1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Freakin Joomla - I luv u, I hate u, I luv u

Discussion in 'The Shit List' started by StillSmiling, Oct 21, 2008.

  1. StillSmiling

    StillSmiling Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2008
    Messages:
    233
    Likes Received:
    77
    Normally, I'm the biggest fan of Joomla. You know the deal: Not too steep a learning curve, one click installation, lots of free components, yadda yadda.

    And (knock on wood) I've been able to escape hacking by being diligent about upgrades and keeping my modules & components up to date.

    But this recent announcement that versions 1.0.xx will no longer be supported after Summer 2009 --- to borrow from Florida Evans: "DAMN, DAMN, DAMN JAMES!!"

    I'm not sold on the 1.5.x version of Joomla! Shit, for something thats SUPPOSEDLY secure, that thang has been exploited so many times, it's freakin scary!! It seems like every month I'm getting emails saying "If you are using version 1.5.x, you must upgrade IMMEDIATELY..." :eek:

    ...Meanwhile, my 1.0.xx version sites are humming along just fine.:p

    Not only that, but a few of my most favorite mods & comps are NOT compatible with the new version.

    So now I'm pissed that I'm going to be forced to migrate to the new 1.5.xx version if I hope to have support for my Joomla sites. I guess I knew it was going to happen eventually, but HELL, not quite this soon.

    BooHoo
     
  2. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    Summer of 09 is still 8-9 months off, and even then, there is nothing saying that you will have to upgrade - all of the 1.0.xx installs and mods will keep working. In real world terms it just means that there will never be another 1.0.xx release. The 1.0.xx forge might be shut down as well, but that won't slow anyone down.

    Who knows? Someone out there might even fork the project and pick up the 1.0.xx line, and keep developing it as a separate project.

    As for 1.5.x - I feel your pain with regards to security. That said, however, 1.5.x is a much better architecture overall.

    Good luck!
     
  3. vmedia

    vmedia Regular Member

    Joined:
    Feb 6, 2008
    Messages:
    239
    Likes Received:
    28
    speaking of freaking joomla - does anyone have any freaking templates?
     
  4. bizcredit

    bizcredit Power Member

    Joined:
    Apr 1, 2008
    Messages:
    678
    Likes Received:
    253
    Occupation:
    blackhat
    Location:
    usa
    Home Page:
    freaking sorry i freaking dont
     
  5. StillSmiling

    StillSmiling Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2008
    Messages:
    233
    Likes Received:
    77
    I'm too deep in it to try drupal or any other CMS now -- though I am using WP for smaller sites & blogs, and I like it too. It's just frustrating as hell to be building 1.0.xx sites knowing that if some shithead hacks the core in Oct 09, then I'm up a creek so far as support.
     
  6. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    I would not worry too much about someone discovering a new hack for 1.0.xx. I have done extra hardening for Joomla sites in the past, though, and can offer a few general bits of advice:

    Disable front end editing entirely.

    Lock down the admin control panel with an IP restriction.

    Make sure that the admin account is named anything but admin.

    Don't use shared hosting. ;)

    If you do all of that, and don't install any dodgy extensions, you should be fine.
     
  7. bmph8ter

    bmph8ter BANNED BANNED

    Joined:
    Jun 30, 2008
    Messages:
    67
    Likes Received:
    15
    I'm in the same boat we have TONS of sites built on 1.0.xx, and I really dread support being up. What we've started doing (may or may not work for you) is just building new sites in parallel.

    When a customer calls wanting to "update" their site, we install 1.5.x in a new directory and start work on it while making the minor changes to their 1.0.xx site. It gives us time to tweak and test, and then we get a nice upsell too; just check out this new "demo" or your site we've been toying with...

    I just hope that some time between now and summer that the migration process gets some more attention. The few sites I've tried it on, it hasn't worked well at all.
     
  8. tonlilaz

    tonlilaz Executive VIP Premium Member

    Joined:
    Feb 28, 2008
    Messages:
    1,558
    Likes Received:
    1,700
    Occupation:
    Deleting crappy threads on BHW, making good use of
    Location:
    Over There
    Home Page:
    i hate joomla. i'll stick with wordpress which is a hell of a lot easier to work with and mod than joomla.

    Recently i tried to build a few joomla sites....only to tear them all down and rebuild with wordpress... sorry, i just like how freaking easy wp is and how there's so much out there for it.

    it also seems better supported imo

    :pcguru:

     
  9. whitehat

    whitehat Newbie

    Joined:
    Dec 7, 2008
    Messages:
    21
    Likes Received:
    16
    I use joomla for all my ebay stores. Plain vanilla no modules added. Most of the hacks come through 3rd party components be very careful with those.

    Joomla as you know has 3 types of extensions: plugins, modules & components.

    The components are the ones you have to be most careful with as far as security holes.

    permalinks are easy too. I hated 1.X.X and never used that.

    But sine 1.5.x I am a fan.

    For smaller sites I use WP

    I feel your pain though. I did a few upgrades for customers 1.x.x to 1.5.x Ouch!



