Freakin Joomla - I luv u, I hate u, I luv u

Status
Not open for further replies.
StillSmiling

StillSmiling

Regular Member
Joined
Mar 8, 2008
Messages
233
Reaction score
77
Normally, I'm the biggest fan of Joomla. You know the deal: Not too steep a learning curve, one click installation, lots of free components, yadda yadda.

And (knock on wood) I've been able to escape hacking by being diligent about upgrades and keeping my modules & components up to date.

But this recent announcement that versions 1.0.xx will no longer be supported after Summer 2009 --- to borrow from Florida Evans: "DAMN, DAMN, DAMN JAMES!!"

I'm not sold on the 1.5.x version of Joomla! Shit, for something thats SUPPOSEDLY secure, that thang has been exploited so many times, it's freakin scary!! It seems like every month I'm getting emails saying "If you are using version 1.5.x, you must upgrade IMMEDIATELY..." :eek:

...Meanwhile, my 1.0.xx version sites are humming along just fine.:p

Not only that, but a few of my most favorite mods & comps are NOT compatible with the new version.

So now I'm pissed that I'm going to be forced to migrate to the new 1.5.xx version if I hope to have support for my Joomla sites. I guess I knew it was going to happen eventually, but HELL, not quite this soon.

BooHoo
 
Advertise on BHW
Summer of 09 is still 8-9 months off, and even then, there is nothing saying that you will have to upgrade - all of the 1.0.xx installs and mods will keep working. In real world terms it just means that there will never be another 1.0.xx release. The 1.0.xx forge might be shut down as well, but that won't slow anyone down.

Who knows? Someone out there might even fork the project and pick up the 1.0.xx line, and keep developing it as a separate project.

As for 1.5.x - I feel your pain with regards to security. That said, however, 1.5.x is a much better architecture overall.

Good luck!
 
speaking of freaking joomla - does anyone have any freaking templates?
 
mattstrike said:
Summer of 09 is still 8-9 months off, and even then, there is nothing saying that you will have to upgrade - all of the 1.0.xx installs and mods will keep working. In real world terms it just means that there will never be another 1.0.xx release. The 1.0.xx forge might be shut down as well, but that won't slow anyone down.

Who knows? Someone out there might even fork the project and pick up the 1.0.xx line, and keep developing it as a separate project.

Fingers are crossed!:)

As for 1.5.x - I feel your pain with regards to security. That said, however, 1.5.x is a much better architecture overall.

I have a couple of sites using 1.5.x and I hate to admit it, but I do like it better. :rolleyes: The only things -- BIG things tho -- are the security upgrades every month and the fact that about half of my fav components still aren't compatible. If these two issues could be resolved, I'd gladly build all of my joomla sites in 1.5.x from now on.

Good luck!
Click to expand...

I'm too deep in it to try drupal or any other CMS now -- though I am using WP for smaller sites & blogs, and I like it too. It's just frustrating as hell to be building 1.0.xx sites knowing that if some shithead hacks the core in Oct 09, then I'm up a creek so far as support.
 
I would not worry too much about someone discovering a new hack for 1.0.xx. I have done extra hardening for Joomla sites in the past, though, and can offer a few general bits of advice:

Disable front end editing entirely.

Lock down the admin control panel with an IP restriction.

Make sure that the admin account is named anything but admin.

Don't use shared hosting. ;)

If you do all of that, and don't install any dodgy extensions, you should be fine.
 
I'm in the same boat we have TONS of sites built on 1.0.xx, and I really dread support being up. What we've started doing (may or may not work for you) is just building new sites in parallel.

When a customer calls wanting to "update" their site, we install 1.5.x in a new directory and start work on it while making the minor changes to their 1.0.xx site. It gives us time to tweak and test, and then we get a nice upsell too; just check out this new "demo" or your site we've been toying with...

I just hope that some time between now and summer that the migration process gets some more attention. The few sites I've tried it on, it hasn't worked well at all.
 
i hate joomla. i'll stick with wordpress which is a hell of a lot easier to work with and mod than joomla.

Recently i tried to build a few joomla sites....only to tear them all down and rebuild with wordpress... sorry, i just like how freaking easy wp is and how there's so much out there for it.

it also seems better supported imo

:pcguru:

StillSmiling said:
Normally, I'm the biggest fan of Joomla. You know the deal: Not too steep a learning curve, one click installation, lots of free components, yadda yadda.

And (knock on wood) I've been able to escape hacking by being diligent about upgrades and keeping my modules & components up to date.

But this recent announcement that versions 1.0.xx will no longer be supported after Summer 2009 --- to borrow from Florida Evans: "DAMN, DAMN, DAMN JAMES!!"

I'm not sold on the 1.5.x version of Joomla! Shit, for something thats SUPPOSEDLY secure, that thang has been exploited so many times, it's freakin scary!! It seems like every month I'm getting emails saying "If you are using version 1.5.x, you must upgrade IMMEDIATELY..." :eek:

...Meanwhile, my 1.0.xx version sites are humming along just fine.:p

Not only that, but a few of my most favorite mods & comps are NOT compatible with the new version.

