Joomla! Tools Suite v1.0 & Health, Installation and Security Audit Tool

Joomla version 1.0 is end-of-life and are no longer supported. Please use Joomla 3.x instead.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
eyashwant
I've been banned!
Posts: 960
Joined: Wed Dec 03, 2008 9:28 am
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by eyashwant » Wed Jan 07, 2009 5:45 am

Ok...so if its is moving forward also the version problem persists right.Thats the only problem!!!

 
deleted user

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by deleted user » Wed Jan 07, 2009 5:56 pm

Is it really moving forward? Great ideas for it, back in July '08.

Has anyone checked out this Joomla security scanner script on Sourceforge?
http://forum.joomla.org/viewtopic.php?f ... 12&start=0

On a quick search, I don't see anything coming up on the developer, the "Elite/Ethical Hacker Group" based in Myanmar

User avatar
vdrover
Joomla! Guru
Joomla! Guru
Posts: 619
Joined: Fri Mar 03, 2006 3:26 pm
Location: Canuck via MKE
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by vdrover » Wed Jan 07, 2009 6:10 pm

I heard on the grapevine that there was some activity forthcoming, but that was a while back. Seems quite slow these days.

http://joomlacode.org/gf/project/jts/news/
Victor Drover
https://watchful.net - Remote backup, update and security monitoring for Joomla.

User avatar
kenmcd
Joomla! Champion
Joomla! Champion
Posts: 5672
Joined: Thu Aug 18, 2005 2:09 am
Location: California
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by kenmcd » Wed Jan 07, 2009 11:20 pm

.
vdrover wrote:I heard on the grapevine that there was some activity forthcoming, but that was a while back. Seems quite slow these days.

http://joomlacode.org/gf/project/jts/news/
Hi Vic,

I see you are now on the JED Team. (congrats)
Perhaps you could ask the "team" why this extension is still an Editor's Choice.
It is completely out of date for Joomla 1.5.x and does not work at all for a current J1.5 versions.
Last update was over 9-10 months ago.

Certainly when JED goes J1.5-only this should not be an Editor's Choice.
And probably should not be now.

Regards,

KM
██ LibreTraining

User avatar
vdrover
Joomla! Guru
Joomla! Guru
Posts: 619
Joined: Fri Mar 03, 2006 3:26 pm
Location: Canuck via MKE
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by vdrover » Wed Jan 07, 2009 11:49 pm

Thanks Ken.

I'm still pretty green 'round these parts but i'll enquire and see what happens.
Victor Drover
https://watchful.net - Remote backup, update and security monitoring for Joomla.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Wed Feb 11, 2009 12:55 pm

Joomla! Tools Suite v2.0.0-BETA is available for testing and comment.

Apart from the traditional JTS Tests, v2.0.0 now also attempts to write and read a directory to prove permissions capabilities, new tests covering four categories/section, as seen in the screen shot below.
[hint] Place your mouse over "What's being tested?" to learn more about JTS tests...

Download: http://joomlacode.org/gf/project/jts/fr ... ge_id=3278

Installation: upload the complete "JTS2" directory in to the directory you have Joomla! Installed
Example:
Site is at: http://www.domain.com.au/cms/ , then upload the "JTS2/" directory to "cms/"
thus JTS2 would be found in "cms/JTS2/" or at http://www.domain.com.au/cms/JTS2/

J! Version Support: 1.0.1x & 1.5.x

SnapShot:
jts2_beta_release.gif
You do not have the required permissions to view the files attached to this post.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
kenmcd
Joomla! Champion
Joomla! Champion
Posts: 5672
Joined: Thu Aug 18, 2005 2:09 am
Location: California
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by kenmcd » Wed Feb 11, 2009 1:50 pm

.
Great - will test.

It may be a good idea to split this new v2.0 discussion and move it to the Joomla 1.5 forums.
██ LibreTraining

deleted user

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by deleted user » Wed Feb 11, 2009 2:14 pm

Excellent!

User avatar
vdrover
Joomla! Guru
Joomla! Guru
Posts: 619
Joined: Fri Mar 03, 2006 3:26 pm
Location: Canuck via MKE
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by vdrover » Fri Feb 13, 2009 5:50 am

wow, i was starting to lose hope. Great job.
Victor Drover
https://watchful.net - Remote backup, update and security monitoring for Joomla.

User avatar
perko
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Tue Feb 21, 2006 1:59 pm
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by perko » Sat Feb 14, 2009 6:58 pm

Great txn!

