CNP Security for JoomlaExperts in the field anticipate cyber-crime in 2012 could rise as high as 7000% from 6 years ago

Wow, the more we learn about web security these days and the capabilities of hackers, the more we are in awe! So many folks do not adequately protect their web assets from even the many common or well know threats and vulnerabilities let alone the even more dangerous cyber criminals that could completely steal your identity and milk your bank accounts.

In a recent security audit we found that if you are not protected with a tool like Secure Live (www.securelive.net) and other server side security monitoring solutions, hackers can find ways to penetrate the deepest levels of your server environment by installing stealth scripts that allow them to do just about anything they want with your data and any other data stored on the server. These scripts can be buried layers deep in directories that you would never find and could go virtually undetected allowing the hacker to leverage your server for a variety of exploitations.

This is serious stuff folks!

Stats on cyber-crime over the past 6 years:

  • 2008 - 2009 +22%
  • 2009 - 2010 +56%
  • 2010 - 2011 +726%
  • 2011 - 2012 +2965% at a cost of 216.7 billion dollars
  • Competitors and disgruntled employees make up over half of the cyber-attack sources

 

 

These are not just kids anymore having fun by putting up a picture of a penguin on your index page just because they can… to be cool in some underground community. Let’s say that your web site gets hacked by someone that could access the entire server or even worse a whole cloud environment where they could download databases with credit card numbers and other personal information. Maybe you are doing all of the right things to protect folks from getting in to your web site from the front end but what if someone came in from the server back door any time they wanted, and they were able to get in and take what they wanted and then get out again without you or anyone else even knowing about it? What if a hacker found out this open door into your site and broadcast it to every other hacker on the internet? Can you imagine how vulnerable you could not only be yourself but how vulnerable you could make your customers if you do not take adequate steps to protect their trust in you?

I used to work for a Government contractor and achieved a security clearance because it was required for the information and content I was exposed to. When you are working with highly sensitive or confidential data the importance of security is driven into you in a way that the process of proactive protection has to become a natural reflex. They do this by constantly keeping you alert and they require annual refresher courses just so this stays at the top of your thought process. It actually is everyone’s responsibility to protect and be on the look-out.

In the commercial world I think this attention to creating a proactive culture for security can get diverted by economic conditions or other priorities at a given moment. There is usually not a specific protocol to follow nor consistent training available especially in smaller and mid-sized companies. In addition, many folks do not know the right questions to ask nor do they fully understand the technology or the consequences and thus leave themselves vulnerable to the whims of a crafty cyber hacker. Since over half of cyber threat activity comes from your competition or former employees you need to also take proactive security measures off line as well.

Locking down open source web environments:

In our little corner of the world with Joomla, Drupal and other open source technologies we have to pay special attention to this and try to share as much available information to inform our customer on best practices for protecting their investments as well as how they can be the most proactive with security.

What can you do?

  1. Make sure you work with a technical support team that is proactive about security.
  2. Stay in the loop on the latest trends and vulnerabilities
  3. Learn to ask the right questions and make them habits
  4. Train your team and establish protocols and procedures to follow
  5. Keep your web applications up to date
  6. Use SecureLive to monitor and lock down your web portals
  7. Never let security slip from the top of your priority list.

Remember a hacker is like a cancer, if you catch it in time you can prevent it from spreading or getting beyond control but you must completely remove it once it is discovered and make sure you monitor your vulnerability while keeping health conscious habits. However, the best defense is always prevention.

There are many sites online you can review to stay up on this and I recommend a few Google searches to explore the available information online but here is a good web site to monitor for security breaches that you can proactively respond to:

http://www.exploit-db.com/webapps/

In addition with open source projects like Joomla! CMS they have a whole team dedicated to security. We post an rss feed directly from Joomla in our news section on www.joomladesignservices.com and try to get timely notifications out to our clients with required actions and recommendations.

This article reviews approaches to developing custom extensions vs “hacked” code solutions for a Joomla CMS but the principles are more universal in concept.

