurable, usually defaults to 3) failed login attempts for some time. Some hosts go as far as restricting ftp access until you call them and verify the problem. Also, brute forcing over a TCP pipe a slow protocol such as FTP is virtually impossible. At this rate it would take YEARS to bruteforce the password if not DECADES. @ Other users Also make sure to go into joomla user configuration and change the username of 'admin' to something else. To protect your joomla administation section If you have a static ip, you can add order allow,deny deny from all allow from your.static.ip.here to a file called .htaccess in your administration folder. If for some reason your ip changes and you get locked out, simply login via FTP and update the .htaccess file. There are some other advanced methods for protecting your administration folder. Also, FTP was a protocol developed 30+ years ago. It is not secure, clear text authentication, etc. FTP must go. If you can help it, do not use ftp, instead SFTP, or SSH. Just.. anything but FTP. Sadly, thats all that is easy to use, highly available across all hosts, and not everyone on shared hosting provides SSH access. If you can do without it, do without it. http://wooledge.org/mywiki/FtpMustDie I have seen more sites hacked due to unpatched php or bad php code(mostly from 3rd party addons) more than I have with FTP though. Still with good security practices you can reduce the risk considerably. Peace. 2009/3/26 Barrie North : > We got hacked last month by a brute force attack on our FTP password. Once > they had that, they got into the Joomla files. > > Any site can be hacked. The other half of the equation is vigilance and > backups :) > > Barrie North > ~Fully Managed Joomla Sites~ > www.simplweb.com/joomla > ~Join the Community at compassdesigns.net~ > www.compassdesigns.net/join-the-community.html > > > On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko wrote: >> >> Several of my clients' 1.0.15 sites have been hacked this week! ?Is >> there a problem with 1.0? >> >> I don't see an announcement on joomla.org >> >> I just saw that my site was hacked the other day. Fortunately they >> bunged it up a bit, so the code didn't run, but instead gave an error >> message. >> >> What they had done is append javascript to the index.php file. It was >> disguised as ascii codes, and there were several var defined and >> substituted in, but the result was that it attempted to open a hidden >> iframe directed to siplank.com. When I tried to open siplank.com in a >> web browser (yes, I did that! I do lots of crazy things out of >> curiosity) Firefox stopped it with a warning about the site being known >> for malware. >> >> I'm running 1.5.9 on a shared host. I will be calling my host and asking >> them what they can find out from their logs as to what happened. >> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From barrie at compassdesigns.net Thu Mar 26 20:04:54 2009 From: barrie at compassdesigns.net (Barrie North) Date: Thu, 26 Mar 2009 20:04:54 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <4cfc14cf0903261629i11ea67cdv8cf366b941b20699@mail.gmail.com> References: <1238037802.7402.271.camel@jersey> <53efb6970903260559h60ed0a6av4676b41d4e96739f@mail.gmail.com> <4cfc14cf0903261629i11ea67cdv8cf366b941b20699@mail.gmail.com> Message-ID: <53efb6970903261704r76f29636k7bb010dc6632eefa@mail.gmail.com> We found the attacks/IP in the server logs. A financially backed hacker outfit from Nigeria, go figure. The joys of having a PR9 site =P Our password was 10 chars including letters, numbers and punctuation. We are hosted on a "secured" rackspace server. We don't have FTP running any more! Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html On Thu, Mar 26, 2009 at 7:29 PM, Atir Javid wrote: > Hello Barrie, > > May I inquire as to how you verified the attack? I know that FTP > bruteforcing is extremely difficult, and that is very improbable. > What you may have faced was a dictionary attack, which may have worked > with some luck if you had a weak password. A password including a mix > of > > 1) UPPERCASE > 2) lowercase > 3) punctuation/!