A question or two about JAMSS Topic is solved

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9732
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

A question or two about JAMSS

Post by sozzled » Sat Jan 11, 2020 7:47 pm

There is a sticky topic in this [security] forum category relating to JAMSS: see viewtopic.php?f=714&t=778692

I think that I have seen mentions of JAMSS elsewhere but I cannot recall when or where.

According to the information at the GitHub repo for JAMSS, the extension was created around the time of the release of J! 3.0.0 and the last change to it occurred in June 2013. I don't know much more than that.

As there is a sticky topic for JAMSS, I thought to myself, "Why not give it a try?". I downloaded the script, uploaded to my web server, but I was not able to make it work.

My first question is (in two parts):
  1. Does anyone use JAMSS?
  2. If someone uses it today, can someone please explain how to make it work?
We are aware of a number of services (for example, Sucuri) that provide simple security checks for our websites. Does JAMSS offer anything superior to those services?

If, as I suspect, JAMSS is dead-in-the-water, is there a continuing benefit to users of this forum to have a sticky topic about it? Perhaps it's time to retire the sticky and let it sink to the bottom of the security forum?

I should be grateful for any information that shows how the sticky topic (and the software that is mentioned in it) helps people who may be concerned about J! security.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

frostmakk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 181
Joined: Sun Dec 28, 2014 9:30 am
Location: Stavanger, Norway

Re: A question or two about JAMSS

Post by frostmakk » Sat Jan 11, 2020 10:10 pm

The script is run the same way as the FPA.
Since the script is so old it does not cover the changed location of the version file introduced in J 3.8.0
To make it work with J versions from 3.8 and beyond, change the whichJoomla function around line 320 to:

Code: Select all

function whichJoomla() {
    $RELEASE = $DEV_LEVEL = $DEV_STATUS = NULL;
    $f1 = "./includes/version.php";
    $f2 = "./libraries/joomla/version.php";
    $f3 = "./libraries/cms/version/version.php";
    $f4 = "./libraries/src/Version.php";

    if (file_exists($f1)) { // Joomla 1.0 & 1.7
        $vFile = file_get_contents($f1);
    } elseif (file_exists($f2)) { // Joomla 1.5 & 1.6
        $vFile = file_get_contents($f2);
    } elseif (file_exists($f3)) { // Joomla 2.5 & 3.x
        $vFile = file_get_contents($f3);
    } elseif (file_exists($f4)) { // Joomla => 3.8.0
        $vFile = file_get_contents($f4);
    } else { // no Joomla found
        return NULL;
    }
    preg_match_all('|\$RELEASE\s*=.*\'(.*)\'|iS', $vFile, $RELEASE);
    preg_match_all('|\$DEV_LEVEL\s*=.*\'(.*)\'|iS', $vFile, $DEV_LEVEL);
    preg_match_all('|\$DEV_STATUS\s*=.*\'(.*)\'|iS', $vFile, $DEV_STATUS);
    $joomla['RELEASE'] = $RELEASE[1][0];
    $joomla['DEV_LEVEL'] = $DEV_LEVEL[1][0];
    $joomla['version_nr'] = $RELEASE[1][0] . '.' . $DEV_LEVEL[1][0];
    $joomla['version_text'] = $RELEASE[1][0] . '.' . $DEV_LEVEL[1][0] . ' ' . $DEV_STATUS[1][0];
    return $joomla;
}
I have tried it a couple of times, but it is not in regular use.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9732
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: A question or two about JAMSS

Post by sozzled » Sat Jan 11, 2020 10:22 pm

Thanks for the information, @frostmakk. Perhaps the GitHub repo should be updated (i.e. if anyone is interested to maintain it)?

@forum moderators: until the software can be updated to work, perhaps the sticky should be "unstickied" because it is inapplicable to the current stable/supported version of J! 3.x.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9732
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: A question or two about JAMSS

Post by sozzled » Sun Jan 12, 2020 8:35 am

The matter has now been resolved. The sticky topic has been unstickied. Thanks.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)


Post Reply

Return to “Security in Joomla! 3.x”