I have this error at the top of the page showin:


Notice: Use of undefined constant _JTS_SHOTNAME - assumed '_JTS_SHOTNAME' in /home/mypage/public_html/JTS2/jtscore/language/english.php on line 188

what should I do

cheers
http://www.makarska-travel.info Accommodation Makarska Apartments
http://www.makarska-accommodation.com Apartments Makarska

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Sat Feb 14, 2009 7:28 pm

Thanks for the update, It's a typo nothing to worry about, fixed in the next release.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
Aejaz
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Apr 02, 2008 5:55 pm

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by Aejaz » Sat Feb 14, 2009 8:23 pm

I'm having a lot of notices

Notice: Undefined variable: _JINSTALL_ERR_MSG in /home/ingeekst/public_html/JTS2/jtscore/structure/message_centre.php on line 32
Notice: Undefined variable: _JINSTALL_ERR_MSG in /home/ingeekst/public_html/JTS2/jtscore/structure/message_centre.php on line 36
Notice: Undefined variable: _JINSTALL_ERR_MSG in /home/ingeekst/public_html/JTS2/jtscore/structure/message_centre.php on line 40
Notice: Undefined variable: _JVERSION_ERR_MIN in /home/ingeekst/public_html/JTS2/jtscore/structure/message_centre.php on line 50
Notice: Undefined variable: _JINSTALL_ERR_DB in /home/ingeekst/public_html/JTS2/cases/basic_assurance.php on line 968
Notice: Undefined variable: _JCONFIG_ERR_EMPTY in /home/ingeekst/public_html/JTS2/cases/basic_assurance.php on line 972
Notice: Undefined variable: _JCFG_PROB in /home/ingeekst/public_html/JTS2/cases/basic_assurance.php on line 978

so many i cannot read all the "what's being tested" result.

what can i do ?

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Sat Feb 14, 2009 9:04 pm

Edit the JTS2/index.php and either comment out or remove the following (at the top of the file)
error_reporting( E_ALL );
See if that makes a difference.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
Aejaz
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Apr 02, 2008 5:55 pm

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by Aejaz » Sat Feb 14, 2009 10:26 pm

Thanks RussW, I commented the line with // and it removes all the notices.

What are these notices ? Does it means it doesn't perform all the checks ?

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Sat Feb 14, 2009 11:07 pm

it is purely for reporting ALL PHP messages, including simple notices. It is used primarily during testing and development so any output from PHP can be observed and problems resolved that might not actually stop the script from running.

Even with these messages, JTS2 continues to run all tests, as expected.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
Aejaz
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Apr 02, 2008 5:55 pm

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by Aejaz » Sat Feb 14, 2009 11:49 pm

you did a great job my friend

deleted user

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by deleted user » Sun Feb 15, 2009 9:13 pm

Works fine for me, but I am not a fan of the forced creation of the JTS2_RW_check folder. I'd prefer at least to name it something more non-descript.

Under "server security," what is "disabled_functions in use" checking for? Just whether any functions are disabled with disable_functions, or specific ones?

The info link on mySQL should not point to http://www.mysql.net/ -- it should be mysql.COM

User avatar
Aejaz
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Apr 02, 2008 5:55 pm

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by Aejaz » Sun Feb 15, 2009 9:21 pm

Secuirty should be corrected

deleted user

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by deleted user » Mon Feb 16, 2009 12:27 am

I am getting a red light on "allow_url_fopen disabled" (server security section) even though it is off (master and local settings).

This is on Media Temple's (gs) where allow_url_fopen is disabled by default.

Maybe something about the virtualized hosting or CGIed PHP blows the test?

deleted user

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by deleted user » Mon Feb 16, 2009 12:31 am

I am getting a red light on "allow_url_fopen disabled" (server security section) even though it is off (master and local settings).

This is on Media Temple's (gs) where allow_url_fopen is disabled by default.

Maybe something about the virtualized hosting or CGIed PHP blows the test?

User avatar
guysmiley
Joomla! Explorer
Joomla! Explorer
Posts: 497
Joined: Mon Sep 12, 2005 7:22 pm
Location: Ontario, Canada

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by guysmiley » Sat Feb 21, 2009 7:21 pm

Russ, I loved JTS when it was first brought out and I'm sure it helped tonnes of users. Great contribution! Not to mention your countless hours of support...

Issue 1:
I too am getting a red flag on allow_url_fopen disabled. I thought this was supposed to be disabled for security purposes, no?

Issue 2:
Notice: Use of undefined constant _JTS_SHOTNAME - assumed '_JTS_SHOTNAME' in /home/techtalk/public_html/jts/jtscore/language/english.php on line 188

Issue 3:
(Not really JTS but I was hoping JTS would help me troubleshoot it) My front end users cannot log out. JTS shows that 'PHP session writable' is greyed-out (I presume means not configured correctly). Is this the like culprit?

Thanks as always - and a great addition to the JCommunity.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Sun Feb 22, 2009 5:21 pm

Hey guys

I will look at the issues raised in the next week or so, thanks for testing and checking stuff for me.