#$., > 4) numbers > > and have a good strong/long password you would never fall victim to > dictionary. > > As for bruteforce, an ftpd simply denies access after 3 or 5 > (configurable, usually defaults to 3) failed login attempts for some > time. Some hosts go as far as restricting ftp access until you call > them and verify the problem. Also, brute forcing over a TCP pipe a > slow protocol such as FTP is virtually impossible. At this rate it > would take YEARS to bruteforce the password if not DECADES. > > @ Other users > Also make sure to go into joomla user configuration and change the > username of 'admin' to something else. > To protect your joomla administation section If you have a static ip, > you can add > > order allow,deny > deny from all > allow from your.static.ip.here > > to a file called .htaccess in your administration folder. If for some > reason your ip changes and you get locked out, simply login via FTP > and update the .htaccess file. There are some other advanced methods > for protecting your administration folder. > > Also, FTP was a protocol developed 30+ years ago. It is not secure, > clear text authentication, etc. FTP must go. If you can help it, do > not use ftp, instead SFTP, or SSH. Just.. anything but FTP. Sadly, > thats all that is easy to use, highly available across all hosts, and > not everyone on shared hosting provides SSH access. If you can do > without it, do without it. http://wooledge.org/mywiki/FtpMustDie > > I have seen more sites hacked due to unpatched php or bad php > code(mostly from 3rd party addons) more than I have with FTP though. > > Still with good security practices you can reduce the risk considerably. > > Peace. > > > > > 2009/3/26 Barrie North : > > We got hacked last month by a brute force attack on our FTP password. > Once > > they had that, they got into the Joomla files. > > > > Any site can be hacked. The other half of the equation is vigilance and > > backups :) > > > > Barrie North > > ~Fully Managed Joomla Sites~ > > www.simplweb.com/joomla > > ~Join the Community at compassdesigns.net~ > > www.compassdesigns.net/join-the-community.html > > > > > > On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko > wrote: > >> > >> Several of my clients' 1.0.15 sites have been hacked this week! Is > >> there a problem with 1.0? > >> > >> I don't see an announcement on joomla.org > >> > >> I just saw that my site was hacked the other day. Fortunately they > >> bunged it up a bit, so the code didn't run, but instead gave an error > >> message. > >> > >> What they had done is append javascript to the index.php file. It was > >> disguised as ascii codes, and there were several var defined and > >> substituted in, but the result was that it attempted to open a hidden > >> iframe directed to siplank.com. When I tried to open siplank.com in a > >> web browser (yes, I did that! I do lots of crazy things out of > >> curiosity) Firefox stopped it with a warning about the site being known > >> for malware. > >> > >> I'm running 1.5.9 on a shared host. I will be calling my host and asking > >> them what they can find out from their logs as to what happened. > >> > >> _______________________________________________ > >> New York PHP SIG: Joomla! Mailing List > >> http://lists.nyphp.org/mailman/listinfo/joomla > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > > > > > > _______________________________________________ > > New York PHP SIG: Joomla! Mailing List > > http://lists.nyphp.org/mailman/listinfo/joomla > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mitch.pirtle at gmail.com Thu Mar 26 20:40:33 2009 From: mitch.pirtle at gmail.com (Mitch Pirtle) Date: Thu, 26 Mar 2009 20:40:33 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <53efb6970903261704r76f29636k7bb010dc6632eefa@mail.gmail.com> References: <1238037802.7402.271.camel@jersey> <53efb6970903260559h60ed0a6av4676b41d4e96739f@mail.gmail.com> <4cfc14cf0903261629i11ea67cdv8cf366b941b20699@mail.gmail.com> <53efb6970903261704r76f29636k7bb010dc6632eefa@mail.gmail.com> Message-ID: <330532b60903261740v762bd8f2va60124af3c29f0ee@mail.gmail.com> This information is unfortunately too late for Barrie, but I have found vsftpd (Very Secure FTP Daemon) not only secure but wikkid fast to boot. It supports SFTP, so folks that don't have SSH/SCP can still use a half-decent client and run over a moderately encrypted connection. As for the defense of folks running PHP4, mass shared hosting, and whatnot... I just made an off-hand comment a few seconds ago regarding folks using outdated javascript menus that search bots could not parse: "If you're not keeping up with the times, don't expect your website to perform well." I cannot stress that enough. Seriously. Don't take your horse and cart on the information superhighway; and if that is all you can afford, perhaps you need to save up before you take that first ride, and for certain stay well away from the fast lane. Just like starting a business - if you cannot pony up the funds required to incorporate a legitimate entity, don't expected to be treated like a legitimate entity! I know it may sound