I've got a whole load of EE sites under my belt and generally don't have much of a problem with spam. However, one site that I look after is getting bombarded by registration spam lately. It is an extremely low traffic site and was a bit neglected which meant it was running an old version of EE.
I've now updated the site to the latest EE version and gone through double checking that everything was locked down. I've even tried installing Low NoSpam but I'm still getting the attempted registrations.
My initial thoughts were that there was some security hole in this old version of EE. But since I have now updated everything I'm not so sure.
What is the best way to deal with this other than turning registrations off?
I personally find that RECAPTCHA is the best captcha system out there:
http://devot-ee.com/add-ons/recaptcha
It's ADA compliant, your visitors help translate books and its probably the most popular. Snaptcha would do the trick as well, but I personally think that if you need a captcha (which I hate :)) then go with RECAPTCHA :)
Oh and it's completely FREE too!!
Have you changed the Profile Member trigger word to something other than 'member'?
I had excellent results with Snaptcha for comment spam - it works for registration spam too. Worth a look.
Related
one of my clients complained that she cannot log into her Joomla installation anymore. So I checked the database and saw, that all the user names and passwords (md5 value, I used a rainbowtable to check) are set to "harun". Did anyone ever hear about that? Google doesn't...
Also: what do I need to to now (besides changing passwords)? I'm not that "big" in web-dev and never faced such a problem.
Any help appreciated.
Clearly you have a great deal of cleanup to do....I hope you have a database backup! We had the same kind of thing happen to us a couple of years back, and installed RSFirewall. While attacks still occasionally occur, this wonderful extension has cut the damage by 99% for us. Good luck!
You need to clean up the website and find and fix the point of entry.
1. clean up the website
You could restore from a backup but it can be difficult to determine the exact date the website was compromised.
You could spend days trying to find and fix compromised files yourself.
The best option is probably to use a commercial service like www.myjoomla.com or sucuri.net which cost very little and are usually effective at finding and fixing infected websites. In particular, the myJoomla security tool can identify core Joomla files that have been changed and replace the changed ones with the original files.
2. find and fix the point of entry
Update Joomla to the latest version in the series.
Update all third party extensions to the latest versions.
Update Joomla, FTP/cPanel and Database passwords.
Check the Vulnerable Extensions List at vel.joomla.org to ensure you are not using any vulnerable extensions.
Also see the Official Security Checklist at http://docs.joomla.org/Security_Checklist and https://stackoverflow.com/a/19139389/1983389 and https://joomla.stackexchange.com/a/180/120 for tips on keeping your Joomla website secure.
For long time solution its an suggestion please change your server or host. As you said MD5 are set as "harun" as per my opinion its change by some kid's hacker by sim-link or some local jommala vul. attack . If its sim-link attack then you need to worried about host else if its jommla vul. then simply change the version or update it and make cleanup on your publichtml/ or soo on .And make sure there is no other php script or perl / python script not found on your Host.
Over the last couple months I've been developing an app with the free version of MonoTouch.
Now (at the time of this question) it seems Novell killed it, and now that my app is ready, not really sure where to go. If I understand correctly, to deploy to device or package for app store, I need to get a license; do I buy one from Novell, or what? Should I just find a MonoTouch contractor that can take care of that part for me for now?
Hoping to get some wisdom from some seasoned MonoTouch folks on this one...
The Novell Store is still up, and as recently as this weekend someone reported that the activation server is still working.
However, if you don't want to risk spending money on a license right now (and I don't blame you) your best bet is to get someone with an active MT license to help you.
in order to submit an application to the appstore, you need to have an apple developer account (developer.apple.com), generate a .ipa file and submit it through your mac's application Loader/iTunes connect. More info here
(http://developer.apple.com/library/ios/#documentation/Xcode/Conceptual/iphone_development/145-Distributing_Applications/distributing_applications.html)
However, i am not sure but i think that in order to properly generate the .ipa file you need a MonoTouch license..
Over the weekend Novell/Attachmate took down the Monotouch website database. This has killed the website. I don't think it will be back.
In the short term your best bet is to find another MonoTouch user and see if they will put your application up.
