{thepointofwork}, the official blog of arthur abogadil, Filipino Programmer and Web Developer

THE FILIPINO PROGRAMMER

Another Step

leave a comment »

Hello to all!, Whew its been a long time since i’ve post an article, a lot of things has happened, im now on the process of establishing a new Software and Web Development Company, its named, philcoders, and ill be bringing this blog to a new domain at thepointofwork.com. My wife is giving birth to our first baby on January 2009, its been a very good year so far. I’m quite busy now completing my projects and bring philcoders.com and thepointofwork.com online, i can finally have a proper portfolio, that has been my problem since my first post to this blog, lol.

Lesson’s Learned: Regular Updating
I’ve created this blog to share the things i found important, for this post what i want to share is the importance of regularly updating or applying patches to your open source project installations, for example if you are using open-source CMS engines. Most of us who write code, or who developed web sites must have use at least one open source project. Lately, CMS engines, a web application which allow people to quickly create websites has become popular. Two of the most successful CMS applications are Joomla! and Drupal. Unfortunately, the popularity of this two CMS application has attracted some hackers to scrutinize its source code, this lead to the discovery of improperly coded modules, which allow sql injection attacks. Some attacks on Joomla! for example allows an attacker to reset the sites administrative password. I tried the security hole in some of my live site and its true. We don’t have go far for other example’s, Joomla!’s official website has been defaced, a few hours after changing their website’s template. You can read it here. Their mistake according to them:

This morning, Joomla.org was defaced a few hours after releasing our new design. This is not a new security issue, but only poor system administration practices on our part. When we updated our Web sites with the Joomla 1.5.6 security fix released yesterday, we simply forgot to update one of our small, non-public development sites.

New patches and updates are regulary released for active open-source projects, that’s also a very important reason when evaluating an open-source project, it must have a very active community so that things which need fixing gets fixed fast. So if you are using this type of application, you better update regularly, a lot of people are getting hacked these days, just look at the official forums of some of the most popular CMS apps. I was browsing the demo section of a template provider’s site last week and their site is being defaced at the very same moment, their site is ok now, so that’s good. Well, lessons learned, always update and apply patches to your system as soon as they become available, always keep a backup though, cause it may break your site, especially if you have third-party components installed, and be responsible, if you have clients who has old installations, tell them to update. You can download Joomla!’s newest update here, its 1.5.6 at the moment and is very critical update, for those who uses 1.5.5 and below.

Well, thats all for now, see you again soon.

PS. i have a good idea for a new section of my site because of this post. I’ll post it soon!

-Arthur Abogadil
Lead Software Developer, philcoders
arthur_abogadil @ philcoders.com
Tel. #: +63 042 795 0238
Mobile #: +63 929 976 3204

Office Address:
#34 Cirila cor Amethyst St
RGR Subd
Lucena City 4301
Philippines

Official Webite: http://www.thepointofwork.com
Blog and Portfolio Site: http://www.philcoders.com

Advertisements

Written by pointofwork

August 29, 2008 at 11:33 am

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: