I would like to know if there are effective penetration testing tool that help evaluating our Joomla site: "www.ous.edu.sd" since we had experienced hacking last month.
Don't try to prevent you current 1.5 site from being hacked, cause you'll fail. Get yourself upgraded as soon as you can. I answered a question a while back as to why keeping you Joomla site up to date is very important:
Why should I keep my Joomla version up to date?
If your site is purely just an information site, then I would suggest upgrading to Joomla 3.1. Joomla 3.2 will be out literally very soon aswell. The reason being is that even though Joomla 2.5 was liked a lot by developers, it will be coming to the end of it's life in the second quarter of 2014. Seems a long time away but when the time comes, upgrading could be a bit of hassle.
Please do bare in mind that upgrading to Joomla 3.0 will not upgrade your 3rd party extensions that you have installed and thus you will have to install Joomla 3.x compatible versions of them.
Regarding the anti hacking side of things, I explained a little in the link provided but will mention it here anyway. The 3 main extensions I would get are:
Admin Tools
AdminExhile
Saxum IP Logger
Hope this helps
Joomla 1.5.26 was the last version of the 1.5 line. It is end of life. As mentioned previously the best defence is to keep your Joomla! installation up-to-date and to keep an eye on the Joomla VEL, which tracks extensions with issues.
Without going to commercial tools I'm not sure for Joomla! specifically. Ages ago we used OWASP Joomla! Security Scanner, (wiki here), but the SourceForge repo indicates it's not being updated anymore.
https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
You cannot actually prevent yourself from Hacking, all you can do is Secure your website from external attacks.
For joomla, I recommend you to upgrade your current core version is there is public exploits for core version 1.5.
Once you upgrade your Joomla version to the newest you will need to add some extra security to prevent further attacks like :
A rise of a 0day on the newest core joomla Versions.
a symlink attack on Server which may lead on accessing your website database.
added plugins to website which are vulnerable such as Contact us auto chat and such.
So what you need to do, is make your Administrator directory protected from unwanted visits. as nearly 95% of Forum / website template hacks are uploaded shells through Administrator panel. to do this all you need to do is make a txt file in the default www root folder and name it robots.txt and inside it you will need to write the dir that you dont want any user to access such as administrator, Example :
User-agent: /
Disallow: administrator/
You can also block any unwanted website crawlers to list your website contents and check for any vulnerabilities in it by adding this in your robots.txt
User-agent: ia_archiver
Disallow: /
which will basically block any access to your website from user-agent ia-archiver, which is most likely what web crawlers use like Acunetix.
I have encouraged all of my clients to upgrade from 1.5 to 2.5 or higher. Unfortunately, not all of them want to pay to do this and I dont have the time for free upgrades. The result is that the exploits that are available for 1.5 have left my entire server vulnerable and has been attacked several times over the last year. I have no other choice but to separate the 1.5 sites on to another box and tell the clients too bad so sad the next time they get hacked as I cannot afford to keep fixing them. as everyone above has stated, it is critical that you migrate from 1.5. There are plenty of extensions and tools available to assist you. http://extensions.joomla.org/extensions/migration-a-conversion/joomla-migration
Upgrade it to Joomla 3.1, Joomla 1.5 is too easy to hack.
Related
I have to upgrade my store, because my server won't support the PHP version required for PS 1.6 anymore.
From my research so far it looks as if PS 1.7 might as well be a completely different ecommerce platform when it comes to themes.
What's my best bet to convert my current, custom PS 1.6 theme and make it compatible with PS 1.7?
I don't wanna have to code the whole thing from scratch. I wanna be able to get at least 80 or 90% of the way there, and then fix the remaining glitches.
How can I make it so that the upgrade from PS 1.6 to 1.7 won't cost me several months of development work?
Edit:
The workaround solution is to use ThirtyBees. Details in my own answer below.
As this question was posted on Prestahop Forum as well I'll add here my reply there for future similar questions.
There is no conversion from a 1.6+ to a 1.7 theme or from 1.6+ to 1.7+ modules.
You need new theme and modules and that's it.
All you can upgrade are the Prestashop files and the database.
my server won't support the PHP version required for PS 1.6
What's my best bet to convert my current, custom PS 1.6 theme
I don't wanna have to code the whole thing from scratch. I wanna be
able to get at least 80 or 90% of the way there, and then fix the
remaining glitches.
How can I make it so that the upgrade won't cost me
several months of development work?
The best solution for this, really, is to USE THIRTYBEES
ThirtyBees is a Prestashop fork, it was forked after 1.6, and is it's own platform.
The team over at Prestashop is making some massive changes to the Prestashop core, which removes lots of documented functionality. And as they slowly transition over, it's probably better to not rely on the architecture, if you're not able to constantly implement upgrades and changes.
Reference:
https://build.prestashop.com/news/prestashop-in-2019-and-beyond-part-2-pain-points/
https://thirtybees.com/
After trying to adapt my store to PS 1.7, which took 2 weeks and I hit roadblock after roadblock, I switched to Thirtybees. It took me 1 day to make the same progress that it took me 2 weeks on PS. I can see myself being done with this upgrade progress soon, and I can soon focus on more crucial business activities again.
We have website developed in Joomla 1.5, 4 years ago.
We are changing the theme of the website now. As we dont need any new components or plugins, I just want to know is there any advantage of upgrading from 1.5 to 2.5 or 3.0.
