Not the website you're looking for? Click here for Webalicious
 

Web Design and Web Development Blog from Webilicious in Tasmania

Protecting your Joomla Website from Spammers

No Spam

CAPTCHA is No Longer Sufficient

Forums, registration forms and other forms can usually be protected from spammers using CAPTCHA codes or other security extensions such as the excellent EasyCalcCheck PLUS.

Sophisticated spammers are now circumventing CAPTCHA codes on websites using techniques such as:

  • low paid human workers manually entering the codes
  • clever spam bots that use OCR to decipher the codes
  • high traffic websites owned by the spammers that redisplay the a target website CAPTCHA code on their own website, have it solved by a visitor and then use the solution on the website they wish to spam

At least one of my clients is affected and a better solution is required.

Keeping One Step Ahead of the Spammers

There are several services on the web such as projecthoneypot.org and stopforumspam.com that maintain lists of the IP addresses of known spammers and hackers. We can team these services up with a suitable Joomla extension to stop the spammers from accessing the website at all.

I have chosen Akeeba Admin Tools Professional as my preferred solution. An Admin Tools Professional subscription at €20 is excellent value for money and has many other useful features apart from the IP Address blocking.

Enable protection in Akeeba Admin Tools as follows:

  • Register an account and apply for a key at http://www.projecthoneypot.org/httpbl_configure.php (it's free)
  • At Components -> Admin Tools -> Web Application Firewall -> Configure WAF -> Project Honeypot integration, set:
    • Enable HTTP:BL filtering: Yes
    • Project Honeypot HTTP:BL Key: [enter your own key here]

Known hackers and spammers will now be blocked from accessing your Joomla website.

Free Spam Protection

You can find more free and commercial IP address blocking extensions in the Site Protection and Spam Protection categories in the Joomla Extensions Directory.

Some promising free extensions (so far untested by me) are:

What are you using to foil spammers?

Backup, Backup, Backup!

Akeeba Backup Logo

Why Backup A Website?

Everyone with a website knows, or should know, the importance of regular backups. There are many reasons that you may have need of a recent backup. For example:

  • your website could be compromised by hackers
  • the server on which your website is hosted could fail
  • your web hosting company may not have a recent backup of your website (check your terms and conditions - many web hosting companies have no guarantees in regard to backups)
  • your web hosting company could go out of business
  • an administrator could inadvertently delete content or misconfigure your website

Backing up a Joomla Website

Backing up a Joomla website is so easy, there are no excuses to defer this important task.

The undisputed backup tool of choice for Joomla is Akeeba Backup. It is very simple to download, install and run Akeeba Backup which backs up all your files and the database into one neat compressed file. This should then be copied via FTP to your local machine or somewhere else safe.

How Often Should I Back Up?

The answer to this question is usually, "how much can I afford to lose?".

A static website which rarely changes may only need to be backed up once every few months. A website with a few content updates each month might need to be backed up every month. A busy e-commerce website may need to be backed up every day.

How Much Does It Cost?

The free version of Akeeba Backup does an efficient job with the paid version of Akeeba Backup having a few extra features such as the ability to back up to DropBox and elsewhere in the cloud. See the feature comparison for more details.

The Alternative

I was recently asked to investigate a hacked Joomla 1.5 website (not one that I built or looked after, I hasten to add).

The best way to recover from a hacked website is to start with a known clean copy of the website. Unfortunately, the client did not have his own backup so we had to rely on the web hosting company. After many support emails and a few weeks, it became apparent that the web hosting company had no suitable backup.

The only alternative, apart from rebuilding the website from scratch, was to identify and remove all the malicious code. With over 15.000 files in this particular website, it was like looking for a needle in a haystack! Eventually, malicious code was removed from three files and a malicious file was removed to restore the website. This is not the preferred way to restore a hacked website as you can never be 100% confident that you have removed all the malicious code. This method is also more time consuming and costly!

When did you last back up your website?

Joomla Maintenance and Backup Subscriptions

  Economy Business Enterprise
Monthly Cost $39 per month $69 per month $99 per month
Annual Cost $390 per year* $690 per year* $990 per year*
Third party extensions up to 10 extensions up to 20 extensions up to 30 extensions
Monthly Report Yes Yes Yes
Free initial security audit (valued at $220) Yes Yes Yes
Monitor new Joomla and third party extension updates Yes Yes Yes
High priority Joomla updates installed within 24 hours Yes Yes Yes
High priority third party extension updates installed within 24 hours Yes Yes Yes
Non-critical Joomla and third party extension updates installed quarterly Yes Yes Yes
Monthly off-site backups Yes Yes Yes
Non-critical Joomla and third party extension updates installed monthly No Yes Yes
Installation of web application firewall (e.g. Akeeba Admin Tools Pro) No Yes Yes
Weekly off-site backups No No Yes
Monthly malware scan No No Yes

* Pay 12 months in advance and get 2 months free.

Remository Migration from Joomla 1.5 to Joomla 2.5

Remository Logo

This is the fifth article in a series of Joomla component migration instructions. Published so far are:

Remository Migration

Note: The database tables must be copied across to Joomla 2.5 before installing Remository on Joomla 2.5 as the installation procedure will add new database fields if required. If you do this in the wrong order, the fields won't be created.

