The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 16 posts ] 
Author Message
PostPosted: Sun Sep 19, 2010 7:31 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Jun 09, 2009 2:21 am
Posts: 1964
Location: WV
I've finally had enough people ask me about it, so I've started coding a Joomla firewall. It's really rough right now and isn't ready for prime time, and I'm hoping to enlist a few security-conscious people to help me test this thing out. Once finished, the client software will be available for free under the GPL.

There is no doubt in my mind that things could break as a result of this plugin, as it's currently a bit too aggressive. I'm not posting it here as I don't want any inexperienced users installing this on a live site until I'm fairly sure it's ready.

Anyways, to all interested - PM me your email, and I'll send a copy your way.

_________________
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι


Top
 Profile  
 
PostPosted: Sun Sep 19, 2010 11:00 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Sep 19, 2010 10:42 pm
Posts: 6
Whats wrong with http://www.rsjoomla.com/

I assume you creating a non-commercial extension.


Top
 Profile  
 
PostPosted: Sun Sep 19, 2010 11:12 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Jun 09, 2009 2:21 am
Posts: 1964
Location: WV
ascwash wrote:
Whats wrong with http://www.rsjoomla.com/

I assume you creating a non-commercial extension.


I'm not sure how their offering works, but mine is thus far quite aggressive, neutering any suspicious request immediately... whereas RSJoomla's firewall extension was actively running on their demo site when I found this: http://www.exploit-db.com/exploits/13935/

As for the extension, there may be a commercial offering in the way of services (don't want to reveal too much yet though), but the core security offering will be free, both beer AND libre.

_________________
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι


Top
 Profile  
 
PostPosted: Tue Oct 05, 2010 3:42 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Jun 09, 2009 2:21 am
Posts: 1964
Location: WV
Okay folks, I've gone ahead and launched this to the wild:

http://extensions.joomla.org/extensions ... tion/14265

There's still a whole lot to be done, I'll admit - but I think it's going to work rather well, as long as I can get a bit of a community behind it. :)

_________________
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι


Last edited by mandville on Tue Oct 05, 2010 1:33 pm, edited 1 time in total.
url changed to JED link


Top
 Profile  
 
PostPosted: Tue Oct 05, 2010 1:35 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12466
Location: The Girly Side of Joomla in Sussex
extension is not for production sites, and as such has been suspended from JED.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Thu Oct 07, 2010 11:00 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Mar 10, 2007 9:09 pm
Posts: 255
@mandville

Is that a new rule?

Seems not to make much sense. All a developer needs to do is not call an extension an Alpha version and it gets through. Also, Joomla! Alpha releases are published, so why shouldn't the same standard apply to third party extensions?

The best approach, IMHO, would be to encourage developers to choose an appropriate versioning standard, stick to it, and communicate it clearly to potential users.

BTW, Joomla! 1.6 is *not* for production sites either. Not even "official" sites, if the project plays by it's own rules...

_________________
http://twitter.com/imscoop22
<><


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 2:52 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12466
Location: The Girly Side of Joomla in Sussex
just to say that i didnt unpublish it, just saying to save people going there and reporting the fact. i have personally asked the question and am waiting for the answer (as jeffchannell knows).
the linking to the JED and not personal dev sites is a new/clearer defined rule though.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 7:32 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Jun 09, 2009 2:21 am
Posts: 1964
Location: WV
http://extensions.joomla.org/extensions ... llery/8360 - alpha 3c
http://extensions.joomla.org/extensions ... tools/7564 - 0.1, listed ALPHA in description
http://extensions.joomla.org/extensions ... earch/8208 - 1.0a1
http://extensions.joomla.org/extensions ... thors/5403 - 0.4, listed ALPHA in description
http://extensions.joomla.org/extensions ... raphy/5502 - 0.0.1-alpha
http://extensions.joomla.org/extensions ... gging/7294 - 2.0.0 Alpha 1
http://extensions.joomla.org/extensions ... ties/13886 - 0.1.2 alpha
http://extensions.joomla.org/extensions ... mance/9929 - 0.0.1, listed as alpha
http://extensions.joomla.org/extensions ... ising/8928 - 0.1, listed as alpha
http://extensions.joomla.org/extensions ... ement/9164 - 0.7.5, listed as alpha
http://extensions.joomla.org/extensions ... ment/12054 - 1.0.0 alpha
http://extensions.joomla.org/extensions ... ools/11904 - 1.3.0 alpha
http://extensions.joomla.org/extensions ... news/14072 - 0.1, listed as alpha

So what now? I want to know who unpublished it...