    So for me it's WP & Joomla :)
     
  10. twinkletoes

    twinkletoes Junior Member

    Joined:
    Jun 4, 2008
    Messages:
    190
    Likes Received:
    60
    Thanks - the only one I'd have a big problem with is the IP - mine roams with evdo and for most things it is a blessing but I've had to warn some sites I've purchased from that I'm a wanderer.

    What is wrong with the shared hosting?
     
  11. mattstrike

    mattstrike Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    208
    Likes Received:
    76
    Occupation:
    Internet Marketing Arms Dealer
    Location:
    USA
    Home Page:
    Lockdown by IP is not essential, you can do a .htaccess username/password (most control panels will do this for you these days) as well. The point is just to have a second, non-Joomla, layer of authentication for the admin area.

    Shared hosting is the bane of Web security. There are endless variations on the scheme, but the way that it typically works is something like this: You have a decent, but not 100% secure setup, but someone else on the same server gets hacked because they are basically asking for it. The hacker now has access to another account on the same server. There are a variety of attacks that only work (or work much better) when launched from the same server, so your site which seemed pretty secure from the outside, can now be compromised. In theory, a good host will patch their servers to prevent this, but in practice. . .

    Still, if you must run on shared hosting, take a little bit of time to harden your installation, and you will be much better off. Otherwise, make sure that you have a good backup plan in place.
     
  12. stinky_boy

    stinky_boy Junior Member

    Joined:
    Nov 21, 2008
    Messages:
    128
    Likes Received:
    35
    Occupation:
    head games
    Location:
    money street
    I also have mixed feelings about joomla and all the security issues I've had in the past are from 3rd party components. My pr3 site was hacked last year(sent out around 9000 spam emails w/viruses) and I never rebuilt it.

    I use both vs. 1.x and 1.5 and your right about 1.5 and the problems, but joomla is not a stranger to this in the past and it's bitch when you have to visit the joomla site constantly to make sure your everything is up to date.

    The only thing I can say is to backup your database and site. The only good part about 1.5 is that you can still use many of the 1.x components/modules.
     
  13. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:
    I use joomla daily for clients I usually don't install any 3rd party mods since I make my own.
    joomla is much more diverse than WP IMO but to each his own.

    also some freaken good templates at this freaken site
    Code:
    http://vhxm.net/error/joomla/

    freaken enjoy
     
  14. ukescuba

    ukescuba Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 24, 2008
    Messages:
    994
    Likes Received:
    634
    Occupation:
    Mobile Marketer & QR Code Junkie
    Location:
    San Antonio, TX
    Home Page:
    we build a lot of joomla sites both 1.0 and 1.5 and will be launching a membership site soon showing you how to make money from joomla and how good an SEO tool it can be.

    anyhow for me - joomla 1.0.x is great just gotta keep an eye on updated third party apps... and like people have said before make sure your .htaccess your admin area and dont leave any folders 777

    i do love the new architectural structure of 1.5 but not many developers seem to be taking advantage of it. Converting from 1.0 isnt that difficult either there are some good plugins that help on the way - my biggest advice if using 1.5 is use the key redirect security plugin it basically masks the administrator folder so no one can easily access it.

    Overall advice when using either version of joomla or any website for that matter backup backup backup! there are automated components that can do this for you just look in the extensions section over at joomla :)
     
  15. marcostx9

    marcostx9 Newbie

    Joined:
    May 19, 2007
    Messages:
    17
    Likes Received:
    52

    HTML:
    http://shack.ru/forum/
    tons of Joomla templates,go to the bottom and change language to english, cause the default language is russian.
    Enjoy it!
     
  16. biffo

    biffo Regular Member

    Joined:
    Nov 24, 2008
    Messages:
    249
    Likes Received:
    54
    Occupation:
    This & That
    Location:
    Nottingham
    I just got pure hate for joomla.
     
  17. senecapharm

    senecapharm Registered Member

    Joined:
    Oct 18, 2008
    Messages:
    89
    Likes Received:
    8
    I answered this on another thread, if your going for really good, free templates, there is a Joomla template contest and the contestants have the best looking, fastest templates (even better than some paid templates).
     
  18. StillSmiling

    StillSmiling Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2008
    Messages:
    233
    Likes Received:
    77
    Have you guys been following the 1.6.x developments? Not only that, but rumor has it that there is a 2.0 version in the works that's gonna really shake things up (supposedly this is why so many extension providers are holding out on building 1.5.x native extensions)

    **Ukescuba, can you direct us to a decent migration instruction link? My experience with this has so far been an exercise in frustration. Smaller sites are ok. But anything over 500pgs and it's a no go for me. I've been following the official migration instructions over at j00mla.org word for word, but it's hit or miss--- mostly miss.

    Guys, you gotta be careful with those templates. There's plenty of great free templates available from decent sources. But I'd be wary as hell of using paid templates that folks make available for free -- all kinds of extra code/backdoors/etc have been found in those things, and you don't want to be adding your sob story to the "I got hacked" tales.