Home Conticreative Blogs The Joomla Blog Joomla 1.5.16 is out

Blogs - The Conticreative Joomla Blog

Joomla 1.5.16 is out

Written by Marco Conti Saturday, 24 April 2010 15:15

Share |

User Rating: / 0
PoorBest 

EDIT: joomla 1.5.17 was released only 3 days after this patch. Please read the article about the 1.5.17 patch instead.

The Joomla Project has just released Joomla 1.5.16. A new security patch for the Joomla! CMS. Everyone is advised to upgrade as soon as possible their site to the new version.

The new patch is available here:
http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=5184
The patch is currently available only for Joomla 1.5.15. Until older version patches are available the patching process will be in 2 steps (your version to 1.5.15 ==> 1.5.16)

How to patch Joomla

A few weeks ago I created a Screencast for 10 Minute Joomla! Tips on patching Joomla. For non Cpanel server the process is similar but in many cases uploading and expanding ZIP files and creating ZIP archives for backup purposes is not possible. Which is the reason why I prefer using Cpanel for all my sites and my client's.

Watch the screencast if you are using a Cpanel server. At the bottom of this article I also added a checklist you can copy and paste anywhere to help you out.

Why Patching Joomla is important.

When the Joomla Project team finds security issues with Joomla they work very hard at releasing a patch for it. When they release the patch they also have to specify what sort of vulnerabilities this patch fixes. For a hacker this is a handy checklist to use on Joomla sites that have not been patched yet.

The older your site, the more likely your version is now vulnerable. 
Hacks in Joomla can take many shapes, from SQL injections to foreign code inserted into your index.php file or somewhere in the include files.
In all cases a hack can be deadly for your site and it's certainly not worth risking being hacked for the time it takes to patch Joomla. It's not even worth it if you have to pay your web developer to patch Joomla because a hacked site is often impossible to rescue and you'll be forced to start almost from scratch with a new site. That's usually a very expensive proposition.

One way Joomla sites (and all sites for that matter) are hacked is by strealing a password either for the Joomla administration or for your hosting panel. This is usually done by intercepting your emails or inserting malicious code in your computer. The latter is usually a "Keylogger", a small program that does nothing but record keystrokes and send them to the hacker. The best way to assure your password is not hacked is by using a good Anti Spyware suite together with a password manager.

The password manager I use is called Roboform and it's a very powerful application. It will also help when there is a need to send a password to a collaborator because it allows you to create encrypted text files you can email directly from the program itself. The recipient and you will agree on a common password and this way no one can crack your passwords by reading your emails.

 

For Mac users the best program available is called 1Password and it is also an excellent password utility with many useful features.

Patching your site

Patching your site should be done in methodical, considerate steps. It's not worth it to rush.

I will add to this article this Sunday with a checklist to help you patching your site. Until then good luck and watch the video.

 

< Prev		Next >