WE HAVE MANY SUPPORT OPTIONS

3Get our response in 2 hours or less.

You can also email us at info @ intelliplans .com // Need Remote Support? Windows or Mac

WE'RE AVAILABLE 24/7

Sales: 800.229.0674
24/7 Phone Support: 850.549.2282 | 480.624.2500
Customer Service | Contact Form | Email

IP Blog

Welcome to our blog. Share - Engage - Learn - Accelerate.

Critical vulnerabilities pose a serious threat to Joomla sites

b2ap3 large joomla security alertby Mark Stockley

Joomla, the world’s second most popular web content management system (CMS), has been under sustained attack for several days, thanks to a nasty pair of vulnerabilities disclosed last week.

Security announcements 20161001 (CVE-2016-8870) and 20161002 (CVE-2016-8869) describe how flaws in Joomla’s user registration code could allow an attacker to “register on a site when registration has been disabled” and then “register … with elevated privileges”.

If the significance of those two statements hasn’t entirely sunk in let me make it plain: taken together, the vulnerabilities can be used to unlock any site running Joomla, anywhere on the internet, with little more than a polite request detailing what you’d like to be called and how much power you want.

Rate this blog entry:
Continue reading
930 Hits
0 Comments

Alert! Joomla Security Severity: High - Core - Elevated Privileges

[20161002] - Core - Elevated Privileges

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Elevated Privileges
  • Reported Date: 2016-October-21
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-8869

Description

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Rate this blog entry:
Continue reading
968 Hits
0 Comments

Joomla Security: Big Hits for New Vulnerability

According to US-CERT, Joomla has just released version 3.4.7 of its open-source content management system (CMS) in an effort to lock down two new vulnerabilities, one of which could grant attackers full control of an affected website. As noted by SecurityWeek, the severity of these flaws didn’t go unnoticed: Symantec tracked an average of 16,000 hits per day attempting to exploit the issue. Here’s a rundown of what’s at risk with an unpatched Joomla install.

JOOMLA SECURITY RISKS

For almost a decade, a critical remote command execution vulnerability has existed in Joomla; versions 1.5 through 3.4.5 are affected by CVE-2015-8562. According to Ars Technica, while Joomla security teams patched the vulnerability within two days, the bug was already being exploited in the wild on IP addresses 146.0.72.83, 74.3.170.33 and 194.28.174.106. In addition, any events using either “JDatabaseDriverMysqli” or “O:” in the user agent were likely attack vectors.

So what’s the big risk here? CVE-2015-8562 leverages an issue with poor filtering when Joomla saves browser session values. As detailed by Sucuri, exploiting this flaw and combining it with the result of MySQL meeting a UTF-8 character that isn’t supported by uft8_general_ci — which causes data truncation from a specific value — it’s possible to launch an attack that could fully compromise servers. Cybercriminals then use the servers as malware hosts or sell access to them for a fee on the Dark Web.

Rate this blog entry:
Continue reading
846 Hits
0 Comments

Drupal vs Joomla vs WordPress: CMS Showdown

WordPress, Joomla and Drupal are the three most popular content management systems (CMS) online. All three are open source and built on PHP + MySQL. All three vary significantly in terms of features, capability, flexibility and ease of use. Below, we’ll take a look at some of the advantages and disadvantages of each of these CMS solutions:

 

Drupal: Pros and Cons

Drupal is the granddaddy of CMS systems on this list – it was first released in early 2001. Like WordPress and Joomla, Drupal too is open-source and based on PHP-MySQL. Drupal is extremely powerful and developer-friendly, which has made it a popular choice for feature rich, data-intensive websites like Whitehouse.gov and Data.gov.uk.

Let’s consider a few pros and cons of Drupal:

Advantages of Drupal

  • Extremely Flexible: Want a simple blog with a static front page? Drupal can handle that. Want a powerful backend that can support hundreds of thousands of pages and millions of users every month? Sure, Drupal can do that as well. The software is powerful and flexible – little wonder why it’s a favorite among developers.
  • Developer Friendly: The basic Drupal installation is fairly bare-bones. Developers are encouraged to create their own solutions. While this doesn’t make it very friendly for lay users, it promises a range of possibilities for developers.
  • Strong SEO Capabilities: Drupal was designed from the ground-up to be search engine friendly.
  • Enterprise Friendly: Strong version control and ACL capabilities make Drupal the CMS of choice for enterprise customers. The software can also handle hundreds of thousands of pages of content with ease.
  • Stability: Drupal scales effortlessly and is stable even when serving thousands of users simultaneously.

