Yesterday, I couldn’t help thinking about a trend that I have noticed lately. You see, I started a brand new blog (which you can find here) about my photography. In a few days, I saw quite a few links incoming. More than I get on this blog on average (although the sharp decline in quality posts is probably to blame for that) but not a single comment. Continue reading Did Likes Kill Conversations?
You have read the articles and seen the Youtube videos, but you still can’t solve the problem. You are looking to upgrade your website to the latest version, but you don’t know how to start. Maybe you are looking for help with a migration.
From now on, you don’t have to look much further
Support by (Joomla) Experts
We’re offering hands-on support with your existing website or new project. Our experts will give you advice or do the hard work for you, for a reasonable price.
We don’t like to call ourselves “Guru’s” but our team has got lots of experience. We are, of course, specialized in the Joomla! CMS but we can also aid you with your WordPress, WooCommerce or PrestaShop problem. Is your technology not on the list? We are looking forward to adding it to our repertoire.
We focus on helping you with the technical side of your project. Additionally, we can offer you help with your content (E.G data entry).
Fixing Your Problems
Our experts can help you identify and fix problems with your site(s). We can help you fix problems with your site, and advice you on how to avoid them in the future. Some of the problems we fixed in the past were hosting related problems, components that gave problems or helping the user understand how his website works.
If your website is hacked, we can help you get it back online, or at the very least point you in the right direction.
Let our experts help you prevent problems on your website. We perform audits of both your website and your hosting environment to detect and prevent problems that can lead to your site being hacked.
Our experts can setup back-ups and updates for your website, as well as enable Two-Factor authentication, setup your site for the use of SSL or help you to configure tools such as a WAF or CDN to ensure your site never goes offline.
Keeping your site up-to-date
As a business owner, you have other concerns than keeping your site up to date. You can let our experts do the boring work, like updating the CMS and plugins, or adding content and products to your website – all for a reasonable, fixed fee or pay-as-you-go.
Making sure you’re heard
Our marketing guys (and girls) can help you get your website out there. We can help you advertise, leveraging Google Analytics and Facebook Ads so that you reach as many people as possible. We can also help you establish a presence on Social Media, so your website is represented everywhere your future and current clients hang out.
Interested in working with the experts behind Joomla & More? Contact us today, and we’ll see how we can help each other.
Here at Joomla & More we are trying to bring you interesting, fun articles or educational articles in the written form. We love writing, and we believe that writing as a media channel has staying power.
However, it hasn’t escaped our attention that more and more content is moving to Youtube (or another video provider of your choice). We aren’t planning to stop writing any time soon, but realize that there is some content that’s better off in the shape of a video.
Tutorials, for example, are easier to follow in a Youtube video than they are in a n article. Showing off a gadget is also more practical if you can show how it actually works. And of course, if you’re talking about software and you can show users how it works instead of talking about it, of course that’s going to present an added value.
That’s why we are dipping our toes in the creation of videos. We’ve still got a lot to learn. For example, Steven still refuses to listen to any audio that features his voice. Which is ‘All of the audio made, ever). Editing video is a bit more time consuming than editing your text (kidding, we don’t edit our posts), and there’s so many things we could or should learn.
But, you’ve got to start somewhere. That’s why you can find a link to our Youtube Channel under “Social”, and “Videos” links you directly to our Youtube Channel.
We hope you’ll be seeing use there.
Are you looking to implement two-factor authentication on your Joomla site(s)? Welcome to the party! Joomla offers two great 2-factor authentication options out of the box: Google Authenticator (as recommended by Google themselves), and Yubikey (I know a guy who can hook you up. Seriously.) And both of them work great. You can enable it for the frontend or backend, or both.
Unless you’ve got K2 installed.
With K2 installed, the K2 “advanced” profile will kick in on the front page. When you’ve enabled 2FA for the front end (no matter what plugin) and you want to configure two-factor authentication, you won’t see an option. If you want to tweet “Oh MY GOD JOOMLA, YOUR SHIT IS BROKEN”, don’t.
It’s K2’s “User profile” that’s to blame. It gives you the option to add an avatar, an URL and to write a bio (so you can spam websites to death), but it takes away all the good stuff. Including the two-factor authentication options.
There’s a work around, of course. There always is. And it sucks, because it limits two-factor authentication to admins unless you want to setup all your users’ accounts.
So, the only real solution is to take the fall, and disable the K2 profile. (Solution if you want those avatars / bio’s: give back-end access to authors – let them update their own stuff there. Simple. Front-end editing blows anyway.)
How it’s done
Update: You can check out our video on how to disable the K2 Profile.
In the backend, do the following:
- Go to Components > K2.
- Click “Parameters” in the top right corner.
- Open the “Advanced” tab.
- Find the option “Enable K2 User Profile”, and set it to “No”.
Now, when you (or your visitor) visits his profile (hint: setup a link to make their life easier), they can enable the 2FA option of their choice, and follow the simple steps to enable them.
Remember kids, don’t yell “JOOMLA IS BROKEN” when your plugins are to blame.
In this day and age, if there is a way for the spammer and other abusers of this world to take use of your site, they will. One “attack vector” which I never even considered until I was confronted with it just minutes ago, were K2 users. They create the perfect platform for K2 User Spam if you are not paying attention. K2 User Spam being “using K2 users to post spam on your website”. Now that that’s on the way, let’s take a look at how it works and how you can prevent it.
How it works
Unlike Joomla, K2 by default allows ‘Users’ to create profiles with fancy avatars, subscriptions and links. Which is super, if you’re building a content based sites. Got to have those neat author profiles.
However, that means that the K2 User profiles can – and will – be abused.
Spammers can create account(s) on your website, and then fill their description with whatever they see fit, including images and links. This will then appear on their author page. What it comes down to, is that by creating a Joomla User they can basically create a spam page with the content their spammer hearts desires. These pages can and will show up when your friend Google visits your site, as proven by the DMCA requests we got for a site. That’s what brought the exploit to my attention. DMCA requests, for a site whose only page says “Site under construction?”
How to fix / avoid it
In K2 2.7, tackling this problem is as simple as setting an option. In the Spam Settings section, set “Control K2 User Profile display for users with no items” to disabled. This will disable all user profiles from being displayed, and is the default setting. It won’t stop the Spam users from signing up, but it’ll at least stop them from ruining your SEO.
Additionally, you can enable the anti-spam measures of K2, which include recaptcha and StopUserSpam, which detects known spammers and disables their accounts. However, we haven’t been able to test whether this will prevent users from signing up through the Joomla user form although the previous solution should prevent their profiles from being displayed regardless.