Now the database is down, I'm guessing the forums have gone. Someone setup a google group before this happened hopefully this will get some traction. http://groups.google.com/group/monotouch?hl=en-GB
Xamarin have announce that they shall be launching MonoTouch and MonoDroid compatible products in the next 3 months.
see Xamarun's Website
We've just started to used bugzilla and I found the web interface quite slow and not user-friendly.
I'm wondering if anyone have a suggestion for a client desktop or a browser add-on running under windows.
I found the following page: https://wiki.mozilla.org/Bugzilla:Addons
Which one of these clients (or any other) is the best ? Any other suggestions ?
I already tried Deskzilla Lite, which seem pretty good. However, there is a lot of field (edit bug) that we don't use (i.e. hardware, os, url, depends on, etc). Is there a desktop client that allow to remove and customize the field used in the bug entry form? On this one, please do not answer I can customize the bugzilla templates, we don't want to use the web interface anyway.
Well it depends on your Bugzilla Version. Since I updated to 4.0 I've got no alternative to Deskzilla since MyZilla is not running anymore. LiveProject looks pretty neat but I never tested it, so... Deskzilla lite. :/
What is a (free) technology which requires the least amount of code for creating a website with the following requirements:
Sign-up/login
Form for adding your personal info. which gets databased
Each person can view and edit their own info
Admin can view and edit any
The form needs to be easily customizable and extensible (by the website's owner, not during run-time)
Is there a beginner tutorial for such a thing?
(For me, this question is about a friend who wants me to do this, but I want him to do it himself so I don't have to get roped into maintenance. I also want to keep it more general for the sake of Stack Overflow and future readers.)
Edit: I thought I remembered some ASP.NET tutorials that were mostly drag/drop or things where it was all but made for you from the database schema (which can be made with SSMS's GUI) but I can't seem to find them now.
Responding to posts below requesting specifics: this site will be for potential clients to sign-up and enter their company's info and fill out a form about their advertising needs.
I thought about putting this on SU instead, but since there was likely going to be some coding involved (I assumed no-code was an unreachable goal) SO seemed more appropriate.
Your friend can consider a framework like drupal. It has a bit of a learning code but, you can create a website with everything you ask for without code. You may want to modify it to change the look but there are themes for that.
Also, some hosts like godaddy.com have this installed and you do not have to worry about the complex installation procedures. Just start modifying the content of the site, select a built in template and go...
PhpBB? I think you need to specify what the website is going to be used for before you can get better/more specific answers.
... have a look at Drupal or Joomla, expect a learning curve nevertheless.
Is this friend a programmer as well? If so, I'd suggest building such a site using a PHP framework. Deploying an existing forum/wiki is also an option of course, but will probably have much more features than you describe. But if s/he's not a programmer, I don't see how s/he will be able to develop a site like that in a reasonable amount of time.
Why not using a CMS like wordpress, drupal and co. ?
I want to gather Dreamweaver Tips and Tricks making development easy.
Mine, I recently discovered that I could asign a keyboard key in inserting code from 'code snippet'. for me it's really a time and effort saver. Since I would just press the special key and code is generated.
How about yours? What are your techniques?
Thanks!
I wouldn't touch Dreamweaver with a ten-foot pole. What exactly drives you to use Dreamweaver over a tool such as Notepad++? Most developers nowadays are comfortable with simple syntax highlighting, which Notepad++ supports right out of the box, with the addition of a built-in FTP client. You get a lot more, minus the $400 you need to pay to attain features that are available in every other IDE for free.
I have used Dreamweaver since 1.0. Whilst it used to be a great web development tool it seems to have declined and become almost irrelevant, see Dreamweaver is dying.
The real problem for Dreamweaver and for its users is that the nature of the web is changing dramatically. Dynamically-generated web applications, from Amazon right down to the humble blog, all offer much more – in-built commenting, voting, RSS feeds, etc – than the best sites built on static HTML can ever hope to provide.
I actually find that Dreamweaver now makes web development harder.
I don't have enough rep to comment or I would reply to yours, Pennf0lio. When I did web development a few years ago, I used DreamWeaver solely for the Site Manager tool. I loved knowing how easily I could move a file and not break anything that referenced it.
That said, I still used Vim to actually develop the sites.