Disadvantages of Drupal

  • Steep Learning Curve: Moving from WordPress to Drupal can feel like walking from your car into a Boeing 747 cockpit – everything is just so complicated! Unless you have strong coding capabilities and like to read tons of technical papers, you’ll find Drupal extremely difficult to use for regular use.
  • Lack of Free Plugins: Plugins in Drupal are called ‘modules’. Because of its enterprise-first roots, most good modules are not free.
  • Lack of Themes: A barebones Drupal installation looks like a desert after a drought. The lack of themes doesn’t make things any better. You will have to find a good designer if you want your website to look anything other than a sad relic from 2002 when using Drupal.

Recommended Use

Drupal is a full-fledged, enterprise grade CMS. It’s recommended for large projects where stability, scalability and power are prioritized over ease of use and aesthetics.

Get an Introduction to Drupal with this course from Udemy!

Joomla: Pros and Cons

Joomla is an open-source content management software forked from Mambo. It is one of the most popular CMS solutions in the world and boasts over 30m downloads to date. Joomla powers such noteworthy sites as Cloud.com, Linux.com, etc.

Advantages of Joomla

  • User-Friendly: Joomla isn’t WordPress, but it’s still relatively easy to use. Those new to publishing will find its UI polished, flexible and powerful, although there is still a slight learning curve involved in figuring everything out.
  • Strong Developer Community: Like WordPress, Joomla too has a strong developer community. The plugin library (called ‘extensions’ in Joomla) is large with a ton of free to use, open source plugins.
  • Extension Variability: Joomla extensions are divided into five categories – components, plugins, templates, modules and languages. Each of these differs in function, power and capability. Components, for example, work as ‘mini-apps’ that can change the Joomla installation altogether. Modules, on the other hand, add minor capabilities like dynamic content, RSS feeds, and search function to a web page.
  • Strong Content Management Capabilities: Unlike WordPress, Joomla was originally designed as an enterprise-grade CMS. This makes it far more capable at handling a large volume of articles than WordPress.

Disadvantages of Joomla

  • Some Learning Involved: You can’t jump right into a Joomla installation and start hammering out new posts if you’re not familiar with the software. The learning curve isn’t steep, but it can be enough to intimidate casual users.
  • Lacks SEO Capabilities: Making WordPress SEO friendly is as easy as installing a free plugin. With Joomla, you’ll need a ton of work to get to the same level of search engine friendliness. Unless you have the budget to hire a SEO expert, you might want to look at alternative solutions.
  • Limited ACL Support: ACL (Access Control List) refers to a list of permissions that can be granted to specific users for specific pages. ACL is a vital component of any enterprise-grade CMS solution. Joomla started supporting ACL only after version 1.6. ACL support is still limited in the stable v2.5.1 release, making it unsuitable for enterprise customers.

Recommended use

Joomla enables you to build a site with more structural stability and content than WordPress, and has a fairly intuitive interface. If you want a standard website with standard capabilities – a blog, a static/dynamic front-end, a forum, etc. then use Joomla. Joomla is also a good option for small to mid-tier e-commerce stores. If you want something more powerful for enterprise use, consider Drupal.

Learn how to create a corporate website with Joomla in this course from Udemy!

WordPress: Pros and Cons

New York Times, CNN, Forbes and Reuters – the list of WordPress.com clients reads like publishing dream-team. More than 68 million websites use WordPress, making it the world’s favorite blogging software. It is flexible enough to power fortune 500 company blogs as well as sporadically updated personal journals.

Below, we take a look at some of the advantages and disadvantages of using WordPress:

Advantages of WordPress

  • Multiple Authors: WordPress was built from the ground-up to accommodate multiple authors – a crucial feature for any serious publication.
  • Huge Plugin Library: WordPress’ is the poster-child of the open-source developer community, which has developed hundreds of thousands of plugins for it. There are few things WordPress can’t do with its extensive library of plugins.
  • User-Friendly: WordPress’ UI is easy to use and highly intuitive, even for first-time bloggers. You can drop a theme, add a few plugins, and start blogging within minutes. This course will teach you how to install and set up a WordPress blog .
  • Strong SEO Capabilities: With plugins like All in One SEO, you can start blogging straight away without worrying about on-page SEO.
  • Easy Customization: WordPress’ theming system is designed for easy-customization. Anyone with a little grasp of HTML and CSS can customize WordPress themes to fit his/her needs.
  • Flexibility: WordPress can be made to do virtually anything – run an e-commerce store, host a video site, serve as a portfolio or work as a company blog – thanks to plugins and customized themes.

