Joomla CMS

Joomla! appeared as result of long-term work on her predecessor of Mambo (in last MOS, in Russian: Mambo). The development team created Joomla! 1.0 on the basis of Mambo 4.5.2.3 and here a way of these two systems dispersed.

Joomla represents a set of the scripts written in the PHP programming language. This language was specially developed for writing of web-applications.

In web-applications there are two so-called "parties" of accomplishment of the code - server and client. To a client part HTML, CSS, Javascript, and treat server ASP, JAVA, PHP, etc. Proceeding from it, for work (accomplishment) of scripts of Joomla, it is necessary to have the web server with support of PHP and MySQL (Apache of version 1.3 is recommended and is more senior) and the v¾b-browser at the user (the most popular - Internet Explorer, Mozilla Firefox, Opera).

Usually the web server is a prerogative of hosters, however you can rather simply and quickly set D.E.N.W.E.R. which will install a ready software package of the web server on your computer and on which you will be able to unroll and set CMS Joomla.

The iTrack company published in November, 2011 the next rating of management systems for the websites (CMS) made on the basis of information on real installations on the websites in the third quarter the current year.

The leader of paid CMS, having gained 56.02%, again there was 1C-Bitrix. It is traditionally followed by NetCat with result of 14.36%. The third and fourth places are taken by HostCMS (10.83%) and UMI.CMS (8.11%).

The most widespread system in the rating of free CMS is Joomla (38.95%), it is followed by WordPress from 31.52%. Top three is closed by DataLife Engine - 10.16%.

Total number of paid CMS is about 12.91% of the general share of the detected CMS for a zone. RU and 21.87% for a zone. Russian Federation. All CMS was detected for 14.61% of domains of a zone. RU and 4.15% of domains of a zone. Russian Federation.

From where there was a name Joomla!

Name Joomla! it was selected from result of tender which results were estimated by specialists in the field of branding and marketing. The word "Jumla" which in translation from Swahili means "all together" or "in general" as many commands participating in the Mambo project were unanimous in the aspiration to protect the interests of creators and community which was an actual reason of success of Mambo formed a basis for the name.

Than Joomla is excellent! from other systems

Joomla! tries to save things so simple as far as it is possible, at the same time giving great opportunities. At last people, unfamiliar with programming, can receive the system of complete management of the websites, without spending unreasonable funds for the software with the closed code.

Gallery of free templates

For Joomla professional developers thousands of free templates which you can select, change right after the Joomla setup on the server become.

Advantages of the CRM system to the websites on Joomla 1.5, 2.5 and 3.2:

• the electronic journal of registration of orders of goods and services with any setup of parameters
• accounting and maintaining orders
• each order is given number, the status and the responsible manager
• the comfort letter to the user about each change of an order status
• check of a status order online
• history of orders
• search of orders in the database
• operating control behind execution, providing and sending orders, terms of accomplishment and logistics of orders
• the personnel can add the description and comments on the order
• classification of orders by categories in the database
• simple, available interface of a panel of the administrator
• user account control, distribution of users by groups
• documentary order placement: attachment of files to an order profile
• organization of a system of management of office-work and management of electronic document management
• development based on the electronic system of modules of the bug tracker, help-desk, the order of sendings, writing of papers, trackings of orders, etc.
• effective organization and coordination of work of operators of booking
• set of methods of online payment of the order, procedure of multiple payment of account in parts
• integration with VirtueMart 2, JoomShopping and other components

2020: Joomla developers announced date leak

System developers of content management (CMS) of Joomla announced in June, 2020 date leak. One of participants of the Joomla Resources Directory (JRD) command stored the complete backup copy of the website of JRD (resources.joomla.org) in the baket of Amazon Web Services S3 belonging to its home^[1][2].

As Joomla developers reported, the file with the backup copy was not ciphered and supported the given about 2.7 thousand users registered and who created profiles on the website of JRD. The resource represents the portal where developers of the websites based on Joomla offer the services.

Enter the list of the data which appeared on the foreign server: complete user names, legal addresses, working phone numbers and the e-mail addresses, the URL addresses of the corporate websites, data on the nature of activity, hashes of passwords, the IP addresses and preferences in newsletters.

