Joomla! How-To's

On 12/17/2008 around 7:00 PM EST , Twitter.com was hacked by a group claiming to be the Iranian Cyber Army. The actual attack was a DNS Hijacking (or DNS Poisoning) that resulted in Twitter Users being directed to a page of their choosing. In this example here is what they posted:

This old school defacement actually was conducted by 'hijacking' the sites DNS - how they accomplished this is still unknown, the fact is they did. What exactly is a DNS Poisoning or Hijacking?

One of the most important aspects of extension development is gathering input from the user and manipulating it in a meaningful way. Many times, you will collect data with a form and then store it into a database table. Other times, you will decide how to order or display information to the user based on the query string of the URL. In either instance, you are taking and acting upon input from the user. Obviously, you hope that your users have good intentions in using your extension, but unfortunately, the reality is that not everyone has your best interests in mind. For that reason, you must be careful about the input that you allow into your extension.

A detailed look at the Wireshark protocol analyzer

Greetings, In this article I want to discuss the other powerful tool a systems administrator should know about. It is called Wireshark (from Wireshark.org). Wireshark is in essence a sniffer, in that it can listen in on the packets on the wire and tell you whats what. Officially its called a protocol analyzer which is more true to its mission. In this article I want to share with you a few items of value about Wireshark, and why you should get to know this tool better.

I think that as technical people we get lulled into a dull sense of safety with tools, for example a reliance on a control panel tool that identifies bad guys by their actions and blocks their IP's. This is for sure a good thing, but it is not the only thing. With tools like Wireshark, we can peer into the activity of our server and see what is going on at the packet level. A client some months ago came to JoomlaRescue.com and was having a problem with continually being hacked. We tracked it down to a compromised (vulnerable) FTP software that had allowed them in. However we found they were using FTP through the use of Wireshark.

This is important because if you were unfortunate enough to have a bad guy insert this INTO your network he could eavesdrop on everything you do. However - in this use case, it is being demonstrated as diagnostic tool.

For the purposes of this article I ran Wireshark on MY personal machine only. It was never allowed  outside my network, so in other words, everything you see here came to my machine using normal, everyday browsing techniques.

This article applies to Joomla! 1.5 development. This information is subject to change in Joomla! 1.6.

When writing your custom component or module, more often than not, you will want to include your own CSS or Javascript code. If Joomla! did not provide an easy way to do this, you would be forced to use script tags throughout your code. While this approach would technically work, the best practice is to put all scripts inside the head tag of your page. How is that possible when the of your page is only seen on your template index.php file and you're developing a new module or component? The JDocument class is the answer. Let's look at the easiest way to go about doing this.

In our previous articles, we discussed at a high level a few tools, the first of which was Nmap from insecure.org. In this article I want to give you a short primer on Nmap and some of the popular methods to use this powerful tool.