 Disadvantages of WordPress

  • Security: As the category leading software with millions of installations, WordPress is often the target of hackers. The software itself isn’t very secure out of the box and you will have to install third-party plugins to boost your WordPress installation’s security.
  • Incompatibility with Older Plugins: The WordPress team constantly releases new updates to fix security loopholes and patch problems. These updates are often incompatible with older plugins. If your site relies on older plugins, you may have to hold off on updating (which makes your site all the more susceptible to hack attacks).
  • Limited Design Options: Even though WordPress is infinitely customizable, most WordPress installations still look like WordPress installations. Although recent updates and improvements in plugins/themes have rectified this problem somewhat, WordPress is still hampered by limited design options.
  • Limited Content Management Capabilities: WordPress was originally designed as a blogging platform. This has affected its ability to handle large amounts of content. If you plan to publish hundreds of blog posts per week (not uncommon for large publishers), you may find the default WordPress backend a little underwhelming for such high content volume.

Recommended Use

WordPress is often called a ‘mini CMS’. It isn’t nearly as powerful or capable as Drupal or Joomla, but is easy enough for any lay user. Use WordPress if you want a simple, easy to use blogging solution that looks good and can accommodate multiple authors easily.

Learn how to build a custom WordPress website from scratch in this amazing course!

Conclusion

Even though WordPress, Joomla and Drupal are built on the same technology stack, they vary heavily in features and capabilities. Hopefully, the above information will help you choose a CMS that fits your requirements.


Credits: https://blog.udemy.com/drupal-vs-joomla-vs-wordpress/

Rate this blog entry:
Continue reading
1016 Hits
0 Comments

Vulnerable Joomla Site Owners (Servers) See 16,000 Daily Attacks

Symantec has detected up to 20,000 daily attempts to exploit a recently patched Joomla vulnerability that can be leveraged for remote code execution.

The vulnerability, identified as CVE-2015-8562, was patched in mid-December with the release of Joomla 3.4.6 and hotfixes for versions 1.5 and 2.5. The first attempts to exploit the flaw, which affects installations running Joomla 1.5.0 through 3.4.5, were spotted two days before the developers of the popular content management system (CMS) released patches.

Symantec has been monitoring attack attempts and detected, on average, 16,000 daily hits since the vulnerability was disclosed.

Attackers can leverage the Joomla security hole to compromise servers and use them for hosting malware and other malicious activities. They can also sell access to the targeted servers on the underground market, allowing others to abuse them for distributed denial-of-service (DDoS) attacks. Some of the compromised machines can also host valuable information.

Rate this blog entry:
Continue reading
671 Hits
0 Comments

Joomla! 3.4.7 Version Fixes Security Flaws

Joomla! has released the latest version, 3.4.7, of its free content management system software to address two reported security vulnerabilities.

The new version of Joomla!, which is used to create websites and online applications, strengthened the security of the MySQLi driver to help prevent object injection attacks.

Joomla said its Security Strike team has been following up on the critical security vulnerability patched last week.

“Since the recent update it has become clear that the root cause is a bug in PHP itself,” Joomla! reported on its website. “This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13.”

Joomla! pointed out the only Joomla sites affected by this bug are those that are hosted on vulnerable versions of PHP, and it corrected the flaw because not all hosts keep their PHP installations up to date.

Joomla! 3.4.7 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and one low level security vulnerabilities. We strongly recommend that you update your sites immediately.

This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.6 release.

WHAT'S IN 3.4.7

Version 3.4.7 is released to address two reported security vulnerabilities and includes security hardening of the MySQLi driver to help prevent object injection attacks.

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. We are aware that not all hosts keep their PHP installations up to date so we are making this release to deal with this issue on vulnerable PHP versions.

SECURITY ISSUES FIXED

  • High Priority - Core - Session Hardening (affecting Joomla 1.5 through 3.4.6) More information »
  • Low Priority - Core - SQL Injection (affecting Joomla 3.0.0 through 3.4.6) More information »

Please see the documentation wiki for FAQ’s regarding the 3.4.7 release. It is important to note that due to some session changes you will not be able to edit items until you log out and log back in again. Please note that there has been a backwards compatibility break regarding how session management is handled. If you are using the documented Joomla API you will have no issues. The changes are fully documented in the release documentation.