As the most part of the above-mentioned information already was in open access, the damage from leak is regarded as insignificant. Nevertheless, such data as hashes of passwords and the IP address, are not intended for public eyes. Malefactors can crack passwords and if they are used also on other websites, to compromise accounts of users using substitution of credentials (the so-called attack of credential stuffing). With respect thereto, users of JRD are recommended to change passwords both on the portal, and on other websites where they are used.

According to the message of the Joomla command right after it became known of leak, general audit of security of the JRD portal was booked. "During audit Super User accounts belonging to persons outside Open Source Matters were also detected", – Joomla developers reported.

2017

In Russia the server of updates Joomla is blocked!

At the end of September, 2017 the Russian users began to announce problems with access to the server of updates of a popular content management system Joomla!. Blocking by the used this CMS of subdomains of Amazon Web Services was the reason, Roskomsvoboda public organization reports.

Server of updates Joomla! automatically got under blocking after the Federal Tax Service (FTS) achieved entering into the register of the prohibited websites of a number of cloud services of Amazon Web Services. At the moment under blocking more than 260 different resources of Amazon got already.

Roskomnadzor, FTS and the State Office of Public Prosecutor in large quantities blacklist cloud services of Amazon as on them extremist resources, online-casino and other resources banned in the Russian Federation can be placed. Also Roskomnadzor in large quantities blocks resources of Amazon as the service Zello banned in the Russian Federation uses them for generation of new working domains when previous gets under blocking.

2015

Emergency updating 3.4.6

On December 14, 2015 it became known of an extra of updating 3.4.6 for liquidation critical vulnerability in Joomla. Earlier, malefactors used it for commission of the mass attack^[3].

System developers of management of web content of Joomla published the emergency updating 3.4.6, in is mute the critical vulnerability allowing accomplishment of any PHP code on the server is eliminated. The problem was aggravated with active operation by her malefactors, and it was succeeded to correct it only after identification of mass harmful activity on the websites under control of Joomla.

It is recommended to all users of Joomla to set immediately updating and to book general audit of systems.

According to Sucuri company in network the intensive automated attack aimed at defeat of systems subject to the specified vulnerability is recorded. After start of several false honeypot-systems, during the day on all of them recorded more than one hundred attempts of penetration therefore after updating it is necessary to carry out surely the analysis of a system regarding possible penetration of attacking. Probability is very high that the system using CMS Joomla already is under control of malefactors. Vulnerability began to operate actively a minimum in two days prior to an exit of the adjusting correction.

The problem was shown in the version of Joomla 1.5.0 - eight years ago. It is caused by lack of cleaning of value of a line with the identifier of the browser (User Agent), before record in DBMS. For the attack was to send a request to the website on the Joomla platform with definitely the set User Agent value enough. As sufficient condition of identification of the attack on a log, existence of requests from IP addresses 146.0.72.83, 74.3.170.33 and 194.28.174.106 is mentioned. Presence at logs of the identifiers of the browser (User Agent) falling under JDatabaseDriverMysqli and O: masks can be sign of the attack. If similar requests are present at a log, - a system was attacked by malefactors and is infected.

 
   2015 Dec 12 16:49:07 clienyhidden.access.log
   Src IP: 74.3.170.33 / CAN / Alberta
   74.3.170.33 - - [12/Dec/2015:16:49:40 -0500] "GET /contact/ HTTP/1.1" 403 5322 "http://google.com/" "}__test|O:21:/x22JDatabaseDriverMysqli/x22:3:..
   {s:2:/x22fc/x22;O:17:/x22JSimplepieFactory/x22:0:.. {}s:21:/x22/x5C0/x5C0/x5C0disconnectHandlers/x22;a:1:{i:0;a:2:   {i:0;O:9:/x22SimplePie/x22:5:..
   {s:8:/x22sanitize/x22;O:20:/x22JDatabaseDriverMysql/x22:0:{}s:8:/x22feed_url/x22;s:60:..

The adjusting release of Joomla 3.4.5

On October 22, 2015 the community of developers provided the adjusting release of a content management system of Joomla 3.4.5^[4].

Joomla 3.4.5 (2015)

In it the critical vulnerability allowing to carry out substitution of the SQL query by sending specially issued request is eliminated. Vulnerability can be operated not authenticated attacking.

The problem is shown in all releases, since Joomla 3.2. Urgent updating of a system is recommended to users.

Notes