A Call To Arms - Beta Testers Needed!
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
A Call To Arms - Beta Testers Needed!
I've finally had enough people ask me about it, so I've started coding a Joomla firewall. It's really rough right now and isn't ready for prime time, and I'm hoping to enlist a few security-conscious people to help me test this thing out. Once finished, the client software will be available for free under the GPL.
There is no doubt in my mind that things could break as a result of this plugin, as it's currently a bit too aggressive. I'm not posting it here as I don't want any inexperienced users installing this on a live site until I'm fairly sure it's ready.
Anyways, to all interested - PM me your email, and I'll send a copy your way.
There is no doubt in my mind that things could break as a result of this plugin, as it's currently a bit too aggressive. I'm not posting it here as I don't want any inexperienced users installing this on a live site until I'm fairly sure it's ready.
Anyways, to all interested - PM me your email, and I'll send a copy your way.
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
-
- Joomla! Apprentice
- Posts: 6
- Joined: Sun Sep 19, 2010 10:42 pm
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: A Call To Arms - Beta Testers Needed!
I'm not sure how their offering works, but mine is thus far quite aggressive, neutering any suspicious request immediately... whereas RSJoomla's firewall extension was actively running on their demo site when I found this: http://www.exploit-db.com/exploits/13935/ascwash wrote:Whats wrong with http://www.rsjoomla.com/
I assume you creating a non-commercial extension.
As for the extension, there may be a commercial offering in the way of services (don't want to reveal too much yet though), but the core security offering will be free, both beer AND libre.
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: A Call To Arms - Beta Testers Needed!
Okay folks, I've gone ahead and launched this to the wild:
http://extensions.joomla.org/extensions ... tion/14265
There's still a whole lot to be done, I'll admit - but I think it's going to work rather well, as long as I can get a bit of a community behind it.
http://extensions.joomla.org/extensions ... tion/14265
There's still a whole lot to be done, I'll admit - but I think it's going to work rather well, as long as I can get a bit of a community behind it.
Last edited by mandville on Tue Oct 05, 2010 1:33 pm, edited 1 time in total.
Reason: url changed to JED link
Reason: url changed to JED link
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: A Call To Arms - Beta Testers Needed!
extension is not for production sites, and as such has been suspended from JED.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- imscoop22
- Joomla! Explorer
- Posts: 255
- Joined: Sat Mar 10, 2007 9:09 pm
Re: A Call To Arms - Beta Testers Needed!
@mandville
Is that a new rule?
Seems not to make much sense. All a developer needs to do is not call an extension an Alpha version and it gets through. Also, Joomla! Alpha releases are published, so why shouldn't the same standard apply to third party extensions?
The best approach, IMHO, would be to encourage developers to choose an appropriate versioning standard, stick to it, and communicate it clearly to potential users.
BTW, Joomla! 1.6 is *not* for production sites either. Not even "official" sites, if the project plays by it's own rules...
Is that a new rule?
Seems not to make much sense. All a developer needs to do is not call an extension an Alpha version and it gets through. Also, Joomla! Alpha releases are published, so why shouldn't the same standard apply to third party extensions?
The best approach, IMHO, would be to encourage developers to choose an appropriate versioning standard, stick to it, and communicate it clearly to potential users.
BTW, Joomla! 1.6 is *not* for production sites either. Not even "official" sites, if the project plays by it's own rules...
<><
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: A Call To Arms - Beta Testers Needed!
just to say that i didnt unpublish it, just saying to save people going there and reporting the fact. i have personally asked the question and am waiting for the answer (as jeffchannell knows).
the linking to the JED and not personal dev sites is a new/clearer defined rule though.
the linking to the JED and not personal dev sites is a new/clearer defined rule though.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: A Call To Arms - Beta Testers Needed!