Sources:

  1. https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7-released.html
  2. https://www.us-cert.gov/ncas/current-activity/2015/12/22/Joomla-Releases-Security-Update-CMS

 

Rate this blog entry:
Continue reading
778 Hits
0 Comments

WARNING: Websites Running Joomla 1.5 Are at Risk

As of August this year, according to W3techs out of all the websites currently using Joomla, 44.6% of them are still on the unsupported Joomla 1.x series, support for which ended way back in September 2012.

Whilst the Joomla 1.x series was very robust and can still run reliably if well looked after, it's time is nearly up. Technologies are changing and security is being tightened up online, and the Joomla 1.x series is being left behind. So if you're running a Joomla 1.x website, now is the time to upgrade, and here are just a few reasons why;

1. Security

As of September 2012 support for Joomla 1.5 was officially dropped, meaning that no security patches will be released. This can be a big problem if you rely on third party code for any of your websites features, for example Google Maps or online payment gateways, or simply if an extension you are using becomes compromised by new hacking techniques. The longer you run a Joomla 1.x series website there is a growing risk of your website being hacked and your data compromised.

2. Changing server technologies

Like Wordpress and Concrete 5, Joomla is a PHP based CMS, which runs on a Linux based server and runs its databases via MySQL. These technologies are also constantly evolving to keep the nasty hackers away as they find new ways to be naughty and get into places they shouldn't.

Currently, there is no supported version of PHP compatible with Joomla 1.5! (http://php.net/eol.php)

As a result of this, we have noticed hosting companies are forcing their customers to upgrade their PHP versions to at least PHP 5.4 (The latest is 5.5). Joomla 1.5 sites are compatible with PHP versions up to 5.3, and so features of your Joomla 1.5 are almost certain to break if your host decides upgrades your PHP version.

At Channel we have mitigated against this for our customers by running Joomla 1.5 sites on the legacy versions of PHP to ensure your websites continue to run happily, but there will come a point in the very near future where we will be forced to upgrade to newer PHP versions, and those 1.x sites will no longer function.

3. Extensions Support and easiEr upgrades

Most extension developers have dropped their support for 1.5 versions of extensions to build extensions for the current Joomla versions. More than 65% of Joomla extensions are now available for Joomla 2.5, so it is likely that any functionality you had previously will still be available on the newer Joomla versions.

4. Future proofing

Joomla 2.5x has many great features compared to the 1.x series, the most cost effective of which is a more robust and easier upgrade system. Joomla 2.5x has an inbuilt upgrade engine, which give you upgrade notifications and 1 click upgrades. It has also been built with future version upgrades in mind and has been designed to make the jump between Joomla versions much easier than upgrading the 1.x series, saving you time and money in the long run.
But my website is fine, why do I need to upgrade?

This is a common question from our customers and it's logical to think "If it ain't broke don't fix it"!, but unfortunately that sentiment doesn't apply to well in the world of the web.

OTHER COMMON THINGS WE HEAR ARE:

  • We built our site only a few years ago and don't have the budget for upgrading.
  • It sounds like a lot of work, I can't be bothered with it
  • My site has never been hacked, so I don't need to upgrade
  • You're only telling me I need to upgrade because you want more business.

Whilst it is true there is a fair amount of work involved and you may have a perfectly healthy Joomla 1.x series website, it won't stay that way forever. The question to ask is if your website got hacked tomorrow, what would be the loss in revenue/reputation for your business?

If the monetary value of any disruption outweighs the cost of upgrading your site, then it's something you really should invest in. Otherwise, you will end up with a website that you cannot host, or if you do find a host who is willing to take it, it will end up repeatedly getting hacked and live a pretty sad life for the rest of its days!

SO HOW DO I UPGRADE AND WHAT'S INVOLVED?

Every website is different. The work involved depends on how many extensions you have, how many customisations you have done, the amount of content and functionality in your site, amongst other things. We have experience of reliably upgrading 1.x sites and would welcome you to contact us for a free audit of your website to find out the best method for you to upgrade.

