Well...Joomla and various components it uses seem to be getting hit heavily lately. Numerous reports are popping up about sites being hit (primarily through exploits in 3rd party components).

However, the biggest statement that seems to be popping up is to make sure that Register Globals is set to "off"....Of course, this has always been the practice for alot of us but what I didn't actually realise is that Joomla itself emulates Register Globals as ON.

Websmurf posted this on the Joomla forum earlier:

After being hacked through facileforms today, with register globals off, i've done a bit of research.

If you have register globals off, make sure your globals.php file is configured like this:


define( 'RG_EMULATION', 0 );

in stead of with the default:



define( 'RG_EMULATION', 1 );

Else, Joomla will emulate register globals on, and the effect of register globals off will be gone..

So even with Register Globals set off in server, Joomla in its very special way of doing things counteracts that....So needs to be modified also.

Community Builder has also released a security update recently.

T.

This might be worth a look at and a try out as an alternative to the insecure (most of the time) script kiddie magnet, Mambo/Joomla.

http://www.xaraya.com/

Will this effect other scripts running on the server?

How would I go about changing globals.php?

Does this affect joomla 1.0.10?, joomla 1.5?

It will effect all versions of Joomla.

No one is 100% sure which scripts will be effected by altering global.php, but generally most of the components are written not to depend on Register Globals so the majority of them should be fine.

However, some of the Ako components have a problem and require editting. Also, Joomlaboard has a problem and needs to be editted.

Any problems with components that are discovered will be reported on the Joomla forum...The solutions are already posted on their forum for Ako and Joomlaboard.

You need to download global.php via ftp and change it with your editor of choice then reupload it.

UGH! This is starting to become the norm with Joomla.

To be honest, I have grown to really dislike the thing...I've been using it for a *long* time now starting back with Mambo then migrating when the Joomla fork came...

If I didn't have a 700 member site powered by it I'd have dumped it long ago.

I am playing around with modx cms (framework) now...Have been for a little while. Its sooo much cleaner than Joomla, and you can achieve things so much easier (template changes so graceful and easy...content control really sweet..), generally things you can't do with Joomla, simply because modx is a framework so you build onto it what you like rather than be limited by Joomlas architecture.

That said I can't see me porting over my sites from Joomla to it (or any other CMS for that matter) in the near future due to the heavy customisations I have made to Joomla...Which is such a pain!

If you have register globals off, make sure your globals.php file is configured like this:
define( 'RG_EMULATION', 0 );
in stead of with the default:

define( 'RG_EMULATION', 1 );


Certain modules will need additional steps to be usable when changing the RG_Emulation:
http://forum.joomla.org/index.php/topic,86525.0.html