WEBROOT

  • 1&1 SEF URL's problem reloaded

    A while ago I already posted an article about problems getting SEF URL's work on 1&1-s servers and thought I know how to deal with the idiosyncrasies of 1&1's (very unprofessional) server settings. I was wrong...

  • Add a Favicon to your template

    Websites can include a small image called a Favicon that appears in your web browser generally on the left of URL field and also in the bookmarks to help visually identify a site. Many are saying that is among the few real good things coming from Redmond, since the Favicon was introduced with IE3, and initially supported only by Microsoft's browsers. But now the support for Favicons became widespread and is one of differentiating factors of a website, essential part of the general look/corporate identity.

  • Adding spatial navigation and tabindex to your custom forms

    Having correctly implemented spatial navigation in your custom forms is more important, than ever these days. Unfortunately Joomla's core JForm does not support adding the required info easily (for example by creating an XML file which will output the correct code.

  • Avoid easy Joomla version detection

    There is a surprisingly easy way to detect your Joomla version - and one don't need sophisticated tools, like BlindElephant or his siblings to do it. And this information can be used by hackers to make you scream...

  • Block unvanted visitors using their IP address on your Joomla site?

    Sometimes you need to block a certain IP address, a group of addresses or certain hosts from accessing your Joomla website. Reasons may include:

    • It's a hacking attempt coming from that IP
    • Someone is scraping content from your website
    • A brute-force attack (in most cases a DoS - Denial of Service - attack is originated from that IP (there are too many requests coming from a particular IP
    • Someone continuously spamming your website
    • Some content from your site (images, media files) are hotlinked from your website.

    The solution is simple, but is advised to apply first other tools to stop these bad guys - overuse of this tip can slow down your site considerably, use it ony if you don't have anything else - or you are in hurry to stop an ongoing attack.

  • Change the file and folder permissions automatically

    File and folder permissions are a key part of your Joomla site's security. It's highly recommended that you have set them properly. They should never be 777, but ideal is 644 for files and 755 folders.

  • Change your database password while having no downtime

    Changing your database password is something you rarely need, but then you need it immediately, and with the lowest possible downtime. Why you should do that, in first time? Hm, there are many reasons/situations when you should consider changing your database access data ASAP:

    • You just got hacked
    • You have decided to end the business with your current developer, and you aren't sure that he's a trustable person
    • You have a good habit of changing all your passwords regularly
  • Directory Traversal

    A website is stored within a file system on a server. Some of the server's file system is therefore exposed to the outside world and can be accessed by an end-user's web browser. The part of the file system (or directory structure) that is visible to the outside world is limited to a specific root folder and its contents.

  • Full Path Disclosure

    Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection ) query to view the page source, require the attacker to have the full path to the file they wish to view. Then the attacker can use this info to perform other type of attacks based on the obtained information.

  • How to install Joomla to GoDaddy

    Even if hosting Joomla on GoDaddy can be challenging, and anybody ever built a site on their servers will tell you to turn to some better Joomla host, many people still choose them because of the excellent price/offering ratio. Here are a few tips that will help you get Joomla running on GoDaddy with minimum fuss.

  • How to sell your downloadable products?

    Yes, things like media files - or your software. No, I don't sell software - I give it away for free, for example here. Bu I build sites with selling capabilities. My favorite solution for it is VirtueMart, THE shop to be used with Joomla.

    Is powerful - but is not for beginners, you can easily lost here without proper guidance.

  • How to turn off magic_quotes_gpc on GoDaddy

    With arrival of Joomla 3.* the GoDaddy users are facing a new challenge - how to turn off magic_quotes_gpc. this is usually a simple task, there are many ways to do it.

  • Increase the available memory for your page

    Did you added something to a perfectly working Joomla site, and you suddenly have a blank age instead your site? Chances are that you hit the memory limit allowed to you on your server. Memory limits help to keep scripts from running out of control or using up all of your free memory. This value is generally carefully set by your host's SYSADMIN to let the hosted sites to run smoothly without bottlenecking each other by overusing this precious system resource.

  • Increase your Joomla site's SEO score with sh404SEF

    If you think, that is enough to build a nice site with a great content to have lots of visitors flowing to your site you're wrong. There are millions of webmasters trying to do the same. And Google and other search engines simply can't find, index and sort all of these sites, and show them to your potential visitors. So you need to do a little more to help these search engines - and to help yourself!

  • JFolder::create: Could not create directory

    The full error looks like this:

    JFolder::create: Could not create directory
    Warning! Failed to move file.

    You might see this nagging error every once you install something to your Joomla site. Apparently everything working, but - as any errors you see - should alert you: something isn't right with your site, and even if apparently everything works, you might have unexpected problems later!

  • Joomla update warnings via Google Webmaster Tools

    Now you have one more extra reason to use Google's very useful Webmaster Tools. Recently Google added to his arsenal of Joomla related enhancements a useful one: In the Google Webmaster Tools you will see a warning with useful details on what to do each time yor Joomla site gets outdated!

  • Move your /temp and /log folders outside of webroot

    It's always a wise move to move your sensitive files outside of the so called WEBROOT, the directory which is used by Apache to show your website. This way you can be sure, that nobody else, but your Joomla core code can use these files.

    Moving some files/folders, like the main configuration.phpor the location of admin login may be tricky, but mowing these two key folders is relatively simple.

  • Move your config file outside of webroot

    This is a core hack. Files you change as described on this page will be overwritten during updates of Joomla!

    This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.

  • No Input File Specified error on GoDaddy

    GoDaddy is notoriously buggy when comes to Joomla hosting. But when you turn on SEF, you might have another nasty surprise, instead of your site's pages you might see this:

    No Input File Specified
  • PHP Warning: It is not safe to rely on the system's timezone settings....

    With recent upgrade of a great number of servers to PHP 5.3.8 may clients reported that their site began to show error messages like

    Warning: strtotime() [function.strtotime]: It is not safe to rely on the system's timezone settings

    or

    Warning: date() [function.date]: It is not safe to rely on the system's timezone settings