FREE AUDIT

To help our customers running 1.x series sites and also in the interest of all of our other customers in regards to security, we are offering a free audit to help you find out what's involved in upgrading your Joomla 1.x series website to the latest Joomla! version.

We don't want to see our long standing members fall by the wayside and eventually have to remove them from our servers when they become untenable security risks, so we could encourage you to get in touch with us asap to plan for your upgrade.

So if you are running a Joomla 1.x series site, please get in touch with one of the team today who will be happy to do your free audit and quote for upgrading your Joomla site today.

Rate this blog entry:
Continue reading
694 Hits
0 Comments

Why Small Businesses Must have a Content Management System (CMS)

Why Small Businesses Must have a Content Management System (CMS)

According to data compiled by W3Techs, 60.5% of websites are NOT using a Content Management System (CMS). 

What is a Web CMS? Wikipedia defines Web CMS as “a software system that provides website authoring, collaboration, and administration tools designed to allow users with little knowledge of web programming languages or markup languages to create and manage website content with relative ease.”

There are thousands of CMS solutions, from freely available, open source options to enterprise-grade, commercial solutions. If you’re managing a website today without one, you may be asking yourself, “What are the benefits of a CMS?”

#1 YOU WANT TO BE SELF-SUFFICIENT.

In many companies and non-profit organizations, the Marketing department possesses the substance on the site. From the landing page symbolism to the "About Us" page, the majority of the company's obligation lives inside of Marketing. Like any association, Marketing needs to be deft and nimble. So the exact opposite thing they need are boundaries and impediments that keep them from making site substance overhauls rapidly and easily.

In a past employment of mine, Marketing claimed the website's substance and I dealt with various the item pages. We didn't have a CMS. Rather, the Design group (who made our rich and shocking pages) dealt with an envelope structure on a common system drive.

When I needed to redesign a page, I'd email Susanne on the outline group. She'd roll out the improvement and send me back a review. I'd survey the review and give the "alright." From there, Susanne would duplicate the page from the system drive to our generation site.

Imagine a scenario where Susanne was on PTO. I could search out one of her companions on the Design group and approach them to make the redesign for me. Then again consider the possibility that Susanne was super occupied (as she generally might have been. My overhaul may need to hold up a day or two.

Alternately suppose it is possible that we had a CMS. A ha! With a CMS, Marketing (me) could make the upgrade specifically to the page. I could review the redesign and have my manager audit it. From that point, I could push the upgrade "live," through the CMS. I get to be independent, while arranging for others (like Susanne) to deal with more key undertakings.

Rate this blog entry:
Continue reading
943 Hits
0 Comments

WordPress vs. Joomla -- A Perspective

WordPress vs. Joomla -- A Perspective

By Daniel Threlfall

You're about to witness a showdown between the world's two most popular open-source CMSs — WordPress and Joomla. The WordPress vs. Joomla question is kind of like a high school rivalry. Or maybe, it's like the old Mac vs. PC debate. Thankfully, the discussion below is civil. My perspective claims WordPress as the winner.


In my roles as site editor and SEO consultant, I've used both WordPress and Joomla. Working at an agency provided opportunity to collaborate with designers, network admins, developers, and coders on the various advantages and disadvantages of respective CMSs. This article admits that CMS is a context-dependent choice, but advances the merits of WordPress as opposed to Joomla.

Your CMS — Your Choice

I picked WordPress for a variety of reasons outlined below. You may prefer Joomla. That's fine, and we're not going to call you names. Joomla and Wordpress are both fine CMSs. Joomla may actually be better for you. Different users have different needs, and different CMSs serve those different needs.

Thus, with that disclaimer firmly in place, here are the reasons why I prefer WordPress over Joomla.

Popularity

I'm a believer in the "safety in numbers" of CMSs. If there are millions of people using something, there's probably something good going on. WordPress and Joomla are the world's most-used CMSs. However, WordPress is far more popular than Joomla. WordPress was founded in 2003, and Joomla in 2005. Over that time, WordPress's growth has exponentially exceeded Joomla's, owning a whopping 55.1% of the market share, as opposed to Joomla's 8.8%. Furthermore, when WordPress receives a vote of confidence from some of the most intelligent developers I know, I have a greater appreciation of its capability and longevity. Of course, merely because something is popular doesn't make it the best. Granted. However, we're going to consider another factor below that flows directly from the popularity issue.

Rate this blog entry:
Continue reading
957 Hits
1 Comment
TOP