Is there any performance advantage between 1.5, 2.5 or 3.0?
firstly, it's not just about performance, there are other reasons for upgrading.
Security - There are no known security issues in Joomla 1.5.26 however 2.5 and 3.2 (especially 3.2) have far better security.
Support - Support for Joomla 1.5 was stopped in September 2012 and I believe Joomla 2.5 will continue to be supported until December 2014 and Joomla 3.x untill December 2016.
Features - Joomla 3.2 contains so many more feature such as
Mobile Responsive
Ajax Interface integrated into the core
Ability to install extensions via the backend
and much more
Performance - To simply answet this question, yes, Joomla 3.x performance is better than Joomla 1.5. I couldn't find a raw demo for Joomla 1.5 but here is a speed test of a raw Joomla 3.2 site:
Do also bare in mind that there are lots of extensions out there to boost the performance even more by compressing and gzipping scripts/stylesheet and so on.
And out of all honesty, I do believe that if something works then why change it (in some cases) but you also have to understand that things are moving forward, such as new web technologies are being introduced which will help improve your site.
Overall, I would most definitely upgrade your site to Joomla 3.2
Hope this helps
You just have to update your website. Joomla 1.5 is outdated and no more supported.
To name briefly few of the reasons:
Old code, No more security releases, compatibilities issues with newer PHP, many 3rd party extensions are dropping support. You just can't stay that way back.
Just visit joomla.org to find out more and about the benefits and the new features of Joomla.
I look after a small site which was built a few years ago in Magento ver. 1.3.2.4
Fairly frequently the site suffers inexplicable problems such as products suddenly not displaying by price (where no settings have been changed) and orders being sent in triplicate to the website owners email. It seems really hard to find reasons for why things like these happen and even harder to get support. I know that the version being used is old and that to upgrade is a serious and expensive development job. Would it be fair to say that because a legacy version is being used that we can expect the site to become less and less robust over time?
Many thanks
Bev
In the order of "will it work with newer versions of PHP?", the answer is "not unless you make modifications to the code yourself." Which means, to put a not-to-fine a point on it, expect your web hosting provider to "Get Religion" somewhere along the way, decide to upgrade out of a security hole by upgrading PHP which suddenly causes your website to crash.
Magento 1.3.x.x also shows its age when dealing with Prototype Framework and Scriptaculous versions past their "sell by date" causing weird and annoying issues with newer browsers.
As the question states, I am preparing to deploy my first couple modules on the Magento Connect store and want to make sure I am targeting the best versions. Testing on 1.3 is proving to be a bit of a pain, and if only a few people use that version I would rather spend the time making the modules better!
Google hasn't helped as yet, though I think the keywords I use are getting picked up as other more specific technical questions (Google Base, for example).
Does this information exist? What about your personal experience? For me, I have only encountered installations below 1.5 Community (1.10 Enterprise) for upgrade projects. I haven't personally encountered a client that is on 1.4 and plans to stay on 1.4.
Thanks!
Tim
There are a signification amount of people who have older versions and wont upgrade because of the complexity and the amount of modification they have done to their stores.
Most people right now who are on community version seem to be on 1.5 or 1.6, but if you want to test older versions just download from the archive install locally and see if it works for the older versions.
Here is a link to the downloadable versions of magento, in case you decide to test on those older versions:
http://www.magentocommerce.com/download - click released archived tab at the top
I am thinking of starting to learn Joomla 1.7 but don't know where to begin.
I am interested in learning to create blogs, e-commerce websites, forums and other type of websites. I know that there is probably a lot of learning involved but I am willing to commit.
I should also mention that my knowledge starts at XHTML\CSS and ends in Javascript\jQuery (and a bit of Java up to Swing), however I have never done any PHP/MySql programming.
Do I need to learn PHP and MySql before learning Joomla or I can start learning it now?
If I don't need to learn PHP and MySql first what book/tutorial/video tutorial would you recommend for someone who never used a CMS before and would like to learn it to its full extent?
I second the recommendation of the official documentation. http://docs.joomla.org/ overall a fantastic resource, although the wiki format can make navigation tricky. I recommend looking for and clicking the 'Category' links under any article - and/or clicking the back button when you've finished reading a page to go back to the category listing.
For free documentation I'd recommend Hagen Graf's 'books' available as free downloads from:
Here for the Joomla 1.6 version:
http://cocoate.com/joomla-16-english
Here for the Joomla 1.7 version
http://cocoate.com/2011/07/joomla-17-beginners-guide
There are other useful websites for learning to use Joomla:
http://www.compassdesigns.net/
http://www.alledia.com/
http://www.joomlablogger.com/
http://brian.teeman.net/
I've included the 1.6 documentation for anyone out there who is using that particular version, but there is no reason to stick with 1.6 as it is no longer supported.
Presentations by Jen Kramer: http://www.slideshare.net/jen4web
Presentations but Brian Teeman: http://www.slideshare.net/brianteeman
There are many other useful resources too - I'll probably return to this post and add some more resources later.
The official documentation is pretty good so I suggest your starting point should be here. As the documentation also suggests you should install XAMPP in order to run a local Joomla site for experimentation. XAMPP will get out of the way installing/configuring httpd, setting up PHP and MySQL.
I've put several Joomla sites together and I can guarantee you don't need to know PHP/MySQL to put something good together.