This procedure was successfully tested using the following versions:

  • Joomla 1.5: Remository v3.53.13J
  • Joomla 2.5: Remository v3.54.05J2

Migration Procedure

  1. Install Joomla 2.5 in new sub folder.
  2. Migrate core functions including user accounts with SP Upgrade or similar.
  3. Upgrade Remository on Joomla 1.5 to latest version, if it isn't already. Note: You need to uninstall the old version and then install the new version. Since version 3.40, data and configuration are not lost across an upgrade.
  4. Export the 14 x Remository database tables from Joomla 1.5 with "Quick" and "SQL" options. Note: Assuming they are not too large, you can multiple select tables and export and import them as one file:
    • jos_assignments
    • jos_downloads_blob
    • jos_downloads_classify
    • jos_downloads_containers
    • jos_downloads_credits
    • jos_downloads_email
    • jos_downloads_files
    • jos_downloads_file_classify
    • jos_downloads_log
    • jos_downloads_repository
    • jos_downloads_reviews
    • jos_downloads_structure
    • jos_downloads_text
    • jos_permissions
  5. If necessary, amend table prefixes by searching and replacing all of the old prefixes e.g. jos_ to j25_ inside the file(s).
  6. Import the Joomla 1.5 Remository database tables into Joomla 2.5.
  7. If the tables are too big for export/import, and they are on the same server, you may be able to use the copy table operation instead of import/export.
  8. Install the latest Remository version on Joomla 2.5. The database tables are automatically modified with extra fields, if needed.
  9. Check for and copy any files in the file system. Locations will be specified as absolute paths in the configuration.
  10. If paths in the site have changed, you may need to update the configuration.

References:

http://remository.com/faq/remository-upgrades/upgrade-remository/
http://remository.com/faq/remository-general/migrating-remository/
http://remository.com/forum/func,view/catid,5/id,18564/
http://remository.com/forum/func,view/catid,15/id,18376/
http://remository.com/forum/func,view/catid,15/id,18130/

Migrate My Joomla Website

Migrate from Joomla 1.5 to Joomla 3.x

The cost of migrating from Joomla 1.5 to Joomla 3.x depends on the number of third party extensions and whether there are Joomla 3.x equivalents, whether there is an equivalent Joomla 3.x template and other factors. A straightforward Joomla 1.5 to Joomla 3.x migration typically takes at least five hours and costs from around $450.

Contact me for a quote.

Migrate from Joomla 2.5 to Joomla 3.x

The cost of migrating from Joomla 2.5 to Joomla 3.x depends on the number of third party extensions and whether there are Joomla 3.x equivalents, whether there is an equivalent Joomla 3.x template and other factors. A straightforward Joomla 2.5 to Joomla 3.x migration migration typically takes at least three hours and costs from around $250.

Contact me for a quote.

Creating a Chamber of Commerce Website using Joomla

Mundaring Chamber of Commerce

Mundaring Chamber of Commerce

The latest website created by Webilicious ® is for the Mundaring Chamber of Commerce. The Chamber officially came into existence in August 2011, taking over from The Eastern Hills Business Association and aims to support and promote local businesses in the Mundaring Shire and surrounding area.

As usual, it was a case of finding out about best practice with this type of website and being inspired by existing Chamber websites.

The main challenge with this particular job was working out how to marry a subscription system and a business directory as there did not appear to be any "off-the-shelf" Joomla Chamber of Commerce or similar extension available.

The solution was to use Community Builder with CBSubs and ChronoForms. A new profile tab was created in Community Builder with custom fields created for member business details. Community Builder Field Management enables you to create text fields, drop down lists, drop down multiple select lists, text areas and even full text editor text areas. Members can update their own business directory listing by updating the relevant tab in their profile. The business directory consists of four ChronoForms with PHP code that queries and displays information from the Community Builder tables:

  1. Business Categories - displays an index of categories
  2. Business Listings - displays a list of businesses in a particular category
  3. Business Listing - displays a detailed listing of a particular business
  4. Business Search - search by business name

The PHP code includes a check of the CBSubs subscription status and also checks a "List in Business Directory" = Yes/No Community Builder field so that listings are only shown if members have an active subscription and if they enable the option in their profile.

Subscription Features

All the usual CBSubs subscription features are available. In this particular case, memberships are configured to match the financial year with the new "promotions" plug-in enabling pro-rata payments. GST is also enabled.

Business Directory Features

Members can enter all their relevant business details including the business name, category, address, logo, images, description, phone, mobile, email, website and also social networking links such as Facebook and Twitter etc. Only the fields that are completed are displayed in the business directory listings.

Members can choose multiple categories for their business.

If a subscription expires, the listing is automatically disabled in the directory until the member renews.

Other Features

Other features that make up the website include:

  • "Member Stories" blog featuring stories from Chamber members.
  • "Resources" implemented using the built-in Joomla weblinks feature.
  • Events with various categories implemented using JEvents including "Upcoming Events" module.
  • News with various categories implemented using the built-in Joomla category blog feature.
  • Contact form using ChronoForms.
  • Mailing list and newsletter features are implemented using AcyMailing including a customised template for the client.
  • Comments are enabled on some of the article categories using JComments.
  • Social networking "follow" and "share" features implemented using PGT SocialWeb and Social Media Icon Links.
  • Easy Folder Listing has been installed to make it easy for administrators to upload minutes in the Members Only section.
  • RokStories is used to rotate banner advertisements paid for by sponsors.

The excellent CBJuice was used to help import the existing member data.

Web Design

The "Momentum" template from RocketTheme has been installed and customised with an appropriate background image, transparent main and module areas. The logo is another excellent job from C6 Media Solutions.

Search Engine Optimisation

Basic on-site SEO has been implemented using sh404SEF.

ChronoForms has been configured so that the business directory listing for each business contains the business name in the url.

Feel the Quality

Checking the score in the Nibbler test tool reveals a score of 8.2 which is excellent considering that little to no social networking has yet been done.