WebCitz Blog


Joomla 3.6.5 Released

WebCitz would like to inform you that a security update has been released in Joomla 3.6.5. Please upgrade your Joomla installation as soon as possible to patch the security issues in your Joomla installation, should your website function off the Joomla CMS Platform. Always remember to take backups before running upgrades!

  • Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.
  • Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.
  • Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Joomla Security Update – 3.4.5 Released

Joomla has released an update to fix inadequate filtering of request data which leads to a SQL Injection vulnerability. This affects Joomla versions 3.2.0 through 3.4.4. Please upgrade to 3.4.5 to get the latest patches. If you need assistance, please contact us!


Joomla Security Update – 3.4.4 Released

Joomla has released an update to fix inadequate escaping which leads to XSS vulnerability in the login module. This affects Joomla versions 3.4.0 through 3.4.3. Please upgrade to 3.4.4 to get the latest patches. If you need assistance, please contact us!


Joomla 2.5 Support Ended

Support for Joomla 2.5 ended on December 31, 2014, so what does this mean for websites that are running Version 2.5? Whenever a content management system or CMS changes its structure or updates, a migration is recommended. Since 2.5 is no longer supported, potential security problems can occur since security patches become discontinued and older versions of Joomla are not maintained.

If you want to upgrade your Joomla Version, you would be running on Joomla 3.3.6 which features new functionality and a new admin area. Although adding articles and images are the same, the look of the admin area is updated and some things are moved around. Refer to the image below to see the newest admin area design.

Upgrading your Joomla version can be a long or short process depending on the number of extensions you utilize as well as how heavily customized your site is. WebCitz will do the work for you in a maintenance block of time. The process can take anywhere from four to ten hours with turnaround times being about a week. If you have time on your account and would like to update your Joomla version, or need to schedule a new maintenance block, feel free to contact us!

Joomla 2.5 Admin Area

joomla2

Joomla 3.3.6 Admin Area

joomla3


Joomla 2.5.27, 3.2.5 and 3.3.6 Released

Joomla has released updates to fix issues ranging from “inadequate checking allowed the potential for a denial of service attack” and “inadequate checking allowed the potential for remote files to be executed” in its previous releases. Please update to 2.5.27, 3.2.5 or 3.3.6 to get the latest versions. If you need assistance, please contact us!


Joomla 3.2.5 and 3.3.4 Released

Joomla has released Joomla 3.2.5 and Joomla 3.3.4 to fix inadequate escaping leads to XSS vulnerability in com_media and inadequate checking allowed unauthorised logins via LDAP authentication, respectively. Please upgrade at your convenience.


Joomla 2.5.25 Security Release

Joomla 2.5.25 has been released which addresses a moderate level security issue. Please update as soon as possible!


USPS API Updates Coming September 7 & September 28, 2014

USPS is making two changes to its API this month on September 7th and September 28th which may impact your ecommerce storefronts. USPS is changing a few uncommon shipping services and country names on September 7th, 2014 and dropping support for their RateV3 API on September 28th, 2014. If you have an ecommerce website running Magento 1.5.1.0 or newer you are in the clear, but if your version is older you will need to consider installing the patch released by WebShopApps. If you are running an ecommerce website on an older version of some other ecommerce platform you will need to look into whether or not this USPS API update will impact your website prior to the dates mentioned. Please let us know if you need assistance!


Joomla 3.2.3 Update

Please know that Joomla has released a security update for Joomla versions between 3.1.0 and 3.2.2. Please update to version 3.2.3 at your earliest convenience. If you are interested in having our team implement this update, please contact us.

  • Severity: High
  • Versions: 3.1.0 to 3.2.2
  • Exploit type: XSS Vulnerability
  • Issues: Inadequate escaping leads to SQL injection vulnerability. Inadequate escaping leads to XSS vulnerability in com_contact. Inadequate escaping leads to XSS vulnerability. Inadequate checking allowed unauthorised logins via GMail authentication.

Joomla 1.5 Website Owners – Hacked Website?

There has been a lot of talk as of late about hosting companies discontinuing service to Joomla 1.5.26 website customers. The primary reason pertains to a security exploit that is widely known to allow unauthorized file uploads to a Joomla 1.5.x website installation. If an attacker – human or bot – is able to upload a file to your hosting account then you pretty much lost almost all of your defenses. Through a single uploaded file, if properly coded – the attack would be able to copy, export, delete or modify any or all elements of your files, images, databases, emails, etc. It essentially opens your hosting account and your website to any attack the infiltrator would like to carry out, ranging from defacing your website to sending massive amounts of spam to setting up a phishing website or distributing malware.

For a hosting company, having a customer in this situation is a nightmare. Why? Because web hosting customers typically either have no clue they are using Joomla, they don’t know why they aren’t using the latest version of Joomla, they don’t understand that upgrading Joomla isn’t as quick as clicking a button, they don’t understand why their website was attacked, they want you to complete paperwork for law enforcement to “go after” the attacker, they want to know how the server was left so vulnerable that their website was attacked, they want you to drop everything that very moment to restore a backup or remedy the situation on the spot. In reality, the web hosting company isn’t typically responsible for the software on your hosting account, they aren’t responsible for fixing your website and if they do restore a backup of your website to the previous day the attack will just happen all over again.

For those website owners that just get flustered immediately upon any issue, we recommend you take a few breaths and think through your options. The first option is to work with your website developer, a new website developer or your hosting company to see what you can do to get your website running normally again. This might include restoring a website backup, removing malware or other remedies depending on the attack(s) deployed. The second step will be to temporarily secure your outdated Joomla installation – this can be done by using Anything Digital’s 31626 security patch that helps remedy the unauthorized file upload security vulnerability. The third step will be to make a decision to upgrade to the latest version of Joomla, which would be Joomla 2.5.17 or 3.2.1 as of January 22, 2014.

Having gone through this, you might be asking if moving away from Joomla is a better decision. Maybe you have friends or family that have setup a website using WordPress or Drupal. The answer we would recommend is to stay with the content management system that works best for your specific requirements and that you have existing experience using. If your car window is smashed and someone steals everything in your car, do you opt to buy your next car from a different manufacturer? No – that is not the logical conclusion. There isn’t a single website or application available for web access that isn’t vulnerable to attacks, just like there isn’t a safe or lock in the world that can’t be picked. The best defense is preparation.

If you need help installing the Joomla 1.5.26 security patch from Anything Digital, upgrading your Joomla 1.5.26 website to Joomla 2.5 or 3.x, or just help in general getting more awareness of what is going on with your website please contact WebCitz by phone at 800-796-8263 or through email by clicking here.