The UNDEFINED VARIABLE is a typo, my bad, will be fixed in the next release.

As for the logout problem, yup it is very possible if the session directory is misconfigured that you could have issues like this, mainly with the admin site, but end users may also observe oddities too.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

Jocke72
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Tue Oct 17, 2006 8:56 am
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by Jocke72 » Wed Feb 25, 2009 4:09 pm

Great stuff!

But...

It claims that default Admin is available (even if it's blocked and just set to registered).
If I totally remove the user Admin then JTS2 no longer works. It just posts the graphical head and then terminates without any error message.

Running the latest version of JTS2 at the time of this post.
Joomla 1.5.9


Thanks!


/J

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Wed Feb 25, 2009 9:00 pm

@Jocke72

Thanks for using JTS2, your crash issue with no UID62 user, is fixed in the next release.

JTS2 is actually reporting as designed if the admin user is simply blocked but still named "admin".

If the user account UID62, is still named "admin" regardless of being blocked, it is still available and as such is reported correctly, as still being present. JTS2 is checking that the "username" is not the default of "admin" or is physically not there not there.

cheers
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Sat Feb 28, 2009 11:07 am

JTS2.0.0-BETA2 is now available on JoomlaCode ( http://joomlacode.org/gf/project/jts/fr ... se_id=9694 )

1. Now includes JTS-post
- certain errors reported in the Assurance Tests now provide an option to send error directly to JTS-post output
2. User Interface updated
3. Hopefully fixed all the typo's
4. Fixed allow_url_fopen mis-configured
5. Now Displays any disbaled PHP functions, for reference
6. Fixed MySQL site link
7. Added "Help" & "About JTS"
8. Added "3rd Party Support" logo option ( see help and read "jtscore/c3ps/c3ps.php" )
9. Added "Dual Version Found" reporting poor J1.x to J1.5 upgrade process, upgrade in same directory)
JTS2.0.0-BETA2.gif
You do not have the required permissions to view the files attached to this post.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
Aejaz
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Wed Apr 02, 2008 5:55 pm

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by Aejaz » Sat Feb 28, 2009 11:49 am

great! you rock

Jocke72
Joomla! Apprentice
Joomla! Apprentice
Posts: 37
Joined: Tue Oct 17, 2006 8:56 am
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by Jocke72 » Sat Feb 28, 2009 7:42 pm

Great!

But I found a potential bug: (or it's just me)

JTS2
Joomla! Enironment
- PHP Magic Quotes On

Is grey.

JTS2/index.php?option=4
- PHP Environment Discovery
- magic_quotes_gpc

Disabled and it's in red...

It's supposed to be disabled isn't it? To me, it then should be grey or green.

In Joomla Admin, if I check: Relevant PHP Settings
Magic Quotes: Off

This is what my php.ini file looks like:
register_globals=off
allow_url_fopen=off
display_errors=off
magic_quotes_gpc=off
magic_quotes_runtime=Off
magic_quotes_sybase=Off


JTS2
System Security
- open_basedir present

The link points to:
http://www.php.net/manual/en/features.s ... en-basedir

Seems incorrect?


A note regarding the fancy scrolling "What's beeing tested?":

I would like it to open and close on click, instead of MouseOver. But that may be just me.


Keep up the great work!


/J

glwright
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Sep 22, 2006 5:50 pm

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by glwright » Mon Mar 30, 2009 6:02 pm

Just tried JTS2. Looks like a great tool but a lot of this security stuff is new to me. It shows red or gray on several items and I click the link but it just takes me to the docs instead of giving any recommendation or more importantly why it should be something different. Something like on or off is fairly obvious but why is not always obvious. I would like to see a definite recommendation of what needs to be changed and a solid reason for why plus any potential side effects. Also, in some cases its not even obvious what to change or how to change it.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by RussW » Mon Mar 30, 2009 9:26 pm

Albeit slow progress, JTS2 is being updated and more information, assistance and functionality will be added over time. Currently, JTS2 messages point to area's that need research or review and merely provides links to relevant self-study information.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

deleted user

Re: Joomla! Tools Suite v1.0 & Health, Installation and Securit

Post by deleted user » Mon Mar 30, 2009 9:44 pm

glwright,

It is probably not possible or desirable to try to make a diagnostic system where the code is expected to assess each user's unique server arrangement and make decisions for them that the users do not understand.

In teaching myself these things, I eventually consolidated the stuff I learned from some books, this forum, the Joomla docs, and other sources--it's all here:

http://www.newlocalmedia.com/learn/17-d ... b-cow.html

Revision suggestions always welcome.

 

Locked

Return to “Installation - 1.0.x”