Following the recent spate of hacks using the security vulnerbility in all Joomla 1.5.x versions prior to 1.5.6 I have had a need to generate new password hashes for manual inputting into the Joomla jos_user database table

If you have no idea what this is or why you need it then this tool is not intended for you Ignoire it

You can access the tool securely at

– https://secure.phil-taylor.com/generate_password.php

This tool generates an md5 salted hash, the salt is dynamica and changes each time meaning the encrypting of a password will (in theory) not generate the same hash twice.

Enjoy!

Ok for some reason four people emailed int he last 24 hours asking how I created my demo site to refresh every hour so this must be an interesting topic at the moment.

The first thing you really need is full root access to your server - although you can probably do this in a normal account you are going to need to be able to modify cron jobs and shell scripts.

First build your demo site locally - make it perfect and final. Once you have that dumpt the database to a sql file.

On your demo servers domain, replicate the site into your public_html folder and also a new folder called public_html.restore

We then use a cronjob that is fired every hour to run a shell script that will DELETE all the files in the public_html folder (Tip 1: Some people DONT do this, the problem then is that hackers can upload files and they will be available for years to come!) The cronjob then runs the SQL file using command line mysql, first dropping the database (Tip 2: remove the whole database, dont allow any dust) and then recreates it with the sql from the file.

Tip 3: Disable file uploads for your demo domain

Tip 4: Install mod_security with a good set or rules (ours come from gotroot.com)

Tip 5: Our line in our crontab reads:

32 * * * * sh /home/demo/refresh.sh

Tip 6: Here is an example refresh.sh

mysql -u root –password=pa$$word < /home/demo/public_html.restore/sql.sql
rm -Rf /home/demo/public_html/*
cp -Rf /home/demo/public_html.restore/* /home/demo/public_html/
find /home/demo/public_html -type f -print | xargs chmod 644
find /home/demo/public_html -type d -print | xargs chmod 755

Note the changing of the permissions in the last two lines

Note that this is just an example and the password and paths are actually not correct for our server

Tip 7: If you dont need people to use other parts of Joomla then remove the components!  For example, we often remove com_user and com_config if not needed.  You can also remove com_installer and then no one can install other extensions…

Hope this helps someone - let us know if you have questions as I have rushed writing this today

We are sad to say that we have taken the unpopular decision to remove this facility from our website and will be reverting to a more personal support-by-email solution.

(Currently this announcement does NOT apply to Joomla Forms Forum - which is live as per normal - for now!)

We have taken this action for several reasons.

1. The increase of spam posts made by spam bots has been making the administration of multiple forums very time consuming
2. Several customers have expressed concern over the time taken by myself to reply to their threads
3. Some posts have been missed by falling off the radar while other posts have been promoted
4. The number of customers helping other customers is incredibly low, therefore we do most of this ourselves, and the best method is not in open forum
5. Some, a vocal minority, have used and abused myself and our staff repeatedly through the open forum, which is simply unacceptable.

Getting Support for your purchase
If you are now in need of support for your purchase, please contact us directly, and securely using our online form at

–  https://secure.phil-taylor.com/contact

Please note that submissions made through this website are encrypted by an extended High Assurance SSL Certificate, and then by GPG Encryption before being saved for myself to decrypt and read on my PC.

We know that some will hate this decision, but we are making it so that we can best serve our customers in providing timely support and advice.

Lets see how it goes….

Following a rather disturbed, abusive and threatening email from a customer (with a fancy PhD!) I commissioned Guillermo Vargas, the developer of the xMap extension, to develop a xMap plugin for Joomla Knowledgebase so that all the categories and articles would be listed in sitemaps generated by xMap.

I did this, not because of the threats (of negative reviews, “speak[ing] out long, repeatedly, with lots of detail and literally eloquence”, and even the publication of a book about my bad support!) but because I think it will be a great asset to JoomlaKB.

Although we never tolerate abusive and threatening emails from customers, and have since terminated communication and offered a full refund to the person involved, we are pleased that some good has come from the experience for our other customers.

Less than 12 hours after commissioning the development of the plugin I am pleased to say Guillermo Vargas has delivered the first draft of the extension. We are busy testing it and will include it in the next releases of KB.

Along with this plugin, Joomla Knowledgebase has benefited from lots of bug fixes, and changes for the next version which will be backward compatible and easy to upgrade to.  Please watch our blog for further details in the next few days.

For those who are brave I have attached the first draft of the xMap Extension for Joomla KB here:

Yesterday a major issue was found in ALL JOOMLA! 1.5.x versions!

If you are running Joomla 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5 then you ARE VULNERABLE and should upgrade as soon as possible.  The security bug is not platform dependent.

The immediate availability of Joomla! 1.5.6 [Vusani] is the solution to the security bug. This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately.

For more information about this exploit, click here to visit the Joomla Security Blog.

Following our success in winning the Yacht Race, and my subsequent RYA Day Skipper Assessment passage, I am pleased to say that I am now back at work and tackling the 3128 emails I just downloaded! (Yes, that includes spam

Please be patient as I catch up over the next few days, all emails will be addressed.

Once we are caught up we will be releasing new versions of Forms for Joomla1.5, KB and Tags extensions - with a whole suite of new features.

Just a quick update.  I am now home after the yacht race from Jersey to La Trinite-Sur-Mer, with great news.

Along with our skipper, Mark Tucker, and other crew members Dan and Chris, we managed to dodge the force 5 winds and fog and rain to take the 1st prize overall (on corrected time) in the Capita 9th International Yacht Race!! We also won 1st place in the Class 2 division.  While we were not the first over the finish line, the handicap system corrected our time to be 3 hours ahead of any other yacht in the race! Wow!

So tomorrow I join Jersey Sailing for my assesment for my next yacht certification… more sailing fun!

During this time you can still purchase any of our extensions for immediate online delivery, things should go smooth for you - however if you have any problems please contact me using the link on our site and I will address your problem on my return (as I catch up, please be patient!)

Dear friends, customers, browsers…

As previously announced, I am now out of the office until 6th August.  The first week (Starting tomorrow) I am taking part in the Capita 9th International Yacht Race to La Trinite-sur-mer in France - 4 or 5 days continuous race at sea  :-)  the second week I am undertaking my RYA Day Skippers Certificate with Jersey Sailing School

You can still purchase for immediate download while I am away

However, there will be no one at the end of emails providing support until I return.

Well since Joomla Forms has been released a lot of people have been asking for some introductory videos to show how the basic principles of Jooml Forms work (Before downloading)

We are pleased to publish three videos, a quick “how to install”, and two 10min long videos that take you through creating a simple contact form with Joomla Forms.

Click here to see the videos for yourself - FREE!

Just a quick post to let you know my plans, because some people get annoyed if I do not respond to support queries quick enough

I will be offline, not near a PC, well about 50 miles offshore! between the following dates:

25th July - 31st July

2nd August - 8th August

The first week, I am taking part in the CAPITA 9th INTERNATIONAL YACHT RACE St. Helier to La Trinité-sur-Mer and so will be unable to take phone calls (Against race rules), unable to check emails and unable to respond to any drop everything requests..

So, you have been warned.

During this time you can still purchase any of our extensions for immediate online delivery, things should go smooth for you - however if you have any problems please contact me using the link on our site and I will address your problem on my return (as I catch up, please be patient!)