First let’s explore some of the many definitions of a “code hack”, not to be confused with a commonly known intruder typically known as a “hacker”.  Then we need to define what we are referring to as it relates to developing a quality Joomla CMS portal. Below are some quotes I found on the web related to a code hack that range from an appropriate method for solving a coding problem vs someone with limited skill providing a less than adequate mess of “spaghetti code”. The term “hacker” traces its origins back to making rough furniture with a hatchet and a stump. That seems to fit nicely — a very quick solution that solves a particular problem good enough. This approach would not equate to the fine craftsmanship of a quality piece of furniture nor offer the longevity for a sustainable solution.

A few definitions I found online (I am sure there are more):

  1. “An incredibly good, and perhaps very time-consuming, piece of work that produces exactly what is needed”
  2. “to cut or sever with repeated irregular or unskillful blows”
  3. “an appropriate application of ingenuity.”
  4. “a quick-and-dirty patchwork job”

So the real question here is: When and why should I use a code hack vs a packaged extension?

I want to focus this article’s reference in regard to number 3 and 4. Sometimes there is not enough time or available resources to implement a solution to its fullest extent but you need to resolve a problem quickly yet effectively for the intended purpose. This would mean that you alter the core code in a way that solves your problem but perhaps would need to either be implemented again or maintained over the evolution of your project. Many times though unfortunately developers do not always leave good comments or breadcrumbs for keeping up on these modifications and thus when you upgrade your site you are left with the same problem all over again.

How “Joomla specific” are the developers you are working with?

If your developers are good at sharing comments and notes related to the changes then a hack can often be the “path of least resistance” and least expensive way to meet your challenge. However, if this is not the case then you need to make sure that you work with professional Joomla extension developers to make sure you get a clean bundled installable Joomla extension that can be easily maintained with version control and change logs.

Properly developed and packaged Joomla extensions cost a little more to complete upfront but significantly reduce the headaches, hassle, maintenance and expense over time. It has been our experience on larger more complicated projects you always want to choose to spend the extra time and money up front to have a proper extension built for your solution and when it is not possible to bundle the solution completely that you get clearly defined change logs that you can refer to the next time you have to upgrade your site. Remember in the world of open source you really need to keep your environment up-to-date and current to reduce potential security breaches. Try not to be short sighted in your approach or it may come back to bite you later if a bad guy “Hacker” with ill will finds a way to interrupt the presentation of your web site.

CNP Integrations specializes in developing custom components, plug-in’s, and modules for Joomla! CMS. For more information or a free consultation with a project manager call: 1-508-644-1553

Mobile applications are growing in popularity and it is becoming increasingly important now that you tailor your web portal to be supported in mobile environments. Fortunately Joomla! CMS has several extensions and template configurations that will offer this capability.

Start with a smart template:

Using a third party template vender for your design foundation can save you a ton of time and money when implementing a mobile strategy for your site.  Rocket Theme or YooTheme templates for are a good example of template venders that have built in features for presenting your portal on mobile devices. You are allowed in these templates to configure primary menus for a mobile user which allows you to segment content just for your mobile user. This is often a good idea if you have a portal that leverages a lot of 3rd party components since not all components will display as well as others in a mobile browser. There is also a great component/template extension called “MobileJoomla” which is simple to install and works pretty much right out of the box. It is very important to test and view your portal on the targeted mobile devices so you can see what your users are seeing and adjust where required to create an optimized mobile user experience.

Do Not use Flash:

I sooo love flash interactive for some of the cool things you can do with it but unfortunately this does not work on iphones of ipads and many other mobile devices so you need to not direct users to any pages with flash content.

Smartphone Applications:

Sometimes you may want or need to have an actual application available for your portal to take advantage of unique features. For example if you are using JomSocial for a site with a social network you may want to consider getting an branded application for your portal from the folks at iJoomer.com. What I have noticed is that the JomSocial pages do not display well in a normal browser experience on most smart phones. However with an iJoomer application branded to your portal smart phone users can download from their phone and access these features in very nice mobile layout.

Overall there some good tools available now and surely more will evolve over time so make sure you think through your user experience for mobile users when designing your Joomla portal.

CNP Integrations builds and customizes portals for mobile and can help you with this. Feel free to call for a free consultation on your next Mobile Joomla! CMS portal project. 1-508-644-1553

CNP Integrations has developed a revolutionary new tool that can help you migrate Drupal to Joomla!, giving you the power to migrate your website to a stable, versatile platform that combines the power of an extensible framework, with the ease of use of the Joomla! administrator.  With this service provided for any webmaster, you now have the ability to seamlessly magrate, convert, and integrate all of your current data from Drupal, into the award winning Joomla! CMS.