harsh, maybe I'm just grumpy from working too many hours. -- Mitch, grumpy from working too many hours 2009/3/26 Barrie North : > We found the attacks/IP in the server logs. A financially backed hacker > outfit from Nigeria, go figure. The joys of having a PR9 site =P > > Our password was 10 chars including letters, numbers and punctuation. We are > hosted on a "secured" rackspace server. > > We don't have FTP running any more! > > Barrie North > ~Fully Managed Joomla Sites~ > www.simplweb.com/joomla > ~Join the Community at compassdesigns.net~ > www.compassdesigns.net/join-the-community.html > > > On Thu, Mar 26, 2009 at 7:29 PM, Atir Javid wrote: >> >> Hello Barrie, >> >> May I inquire as to how you verified the attack? ?I know that FTP >> bruteforcing is extremely difficult, and that is very improbable. >> What you may have faced was a dictionary attack, which may have worked >> with some luck if you had a weak password. ?A password including a mix >> of >> >> 1) UPPERCASE >> 2) lowercase >> 3) punctuation/!#$., >> 4) numbers >> >> and have a good strong/long password you would never fall victim to >> dictionary. >> >> As for bruteforce, an ftpd simply denies access after 3 or 5 >> (configurable, usually defaults to 3) failed login attempts for some >> time. ?Some hosts go as far as restricting ftp access until you call >> them and verify the problem. ?Also, brute forcing over a TCP pipe a >> slow protocol such as FTP is virtually impossible. ?At this rate it >> would take YEARS to bruteforce the password if not DECADES. >> >> @ Other users >> Also make sure to go into joomla user configuration and change the >> username of 'admin' to something else. >> To protect your joomla administation section ?If you have a static ip, >> you can add >> >> order allow,deny >> deny from all >> allow from your.static.ip.here >> >> to a file called .htaccess in your administration folder. ?If for some >> reason your ip changes and you get locked out, simply login via FTP >> and update the .htaccess file. ?There are some other advanced methods >> for protecting your administration folder. >> >> Also, FTP was a protocol developed 30+ years ago. ?It is not secure, >> clear text authentication, etc. ?FTP must go. ?If you can help it, do >> not use ftp, instead SFTP, or SSH. ?Just.. anything but FTP. ?Sadly, >> thats all that is easy to use, highly available across all hosts, and >> not everyone on shared hosting provides SSH access. ?If you can do >> without it, do without it. http://wooledge.org/mywiki/FtpMustDie >> >> I have seen more sites hacked due to unpatched php or bad php >> code(mostly from 3rd party addons) more than I have with FTP though. >> >> Still with good security practices you can reduce the risk considerably. >> >> Peace. >> >> >> >> >> 2009/3/26 Barrie North : >> > We got hacked last month by a brute force attack on our FTP password. >> > Once >> > they had that, they got into the Joomla files. >> > >> > Any site can be hacked. The other half of the equation is vigilance and >> > backups :) >> > >> > Barrie North >> > ~Fully Managed Joomla Sites~ >> > www.simplweb.com/joomla >> > ~Join the Community at compassdesigns.net~ >> > www.compassdesigns.net/join-the-community.html >> > >> > >> > On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko >> > wrote: >> >> >> >> Several of my clients' 1.0.15 sites have been hacked this week! ?Is >> >> there a problem with 1.0? >> >> >> >> I don't see an announcement on joomla.org >> >> >> >> I just saw that my site was hacked the other day. Fortunately they >> >> bunged it up a bit, so the code didn't run, but instead gave an error >> >> message. >> >> >> >> What they had done is append javascript to the index.php file. It was >> >> disguised as ascii codes, and there were several var defined and >> >> substituted in, but the result was that it attempted to open a hidden >> >> iframe directed to siplank.com. When I tried to open siplank.com in a >> >> web browser (yes, I did that! I do lots of crazy things out of >> >> curiosity) Firefox stopped it with a warning about the site being known >> >> for malware. >> >> >> >> I'm running 1.5.9 on a shared host. I will be calling my host and >> >> asking >> >> them what they can find out from their logs as to what happened. >> >> >> >> _______________________________________________ >> >> New York PHP SIG: Joomla! Mailing List >> >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> >> >> NYPHPCon 2006 Presentations Online >> >> http://www.nyphpcon.com >> >> >> >> Show Your Participation in New York PHP >> >> http://www.nyphp.org/show_participation.php >> > >> > >> > _______________________________________________ >> > New York PHP SIG: Joomla! Mailing List >> > http://lists.nyphp.org/mailman/listinfo/joomla >> > >> > NYPHPCon 2006 Presentations Online >> > http://www.nyphpcon.com >> > >> > Show Your Participation in New York PHP >> > http://www.nyphp.org/show_participation.php >> > >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > From barrie at compassdesigns.net Thu Mar 26 20:47:57 2009 From: barrie at compassdesigns.net (Barrie North) Date: Thu, 26 Mar 2009 20:47:57 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <330532b60903261740v762bd8f2va60124af3c29f0ee@mail.gmail.com> References: <1238037802.7402.271.camel@jersey> <53efb6970903260559h60ed0a6av4676b41d4e96739f@mail.gmail.com> <4cfc14cf0903261629i11ea67cdv8cf366b941b20699@mail.gmail.com> <53efb6970903261704r76f29636k7bb010dc6632eefa@mail.gmail.com> <330532b60903261740v762bd8f2va60124af3c29f0ee@mail.gmail.com> Message-ID: <53efb6970903261747nd3feabfl6320b960666a24c7@mail.gmail.com> But why are you using javascript for your menus... ;) /runs to twitter Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html On Thu, Mar 26, 2009 at 8:40 PM, Mitch Pirtle wrote: > This information is unfortunately too late for Barrie, but I have > found vsftpd (Very Secure FTP Daemon) not only secure but wikkid fast > to boot. It supports SFTP, so folks that don't have SSH/SCP can still > use a half-decent client and run over a moderately encrypted > connection. > > As for the defense of folks running PHP4, mass shared hosting, and > whatnot... I just made an off-hand comment a few seconds ago regarding > folks using outdated javascript menus that search bots could not > parse: > > "If you're not keeping up with the times, don't expect your website to > perform well." > > I cannot stress that enough. Seriously. Don't take your horse and cart > on the information superhighway; and if that is all you can afford, > perhaps you need to save up before you take that first ride, and for > certain stay well away from the fast lane. Just like starting a > business - if you cannot pony up the funds required to incorporate a > legitimate entity, don't expected to be treated like a legitimate > entity! > > I know it may sound harsh, maybe I'm just grumpy from working too many > hours. > > -- Mitch, grumpy from working too many hours > > 2009/3/26 Barrie North : > > We found the attacks/IP in the server logs. A financially backed hacker > > outfit from Nigeria, go figure. The joys of having a PR9 site =P > > > > Our password was 10 chars including letters, numbers and punctuation. We > are > > hosted on a "secured" rackspace server. > > > > We don't have FTP running any more! > > > > Barrie North > > ~Fully Managed Joomla Sites~ > > www.simplweb.com/joomla > > ~Join the Community at compassdesigns.net~ > > www.compassdesigns.net/join-the-community.html > > > > > > On Thu, Mar 26, 2009 at 7:29 PM, Atir Javid wrote: > >> > >> Hello Barrie, > >> > >> May I inquire as to how you verified the attack? I know that FTP > >> bruteforcing is extremely difficult, and that is very improbable. > >> What you may have faced was a dictionary attack, which may have worked > >> with some luck if you had a weak password. A password including a mix > >> of > >> > >> 1) UPPERCASE > >> 2) lowercase > >> 3) punctuation/!#$., > >> 4) numbers > >> > >> and have a good strong/long password you would never fall victim to > >> dictionary. > >> > >> As for bruteforce, an ftpd simply denies access after 3 or 5 > >> (configurable, usually defaults to 3) failed login attempts for some > >> time. Some hosts go as far as restricting ftp access until you call > >> them and verify the problem. Also, brute forcing over a TCP pipe a > >> slow protocol such as FTP is virtually impossible. At this rate it > >> would take YEARS to bruteforce the password if not DECADES. > >> > >> @ Other users > >> Also make sure to go into joomla user configuration and change the > >> username of 'admin' to something else. > >> To protect your joomla administation section If you have a static ip, > >> you can add > >> > >> order allow,deny > >> deny from all > >> allow from your.static.ip.here > >> > >> to a file called .htaccess in your administration folder. If for some > >> reason your ip changes and you get locked out, simply login via FTP > >> and update the .htaccess file. There are some other advanced methods > >> for protecting your administration folder. > >> > >> Also, FTP was a protocol developed 30+ years ago. It is not secure, > >> clear text authentication, etc. FTP must go. If you can help it, do > >> not use ftp, instead SFTP, or