http://extensions.joomla.org/extensions ... llery/8360 - alpha 3c
http://extensions.joomla.org/extensions ... tools/7564 - 0.1, listed ALPHA in description
http://extensions.joomla.org/extensions ... earch/8208 - 1.0a1
http://extensions.joomla.org/extensions ... thors/5403 - 0.4, listed ALPHA in description
http://extensions.joomla.org/extensions ... raphy/5502 - 0.0.1-alpha
http://extensions.joomla.org/extensions ... gging/7294 - 2.0.0 Alpha 1
http://extensions.joomla.org/extensions ... ties/13886 - 0.1.2 alpha
http://extensions.joomla.org/extensions ... mance/9929 - 0.0.1, listed as alpha
http://extensions.joomla.org/extensions ... ising/8928 - 0.1, listed as alpha
http://extensions.joomla.org/extensions ... ement/9164 - 0.7.5, listed as alpha
http://extensions.joomla.org/extensions ... ment/12054 - 1.0.0 alpha
http://extensions.joomla.org/extensions ... ools/11904 - 1.3.0 alpha
http://extensions.joomla.org/extensions ... news/14072 - 0.1, listed as alpha
So what now? I want to know who unpublished it...
http://extensions.joomla.org/extensions ... tools/7564 - 0.1, listed ALPHA in description
http://extensions.joomla.org/extensions ... earch/8208 - 1.0a1
http://extensions.joomla.org/extensions ... thors/5403 - 0.4, listed ALPHA in description
http://extensions.joomla.org/extensions ... raphy/5502 - 0.0.1-alpha
http://extensions.joomla.org/extensions ... gging/7294 - 2.0.0 Alpha 1
http://extensions.joomla.org/extensions ... ties/13886 - 0.1.2 alpha
http://extensions.joomla.org/extensions ... mance/9929 - 0.0.1, listed as alpha
http://extensions.joomla.org/extensions ... ising/8928 - 0.1, listed as alpha
http://extensions.joomla.org/extensions ... ement/9164 - 0.7.5, listed as alpha
http://extensions.joomla.org/extensions ... ment/12054 - 1.0.0 alpha
http://extensions.joomla.org/extensions ... ools/11904 - 1.3.0 alpha
http://extensions.joomla.org/extensions ... news/14072 - 0.1, listed as alpha
So what now? I want to know who unpublished it...
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- tresan
- Joomla! Ace
- Posts: 1010
- Joined: Thu Feb 09, 2006 3:00 pm
- Location: Odense - DK
- Contact:
Re: A Call To Arms - Beta Testers Needed!
Jeff does a tons of work and take part on the Joomla IRC channels every single day and are always trying to help others and he does a ton of work in working with security and help people avoid problems that gets them hacked or exploited.
He is with out a doubt one of the most talented and skillfull people on IRC in terms of security issues and handling for Joomla and some of us have been looking forward to seeing his component go live - so i must admit after hearing about it for months and him trying to improve it to make it as good as possible it does seems extremely strange that it was unpublished on JED after going live for beeing an alpha - is that a new rule?
I think someone made a mistake - and needs to correct it
He is with out a doubt one of the most talented and skillfull people on IRC in terms of security issues and handling for Joomla and some of us have been looking forward to seeing his component go live - so i must admit after hearing about it for months and him trying to improve it to make it as good as possible it does seems extremely strange that it was unpublished on JED after going live for beeing an alpha - is that a new rule?
I think someone made a mistake - and needs to correct it
Ronni K. G. Christiansen (@redwebdk)
http://www.redcomponent.com/ - One big family of Joomla extentions & templates
http://redweb.dk - Joomla Webdesign & Development
redHOST.dk - 100% Joomla Webhotel - Dansk support med Joomla viden!
http://www.redcomponent.com/ - One big family of Joomla extentions & templates
http://redweb.dk - Joomla Webdesign & Development
redHOST.dk - 100% Joomla Webhotel - Dansk support med Joomla viden!
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: A Call To Arms - Beta Testers Needed!
Thanks for the kind words, tresan - you know I've been dreaming this thing up for a while!
Also, here's a few more that need to be removed under this "new rule":
http://extensions.joomla.org/extensions ... rted/11095 - "should not be used on production sites"
http://extensions.joomla.org/extensions ... splay/8438 - 0.1.1, listed as alpha
http://extensions.joomla.org/extensions ... lbars/8691 - 0.9.3, "pilot project (not yet meant for a live site)"
http://extensions.joomla.org/extensions ... ment/11673 - 0.7, "Please do not use on a Production site"
Also, here's a few more that need to be removed under this "new rule":
http://extensions.joomla.org/extensions ... rted/11095 - "should not be used on production sites"
http://extensions.joomla.org/extensions ... splay/8438 - 0.1.1, listed as alpha
http://extensions.joomla.org/extensions ... lbars/8691 - 0.9.3, "pilot project (not yet meant for a live site)"
http://extensions.joomla.org/extensions ... ment/11673 - 0.7, "Please do not use on a Production site"
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: A Call To Arms - Beta Testers Needed!