So now I'm pissed that I'm going to be forced to migrate to the new 1.5.xx version if I hope to have support for my Joomla sites. I guess I knew it was going to happen eventually, but HELL, not quite this soon.

BooHoo
Click to expand...
 
I use joomla for all my ebay stores. Plain vanilla no modules added. Most of the hacks come through 3rd party components be very careful with those.

Joomla as you know has 3 types of extensions: plugins, modules & components.

The components are the ones you have to be most careful with as far as security holes.

permalinks are easy too. I hated 1.X.X and never used that.

But sine 1.5.x I am a fan.

For smaller sites I use WP

I feel your pain though. I did a few upgrades for customers 1.x.x to 1.5.x Ouch!



So for me it's WP & Joomla :)
 
mattstrike said:
I would not worry too much about someone discovering a new hack for 1.0.xx. I have done extra hardening for Joomla sites in the past, though, and can offer a few general bits of advice:

Disable front end editing entirely.

Lock down the admin control panel with an IP restriction.

Make sure that the admin account is named anything but admin.

Don't use shared hosting. ;)

If you do all of that, and don't install any dodgy extensions, you should be fine.
Click to expand...

Thanks - the only one I'd have a big problem with is the IP - mine roams with evdo and for most things it is a blessing but I've had to warn some sites I've purchased from that I'm a wanderer.

What is wrong with the shared hosting?
 
Lockdown by IP is not essential, you can do a .htaccess username/password (most control panels will do this for you these days) as well. The point is just to have a second, non-Joomla, layer of authentication for the admin area.

Shared hosting is the bane of Web security. There are endless variations on the scheme, but the way that it typically works is something like this: You have a decent, but not 100% secure setup, but someone else on the same server gets hacked because they are basically asking for it. The hacker now has access to another account on the same server. There are a variety of attacks that only work (or work much better) when launched from the same server, so your site which seemed pretty secure from the outside, can now be compromised. In theory, a good host will patch their servers to prevent this, but in practice. . .

Still, if you must run on shared hosting, take a little bit of time to harden your installation, and you will be much better off. Otherwise, make sure that you have a good backup plan in place.
 
I also have mixed feelings about joomla and all the security issues I've had in the past are from 3rd party components. My pr3 site was hacked last year(sent out around 9000 spam emails w/viruses) and I never rebuilt it.

I use both vs. 1.x and 1.5 and your right about 1.5 and the problems, but joomla is not a stranger to this in the past and it's bitch when you have to visit the joomla site constantly to make sure your everything is up to date.

The only thing I can say is to backup your database and site. The only good part about 1.5 is that you can still use many of the 1.x components/modules.
 
I use joomla daily for clients I usually don't install any 3rd party mods since I make my own.
joomla is much more diverse than WP IMO but to each his own.

also some freaken good templates at this freaken site
Code: 
http://vhxm.net/error/joomla/


freaken enjoy
 
we build a lot of joomla sites both 1.0 and 1.5 and will be launching a membership site soon showing you how to make money from joomla and how good an SEO tool it can be.

anyhow for me - joomla 1.0.x is great just gotta keep an eye on updated third party apps... and like people have said before make sure your .htaccess your admin area and dont leave any folders 777

i do love the new architectural structure of 1.5 but not many developers seem to be taking advantage of it. Converting from 1.0 isnt that difficult either there are some good plugins that help on the way - my biggest advice if using 1.5 is use the key redirect security plugin it basically masks the administrator folder so no one can easily access it.

Overall advice when using either version of joomla or any website for that matter backup backup backup! there are automated components that can do this for you just look in the extensions section over at joomla :)
 
vmedia said:
speaking of freaking joomla - does anyone have any freaking templates?
Click to expand...


HTML: 
http://shack.ru/forum/
tons of Joomla templates,go to the bottom and change language to english, cause the default language is russian.
Enjoy it!
 
vmedia said:
speaking of freaking joomla - does anyone have any freaking templates?
Click to expand...

I answered this on another thread, if your going for really good, free templates, there is a Joomla template contest and the contestants have the best looking, fastest templates (even better than some paid templates).
 
Have you guys been following the 1.6.x developments? Not only that, but rumor has it that there is a 2.0 version in the works that's gonna really shake things up (supposedly this is why so many extension providers are holding out on building 1.5.x native extensions)

**Ukescuba, can you direct us to a decent migration instruction link? My experience with this has so far been an exercise in frustration. Smaller sites are ok. But anything over 500pgs and it's a no go for me. I've been following the official migration instructions over at j00mla.org word for word, but it's hit or miss--- mostly miss.

Guys, you gotta be careful with those templates. There's plenty of great free templates available from decent sources. But I'd be wary as hell of using paid templates that folks make available for free -- all kinds of extra code/backdoors/etc have been found in those things, and you don't want to be adding your sob story to the "I got hacked" tales.
 
Advertise on BHW
Status
Not open for further replies.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top