CNP Integrations is now offering this as a service.  This service was developed for you after a proprietary Drupal to Joomla! migration and conversation was made for one of our clients.  This migration resulted in the successful move from a “hacked” Drupal environment, with many modifications made in order to accomplish the sites goals, to a new Joomla! environment where, along with K2, a more sustainable workflow was implemented, with much less customizations required.  This migration successfully ported over 20,000 content pieces, comments for each article, as well as thousands of users for the sites that were migrated.  In our research, this has never been done before.  We could not find any instances of a successful Drupal to Joomla! migration or conversion documented, nevertheless one of this magnitude

Here’s How Our Drupal to Joomla! Migration Works

CNP Integrations developers have analyzed and mapped the entire database structure for Drupal content nodes, and mapped those to Joomla! Content Component, or the K2 Content Kit for those that demand even more flexibility.  From there, our developers can safely migrate all your content directly from your database into a new Joomla! installation.  This has already been done for all of Drupals core content options, meaning you won’t lose anything from your existing content, not even comments!

Why Would I do a Drupal to Joomla! Conversion?

One of the most common complaints we get from Drupal users that are exploring other options, including Joomla!, is that Drupal is hard to use, it’s administration is difficult to grasp.  While no one would doubt that Drupal is a world class software (it’s one of the most powerful CMS’s out there), many users find it hard to grasp, and the learning curve much too steep.

This is where Joomla! comes in.  Joomla! provides a powerful platform to develop your site.  With new developments in the Joomla! API and Framework, you can only expect this trend to grow, as newer, more powerful extensions are built using these new tools.  But Joomla! also brings an easy administrative experience to the table.  Allowing webmasters and site owners the ability to expand their websites, and   add new features and capabilities to their web portals, while still allowing them to manage their site froma  simple, easy interface.

How Do I Get Started With My Drupal to Joomla! Migration?

Getting started with CNP Integrations is easy.  All you have to do is give us a call at 1-508-644-1553, or fill out one of our contact forms.  We’ll arrange for a free, no-obligation consultation for you where we can answer any, and all questions, and give you more information about the process.

Joomla marketing tips - SEF URLsJoomla! SEF Kickstart for implementing search engine friendly URL’s on your Joomla site.

Start by researching the features of the available Joomla CMS extensions and map their features with the particular needs of your site.

Here are several components you should consider:

  1. aceSEF - http://www.joomace.net
  2. SEFAdvanced - http://www.sakic.net/products/sef_advance/
  3. Sh404 - http://anything-digital.com/sh404sef/seo-analytics-and-security-for-joomla.html
  4. ijoomla SEO - http://seo.ijoomla.com/

Of course you can also browse the extensions directory over at Joomla.org for tools like site maps and other SEO extensions: http://extensions.joomla.org/extensions/structure-a-navigation/site-map

Make sure you read the installation directions for the particular component. Then, in the admin area you will install the components and configure the SEF settings in the general configuration area of 1.5 or 1.7+

Tips:

  • Make sure you have a good back up of your site and that you test your URL’s and menu links directly after installing the component of choice.
  • Carefully choose a naming convention that matches your targeted keywords. This will dictate the effectiveness of your SEF.
  • Remember that most of the SEF components require extensions or plugins to support the particular Joomla extensions you have added to your site configuration. Be sure to review the list of components installed on your site and review the available libraries of supported components to make sure the component that you chose will meet your needs and offer SEF for the tools you plan to use.
  • Remember to get all of your internal links done before you turn on SEF since you are going to want your site to not break if you have to toggle between turning SEF on and off. Let the SEF tool and your carefully chosen naming conventions for sections and categories do the work for you.
  • If you need professional support installing Joomla extensions, building custom extensions, troubleshooting technical issues or optimizing your installation you can go to providers like CNP Integrations to get help and expertise: www.cnpsupport.com

Remember SEF can be tricky and easily bring your site down so try not to do this work during peak traffic times on your site.