Blogs - The Conticreative Joomla Blog

Joomla 1.5.17 released after only 3 days since 1.5.16

Attention: open in a new window.

Written by Marco Conti Tuesday, 27 April 2010 13:36

Joomla.org has just released today the new 1.5.17 patch to the short lived 1.5.16 patch they released on April 24 2010.

Something must have gone very wrong with the .16 patch but the bottom line is to hurry and patch your Joomla site to version 1.5.17 today.

If you need to know how to properly patch Joomla to the latest version please read the rest of this article.

Watch the screencast if you are using a Cpanel server. At the bottom of this article I also added a checklist you can copy and paste anywhere to help you out.

Why Patching Joomla is important.

When the Joomla Project team finds security issues with Joomla they work very hard at releasing a patch for it. When they release the patch they also have to specify what sort of vulnerabilities this patch fixes. For a hacker this is a handy checklist to use on Joomla sites that have not been patched yet.

Start Learning Joomla The older your site, the more likely your version is now vulnerable.
Hacks in Joomla can take many shapes, from SQL injections to foreign code inserted into your index.php file or somewhere in the include files.
In all cases a hack can be deadly for your site and it's certainly not worth risking being hacked for the time it takes to patch Joomla. It's not even worth it if you have to pay your web developer to patch Joomla because a hacked site is often impossible to rescue and you'll be forced to start almost from scratch with a new site. That's usually a very expensive proposition.

One way Joomla sites (and all sites for that matter) are hacked is by strealing a password either for the Joomla administration or for your hosting panel. This is usually done by intercepting your emails or inserting malicious code in your computer. The latter is usually a "Keylogger", a small program that does nothing but record keystrokes and send them to the hacker. The best way to assure your password is not hacked is by using a good Anti Spyware suite together with a password manager.

The password manager I use is called Roboform and it's a very powerful application. It will also help when there is a need to send a password to a collaborator because it allows you to create encrypted text files you can email directly from the program itself. The recipient and you will agree on a common password and this way no one can crack your passwords by reading your emails.

For Mac users the best program available is called 1Password and it is also an excellent password utility with many useful features.

Patching your site

Patching your site should be done in methodical, considerate steps. It's not worth it to rush.
Here is a quick Checklist to make sure you are patching Joomla properly and safely:

Make a Backup

This should be the first step. You need to backup both the files and the database of your Joomla site. They are both needed. When backing up your site always make sure to name the files or the folder that contains the files with the proper date. I prefer this kind of file/folder name "yy.mm.dd-filename" because with this naming system all your backups will fall in chronological order.

Backup with Cpanel is easy. On some servers that do not allow archive (zip files) management it's a bit harder. For this reason I usually suggest using a Cpanel based server and/or using Akeeba Backup to manage your site's backups.

On Cpanel servers, as you can watch on the video, the backup process is as simple as using the "backup" area in Cpanel to download your database. For the files, you can also use the backup feature, but that backups everything and sometimes the file is a bit too large. For a minimalistic backup go to "File Manager" select all the Joomla folders (refer to a virgin Joomla site to see all the files and folders you need to select) then use the "Archive" button in the same window. Name it properly and download it if necessary.

Cpanel servers are ubiquitous and rarely more expensive than a few dollars but they allow much more advanced file management than many of their peers.

NOTE: Unfortunately, when choosing a new host "The best host" is a Unicorn. Given the high volume cutthroat business of hosting what we should be looking for is "passable". For my money I have been very happy with Hostgator. They are not perfect but their support is usually excellent and their servers are very well managed. I would not be recommending them otherwise.

Applying the patch

You should have the Cpanel "File Manager" (FM) already open. If not open it from the Cpanel main page.
In the FM click on "new Folder", name it and open it. Then click on "upload"
In the "Upload" window, select the patch you downloaded from Joomla.org and upload it
Go back to FM and click on "refresh". You should see the ZIP file.
Select the archive and "Expand it" using the appropriate icon in FM.
Now click on "Select all" and de-select the Archive and any files you don't want to patch (some, like configuration.php-dist, COPYRIGHT.php , CREDITS.php , etc. are not necessary and could present a security issue)
R-click on the selected files and click on "Copy". In the window that comes up edit the path to reflect public_html (or any path to the live site you may have)
Go to your Joomla administration and the patch should have taken.

If something doesn't work, use Akeeba Backup or your manual backup files to restore your files.

I hope this helps you with your patching. If you have any questions, as usual drop me a note.

Have a great day

*cc*

Set as favorite

Bookmark

Email this