_________________
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 7:54 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Thu Feb 09, 2006 3:00 pm
Posts: 1059
Location: Odense - DK
Jeff does a tons of work and take part on the Joomla IRC channels every single day and are always trying to help others and he does a ton of work in working with security and help people avoid problems that gets them hacked or exploited.

He is with out a doubt one of the most talented and skillfull people on IRC in terms of security issues and handling for Joomla and some of us have been looking forward to seeing his component go live - so i must admit after hearing about it for months and him trying to improve it to make it as good as possible it does seems extremely strange that it was unpublished on JED after going live for beeing an alpha - is that a new rule?

I think someone made a mistake - and needs to correct it ;)

_________________
Ronni K. G. Christiansen (@redwebdk)
http://www.redcomponent.com/ - One big family of Joomla extentions & templates
http://redweb.dk - Joomla Webdesign & Development
redHOST.dk - 100% Joomla Webhotel - Dansk support med Joomla viden!


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 7:57 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Jun 09, 2009 2:21 am
Posts: 1964
Location: WV
Thanks for the kind words, tresan - you know I've been dreaming this thing up for a while!

Also, here's a few more that need to be removed under this "new rule":

http://extensions.joomla.org/extensions ... rted/11095 - "should not be used on production sites"
http://extensions.joomla.org/extensions ... splay/8438 - 0.1.1, listed as alpha
http://extensions.joomla.org/extensions ... lbars/8691 - 0.9.3, "pilot project (not yet meant for a live site)"
http://extensions.joomla.org/extensions ... ment/11673 - 0.7, "Please do not use on a Production site"

_________________
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 8:09 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Jun 09, 2009 2:21 am
Posts: 1964
Location: WV
Here's another one - the JED team should take a few minutes and read their own terms of service - http://extensions.joomla.org/tos

NOWHERE does it state that alpha/not-production-ready extensions are not allowed. If you ask me, this was done deliberately and with malicious intent because I dropped out of the JED team for refusing to cease publishing vulnerabilities that I myself found and reported.

That's right folks - I was in the running to BE on the JED team, and now someone has their panties in a bunch because I refused to be put in a position where I required permission from others to openly publish or discuss security issues.

And to set the record straight - when I said I wanted to know who unpublished this, it was meant to be rhetorical. I think I have a pretty good idea of who it was and why.

_________________
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 12:28 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Mar 10, 2007 9:09 pm
Posts: 255
@mandville

Thanks for the clarification. I was aware of the new JED linking rule...though I have a definite opionion on this, I'll refrain from discussing as it's off topic of the original post.

I'm still don't see how the new rule relates to your statement: "extension is not for production sites" - Where did that come from?

@jeffchannell

Nice Work and thanks for developing and sharing the extension.

_________________
http://twitter.com/imscoop22
<><


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 2:56 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12466
Location: The Girly Side of Joomla in Sussex
imscoop22 wrote:
@mandville
I'm still don't see how the new rule relates to your statement: "extension is not for production sites" - Where did that come from?

from the JED
Quote:
This extension has been unpublished for the following reason: ALPHA - NOT FOR USE ON PRODUCTION SITES


edit to add:
i advise Jeff to contact the Jed leaders, and Jeff is already aware of my thoughts and actions on this issue.


You do not have the required permissions to view the files attached to this post.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 3:22 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Tue Jun 09, 2009 2:21 am
Posts: 1964
Location: WV
This is absolutely sickening that my posts AND those supportive of me are being deleted.

Some bloody community...

_________________
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι


Top
 Profile  
 
PostPosted: Fri Oct 08, 2010 5:43 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Thu Mar 26, 2009 5:38 pm
Posts: 1272
Location: Gadsden, AL
This extension has been republished. The editor's note (that you requested, Jeff) is applied.
http://extensions.joomla.org/extensions ... tion/14265

_________________
~Matt Lipscomb
http://www.USAFreelancers.org
Professional Joomla! Services and Web Development based in the USA


Top
 Profile  
 
PostPosted: Sat Oct 09, 2010 7:37 am 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Oct 10, 2008 1:45 am
Posts: 172
jeffchannell wrote:
Some bloody community...


On the whole the community is great, but on issues such as this there does seem to be a certain whiff of something unpleasant.

mlipscomb wrote:
This extension has been republished. The editor's note (that you requested, Jeff) is applied.
http://extensions.joomla.org/extensions ... tion/14265


Well Jeff looks like it turned out nice again as George Formby would say.

IMHO your project will be highly valued among the community once it goes stable if not before. Thanks for putting the time in too prove your concept, and opening it up to the community at large. It's actions like this and the genuine support, that makes the community great!

<moderator deleted>


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ] 



Who is online

Users browsing this forum: No registered users and 15 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group