Here's another one - the JED team should take a few minutes and read their own terms of service - http://extensions.joomla.org/tos
NOWHERE does it state that alpha/not-production-ready extensions are not allowed. If you ask me, this was done deliberately and with malicious intent because I dropped out of the JED team for refusing to cease publishing vulnerabilities that I myself found and reported.
That's right folks - I was in the running to BE on the JED team, and now someone has their panties in a bunch because I refused to be put in a position where I required permission from others to openly publish or discuss security issues.
And to set the record straight - when I said I wanted to know who unpublished this, it was meant to be rhetorical. I think I have a pretty good idea of who it was and why.
NOWHERE does it state that alpha/not-production-ready extensions are not allowed. If you ask me, this was done deliberately and with malicious intent because I dropped out of the JED team for refusing to cease publishing vulnerabilities that I myself found and reported.
That's right folks - I was in the running to BE on the JED team, and now someone has their panties in a bunch because I refused to be put in a position where I required permission from others to openly publish or discuss security issues.
And to set the record straight - when I said I wanted to know who unpublished this, it was meant to be rhetorical. I think I have a pretty good idea of who it was and why.
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- imscoop22
- Joomla! Explorer
- Posts: 255
- Joined: Sat Mar 10, 2007 9:09 pm
Re: A Call To Arms - Beta Testers Needed!
@mandville
Thanks for the clarification. I was aware of the new JED linking rule...though I have a definite opionion on this, I'll refrain from discussing as it's off topic of the original post.
I'm still don't see how the new rule relates to your statement: "extension is not for production sites" - Where did that come from?
@jeffchannell
Nice Work and thanks for developing and sharing the extension.
Thanks for the clarification. I was aware of the new JED linking rule...though I have a definite opionion on this, I'll refrain from discussing as it's off topic of the original post.
I'm still don't see how the new rule relates to your statement: "extension is not for production sites" - Where did that come from?
@jeffchannell
Nice Work and thanks for developing and sharing the extension.
<><
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: A Call To Arms - Beta Testers Needed!
from the JEDimscoop22 wrote:@mandville
I'm still don't see how the new rule relates to your statement: "extension is not for production sites" - Where did that come from?
edit to add:This extension has been unpublished for the following reason: ALPHA - NOT FOR USE ON PRODUCTION SITES
i advise Jeff to contact the Jed leaders, and Jeff is already aware of my thoughts and actions on this issue.
You do not have the required permissions to view the files attached to this post.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: A Call To Arms - Beta Testers Needed!
This is absolutely sickening that my posts AND those supportive of me are being deleted.
Some bloody community...
Some bloody community...
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- mlipscomb
- Joomla! Ace
- Posts: 1271
- Joined: Thu Mar 26, 2009 5:38 pm
- Location: Gadsden, AL
- Contact:
Re: A Call To Arms - Beta Testers Needed!
This extension has been republished. The editor's note (that you requested, Jeff) is applied.
http://extensions.joomla.org/extensions ... tion/14265
http://extensions.joomla.org/extensions ... tion/14265
~Matt Lipscomb
http://www.USAFreelancers.org
Professional Joomla! Services and Web Development based in the USA
http://www.USAFreelancers.org
Professional Joomla! Services and Web Development based in the USA
-
- Joomla! Enthusiast
- Posts: 172
- Joined: Fri Oct 10, 2008 1:45 am
Re: A Call To Arms - Beta Testers Needed!
On the whole the community is great, but on issues such as this there does seem to be a certain whiff of something unpleasant.jeffchannell wrote: Some bloody community...
Well Jeff looks like it turned out nice again as George Formby would say.mlipscomb wrote:This extension has been republished. The editor's note (that you requested, Jeff) is applied.
http://extensions.joomla.org/extensions ... tion/14265
IMHO your project will be highly valued among the community once it goes stable if not before. Thanks for putting the time in too prove your concept, and opening it up to the community at large. It's actions like this and the genuine support, that makes the community great!
<moderator deleted>