SSH. Just.. anything but FTP. Sadly, > >> thats all that is easy to use, highly available across all hosts, and > >> not everyone on shared hosting provides SSH access. If you can do > >> without it, do without it. http://wooledge.org/mywiki/FtpMustDie > >> > >> I have seen more sites hacked due to unpatched php or bad php > >> code(mostly from 3rd party addons) more than I have with FTP though. > >> > >> Still with good security practices you can reduce the risk considerably. > >> > >> Peace. > >> > >> > >> > >> > >> 2009/3/26 Barrie North : > >> > We got hacked last month by a brute force attack on our FTP password. > >> > Once > >> > they had that, they got into the Joomla files. > >> > > >> > Any site can be hacked. The other half of the equation is vigilance > and > >> > backups :) > >> > > >> > Barrie North > >> > ~Fully Managed Joomla Sites~ > >> > www.simplweb.com/joomla > >> > ~Join the Community at compassdesigns.net~ > >> > www.compassdesigns.net/join-the-community.html > >> > > >> > > >> > On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko > >> > wrote: > >> >> > >> >> Several of my clients' 1.0.15 sites have been hacked this week! Is > >> >> there a problem with 1.0? > >> >> > >> >> I don't see an announcement on joomla.org > >> >> > >> >> I just saw that my site was hacked the other day. Fortunately they > >> >> bunged it up a bit, so the code didn't run, but instead gave an error > >> >> message. > >> >> > >> >> What they had done is append javascript to the index.php file. It was > >> >> disguised as ascii codes, and there were several var defined and > >> >> substituted in, but the result was that it attempted to open a hidden > >> >> iframe directed to siplank.com. When I tried to open siplank.com in > a > >> >> web browser (yes, I did that! I do lots of crazy things out of > >> >> curiosity) Firefox stopped it with a warning about the site being > known > >> >> for malware. > >> >> > >> >> I'm running 1.5.9 on a shared host. I will be calling my host and > >> >> asking > >> >> them what they can find out from their logs as to what happened. > >> >> > >> >> _______________________________________________ > >> >> New York PHP SIG: Joomla! Mailing List > >> >> http://lists.nyphp.org/mailman/listinfo/joomla > >> >> > >> >> NYPHPCon 2006 Presentations Online > >> >> http://www.nyphpcon.com > >> >> > >> >> Show Your Participation in New York PHP > >> >> http://www.nyphp.org/show_participation.php > >> > > >> > > >> > _______________________________________________ > >> > New York PHP SIG: Joomla! Mailing List > >> > http://lists.nyphp.org/mailman/listinfo/joomla > >> > > >> > NYPHPCon 2006 Presentations Online > >> > http://www.nyphpcon.com > >> > > >> > Show Your Participation in New York PHP > >> > http://www.nyphp.org/show_participation.php > >> > > >> _______________________________________________ > >> New York PHP SIG: Joomla! Mailing List > >> http://lists.nyphp.org/mailman/listinfo/joomla > >> > >> NYPHPCon 2006 Presentations Online > >> http://www.nyphpcon.com > >> > >> Show Your Participation in New York PHP > >> http://www.nyphp.org/show_participation.php > > > > _______________________________________________ > > New York PHP SIG: Joomla! Mailing List > > http://lists.nyphp.org/mailman/listinfo/joomla > > > > NYPHPCon 2006 Presentations Online > > http://www.nyphpcon.com > > > > Show Your Participation in New York PHP > > http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -------------- next part -------------- An HTML attachment was scrubbed... URL: From leam at reuel.net Fri Mar 27 06:42:45 2009 From: leam at reuel.net (Leam Hall) Date: Fri, 27 Mar 2009 06:42:45 -0400 Subject: [joomla] several 1.0 sites hacked this week! In-Reply-To: <53efb6970903261704r76f29636k7bb010dc6632eefa@mail.gmail.com> References: <1238037802.7402.271.camel@jersey> <53efb6970903260559h60ed0a6av4676b41d4e96739f@mail.gmail.com> <4cfc14cf0903261629i11ea67cdv8cf366b941b20699@mail.gmail.com> <53efb6970903261704r76f29636k7bb010dc6632eefa@mail.gmail.com> Message-ID: <49CCADA5.8050008@reuel.net> PR9? Keep in mind that FTP passwords were sent in clear text so some of the info might have been snooped. Also, some unix versions have an 8 character password maximum length. If your punctuation came in chars 9 or 10 it might not have been there. If the host was not using shadow passwords the /etc/passwd file might have had encrypted passwords and be readable by another user on the system. Turning off FTP is a great idea, as is using something like SFTP or vsftp. Leam Barrie North wrote: > We found the attacks/IP in the server logs. A financially backed hacker > outfit from Nigeria, go figure. The joys of having a PR9 site =P > > Our password was 10 chars including letters, numbers and punctuation. We are > hosted on a "secured" rackspace server. > > We don't have FTP running any more! > > Barrie North > ~Fully Managed Joomla Sites~ > www.simplweb.com/joomla > ~Join the Community at compassdesigns.net~ > www.compassdesigns.net/join-the-community.html > > > On Thu, Mar 26, 2009 at 7:29 PM, Atir Javid wrote: > >> Hello Barrie, >> >> May I inquire as to how you verified the attack? I know that FTP >> bruteforcing is extremely difficult, and that is very improbable. >> What you may have faced was a dictionary attack, which may have worked >> with some luck if you had a weak password. A password including a mix >> of >> >> 1) UPPERCASE >> 2) lowercase >> 3) punctuation/!#$., >> 4) numbers >> >> and have a good strong/long password you would never fall victim to >> dictionary. >> >> As for bruteforce, an ftpd simply denies access after 3 or 5 >> (configurable, usually defaults to 3) failed login attempts for some >> time. Some hosts go as far as restricting ftp access until you call >> them and verify the problem. Also, brute forcing over a TCP pipe a >> slow protocol such as FTP is virtually impossible. At this rate it >> would take YEARS to bruteforce the password if not DECADES. >> >> @ Other users >> Also make sure to go into joomla user configuration and change the >> username of 'admin' to something else. >> To protect your joomla administation section If you have a static ip, >> you can add >> >> order allow,deny >> deny from all >> allow from your.static.ip.here >> >> to a file called .htaccess in your administration folder. If for some >> reason your ip changes and you get locked out, simply login via FTP >> and update the .htaccess file. There are some other advanced methods >> for protecting your administration folder. >> >> Also, FTP was a protocol developed 30+ years ago. It is not secure, >> clear text authentication, etc. FTP must go. If you can help it, do >> not use ftp, instead SFTP, or SSH. Just.. anything but FTP. Sadly, >> thats all that is easy to use, highly available across all hosts, and >> not everyone on shared hosting provides SSH access. If you can do >> without it, do without it. http://wooledge.org/mywiki/FtpMustDie >> >> I have seen more sites hacked due to unpatched php or bad php >> code(mostly from 3rd party addons) more than I have with FTP though. >> >> Still with good security practices you can reduce the risk considerably. >> >> Peace. >> >> >> >> >> 2009/3/26 Barrie North : >>> We got hacked last month by a brute force attack on our FTP password. >> Once >>> they had that, they got into the Joomla files. >>> >>> Any site can be hacked. The other half of the equation is vigilance and >>> backups :) >>> >>> Barrie North >>> ~Fully Managed Joomla Sites~ >>> www.simplweb.com/joomla >>> ~Join the Community at compassdesigns.net~ >>> www.compassdesigns.net/join-the-community.html >>> >>> >>> On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko >> wrote: >>>> Several of my clients' 1.0.15 sites have been hacked this week! Is >>>> there a problem with 1.0? >>>> >>>> I don't see an announcement on joomla.org >>>> >>>> I just saw that my site was hacked the other day. Fortunately they >>>> bunged it up a bit, so the code didn't run, but instead gave an error >>>> message. >>>> >>>> What they had done is append javascript to the index.php file. It was >>>> disguised as ascii codes, and there were several var defined and >>>> substituted in, but the result was that it attempted to open a hidden >>>> iframe directed to siplank.com. When I tried to open siplank.com in a >>>> web browser (yes, I did that! I do lots of crazy things out of >>>> curiosity) Firefox stopped it with a warning about the site being known >>>> for malware. >>>> >>>> I'm running 1.5.9 on a shared host. I will be calling my host and asking >>>> them what they can find out from their logs as to what happened. >>>> >>>> _______________________________________________ >>>> New York PHP SIG: Joomla! Mailing List >>>> http://lists.nyphp.org/mailman/listinfo/joomla >>>> >>>> NYPHPCon 2006 Presentations Online >>>> http://www.nyphpcon.com >>>> >>>> Show Your Participation in New York PHP >>>> http://www.nyphp.org/show_participation.php >>> >>> _______________________________________________ >>> New York PHP SIG: Joomla! Mailing List >>> http://lists.nyphp.org/mailman/listinfo/joomla >>> >>> NYPHPCon 2006 Presentations Online >>> http://www.nyphpcon.com >>> >>> Show Your Participation in New York PHP >>> http://www.nyphp.org/show_participation.php >>> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php >> > > > ------------------------------------------------------------------------ > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From leam at reuel.net Fri Mar 27 06:56:41 2009 From: leam at reuel.net (Leam Hall) Date: Fri, 27 Mar 2009 06:56:41 -0400 Subject: [joomla] Thinking through a Joomla vs Drupal artcle Message-ID: <49CCB0E9.4030705@reuel.net> Here's a note posted by an "IBM consultant" on a Drupal associated website. They make different points in the Joomla vs Drupal debate, not in quality so much as in niche. If this sort of thing is true it does reinforce my decision in favor of Joomla as I'd like to target small businesses. http://www.topnotchthemes.com/blog/090224/drupal-vs-joomla-frank-comparison-ibm-consultant What this makes me wonder is how can we market Joomla better when "IBM consultants" provide this sort of perception? For me it's a great plus but I'd like to see it more public. How do you all market Joomla to your small business clients? Leam From compustretch at gmail.com Fri Mar 27 09:26:00 2009 From: compustretch at gmail.com (Compi) Date: Fri, 27 Mar 2009 09:26:00 -0400 Subject: [joomla] Thinking through a Joomla vs Drupal artcle In-Reply-To: <49CCB0E9.4030705@reuel.net> References: <49CCB0E9.4030705@reuel.net> Message-ID: On Fri, Mar 27, 2009 at 6:56 AM, Leam Hall wrote: > s how can we market Joomla better when "IBM consultants" provide this sort > of perception? "market" ? what is this strange word you are using...? ducking, /? -- "In theory, theory and practice are exactly the same. In practice, they're completely different." -------------- next part -------------- An HTML attachment was scrubbed... URL: From atirjavid at gmail.com Fri Mar 27 13:07:45 2009 From: atirjavid at gmail.com (Atir Javid) Date: Fri, 27 Mar 2009 13:07:45 -0400 Subject: [joomla] Thinking through a Joomla vs Drupal artcle In-Reply-To: References: <49CCB0E9.4030705@reuel.net> Message-ID: <4cfc14cf0903271007s8b46b8bm7892524cf3dc0720@mail.gmail.com> Use the right tool for the job. A similar argument can be made between say Symfony vs. Zend Framework. One is always looking to save time. If one can do that with Joomla and still make a good site, standards compliant, great functionality and have a easier learning curve for your clients, then why not? If one is looking for custom functionality, Things that would be difficult to accomplish with Joomla, then don't use Joomla, use Drupal(if it fits the bill), or whatever else that is best for the project. You don't simply just install Joomla and try to build a site. You define your goals first, have an action plan, and consider a few different tools before you start the actual work. While there is a learning curve for Joomla MVC Framework, it is still as difficult as anything else that is new. If you're not a developer, you will have a hard time with Drupal as well as Joomla. Let me put it this way... Drupal is very flexible, and as such there are many ways to do something, and that becomes difficult. Joomla has certain design/development limitations, and its own conventions in some areas which go to save one from himself. Allow me to compare Zend Framework with any other. Since ZF is a openly knit and loose framework, there are numerous ways to do something. There are no best practices in many areas (except for coding standards guidelines), and for new comers, it can be very daunting, to have to actually setup a bootstrap environment, the front controller design pattern etc. etc. Advanced coders have no problem. Symfony or Kohana or Code Igniter or any other php framework actually has a directory structure built, their own convention over configuration methods, which aid in extremely rapid application development. On the same note, since Joomla has its own ways in a lot of ways, it is easier to use in the long run, as things are very structures. Drupal is a victim of its own flexibility and developer freedom. I vote for Joomla, only when it is needed to throw up a quick site for a small business. If you need functionality which is difficult to achieve in Joomla, then use something else, or hire me! :) Peace. 2009/3/27 Compi : > > > On Fri, Mar 27, 2009 at 6:56 AM, Leam Hall wrote: >> >> s how can we market Joomla better when "IBM consultants" provide this sort >> of perception? > > "market" ? > > what is this strange word you are using...? > > ducking, > > /? > -- > "In theory, theory and practice are exactly the same. > In practice, they're completely different." > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php >