目前日期文章:201108 (3)

瀏覽方式: 標題列表 簡短摘要

轉載自Joomla!之門
作者:白健鵬

修改默認的jos_ 數據表前綴

Joomla!之門的《Joomla! 1.5網站防黑9條戒律》這篇文章中也強調要修改默認的數據表前綴,在Joomla!安裝過程中進行數據表前綴的設置當然很容易,但文章沒有說明“對於已經建成的網站,如何修改數據表前綴”。今天介紹一下這個方法:

  1. 以管理員身份登錄到Joomla! 後台;
  2. 進入“全局設置”(global configuration),找到“數據庫”標籤頁,修改原來的數據表前綴jos_ 為新的前綴(例如:fdasqw_),然後點擊“保存”;
  3. 通過phpMyAdmin 訪問你的網站數據庫;
  4. 點擊“導出”(export)標籤頁,所有參數保持默認值,直接點擊“執行”按鈕。導出過程可能需要一點時間;
  5. 導出完成後,打開得到的SQL文件,選擇全部代碼並複制,然後粘貼到文本編輯器(例如:Notepad++);
  6. 從phpMyAdmin 中選擇你數據庫中的全部數據表,刪除它們;
  7. 在Notepad++ 中,利用“查找替換”功能,將全部jos_ 字串替換為剛才設置的新前綴(fdasqw_);
  8. 完成替換後,複製全部代碼。進入phpMyAdmin,點擊SQL 標籤頁,將這些代碼粘貼到輸入框,然後點擊“執行”按鈕。

Joomla!之門提示:如果你的數據庫很大,那麼最後通過SQL方式導入的過程恐怕很難成功。對於大型數據庫文件,推薦使用BigDump工具

去掉第三方擴展的名稱及版本號

大多數安全漏洞只存在於特定擴展的特定版本中。因此,為了防止黑客根據擴展名稱及版本號來迅速尋找“肉機”,就有必要去掉網站前台顯示的第三方擴展的名稱及版本號。

有些開發人員會在後台參數中留下“是否顯示作者版權鏈接”的選項,對於這些擴展,我們選擇“否”即可;大多數第三方擴展的作者都會在前台留下一個版權鏈接,裡面含有該擴展的名稱和版本號。去掉這些hardcod 方式的版權鏈接的方法是:

假設有一個com_extension擴展,將/components/com_extension目錄複製到PC上,用Notepad++打開其中一個php文件,然後使用“在多個文件中搜索”功能(勾選“搜索子目錄”),搜索前台所顯示的那個字串,找到之後直接從源代碼中刪除即可。

Joomla!之門提示:

有些擴展的版權鏈接使用了特殊的方式嵌入,例如Artio JoomSEF,用上述方法是無法刪除的。如果你發現某個特殊版權標記無法刪除,可以到Joomla!中文論壇發帖討論。

使用SEF 友好網址組件

SEF 友好網址不僅有利於網站的搜索引擎優化(SEO),也有利於提高安全防護作用。原因是:如果不啟用SEF,則Joomla! 默認的頁面URL 中會含有第三方擴展的名稱,如網址中option=com_contact 這部分,這裡com_contact 就是“聯繫人管理”組件的名稱。

黑客當然不是通過肉眼來尋找URL裡面的擴展名稱,他們會使用Google搜索技巧中的inurl方法來快速尋找。

推薦使用Artio JoomSEF,或者sh404SEF,或者其它某個SEF組件來對Joomla!默認的動態網址進行靜態化重寫,一方面隱藏了擴展名稱,另一方面也增強了SEO效果。

使用最新版本的Joomla! 核心及擴展

經常了解一下你正在使用的Joomla! 核心和第三方擴展是否有了新版本。如果有新版,就盡快升級。一般來說,新版本總是能夠修復舊版的安全漏洞或功能bug。

Joomla!之門提示:

任何升級操作之前,請做好網站的備份工作。強烈推薦使用Akeeba Backup備份工具

給目錄及文件設置正確的權限(CHMOD)

只有當某個腳本會寫入到目錄或文件時,才將該目錄或文件的權限設置為777 或707。其它所有文件和目錄的權限都應該設置如下:

  • PHP 文件:644
  • 配置文件:666
  • 其它目錄:755

Joomla之門提示:

這裡所說的CHMOD 權限系統是Linux/*nix 服務器平台特有的功能,如果你使用的是Windows 平台服務器,就沒有這個功能。強烈建議將Joomla! 運行在Linux 服務器上。

及時刪除殘留文件

有時候你可能安裝了某個擴展之後不久又不喜歡它了,多數用戶這時會進行“取消發布”操作,而不是“卸載”。如果是“取消發布”,則該擴展的文件仍然存放在你的網站空間,如果該擴展的PHP 文件正好存在一個安全漏洞,就很可能被黑客利用。因此,當你不再需要某個第三方擴展時,立即將它徹底刪除,而不要“取消發布”。

Joomla!之門提示:

當你通過Joomla!後台卸載某些組件後,其數據表或許並未刪除。如果你確認不再需要該組件,建議通過phpMyAdmin將其數據表也徹底刪除,以免某個設計不嚴謹的數據表遭到SQL Injection劫持。

修改.htaccess 文件

用文本編輯器Notepad++打開你Joomla網站根目錄下的.htaccess文件,添加下面的代碼進去:

########## Begin - Rewrite rules to block out some common exploits# 
# Block out any script trying to set a mosConfig value through the URL 
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1 ,21}(=|%3D) [OR] 
# Block out any script trying to base64_encode crap to send via URL 
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] 
# Block out any script that includes a < script > tag in URL 
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] 
# Block out any script trying to set a PHP GLOBALS variable via URL 
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] 
# Block out any script trying to modify a _REQUEST variable via URL 
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0 -9A-Z]{0,2}) [OR] 
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue) 
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR ] 
# Block out any script that tries to set sbp or sb_authorname via URL (simpleboard) 
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR] 
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D ) 
# Send all blocked request to homepage with 403 Forbidden error! 
RewriteRule ^(.*)$ index.php [F,L] 

########## End - Rewrite rules to block out some common exploits
文章標籤

AJlin-DES鼎益盛 發表在 痞客邦 PIXNET 留言(0) 人氣()

Download Youtube Downloader HD

軟體下載頁面 :http://www.youtubedownloaderhd.com/download.html

下載安裝後 自動執行程式 會跳出下圖的視窗介面

可選擇輸出的格式及解析度

貼上網址後 按下download就可以 直接下載囉~

超簡單

Download Youtube Downloader HD  

文章標籤

AJlin-DES鼎益盛 發表在 痞客邦 PIXNET 留言(0) 人氣()

1. Tabber

With Tabber you can make content tabs anywhere in Joomla!

The syntax simply looks like:
{tab=Tab Title 1}
Your text…
{tab=Tab Title 2}
Your text…
{/tabs}

To make links to certain tabs in your page, you can use Tab Links, like:
{tablink=Tab Title 2}Link text{/tablink}

And many more cool features

2. veevaa Multi-Module Tabs

Fill in the blank the modules ID whether they are Enabled or not, separated by commas. Those modules will show in tabs or sliders use Joomla JPane. Custom CSS: modules/mod_veevaa_tabs/assets/style.css

3. jkefel

  • * panel (tab or slider) persistence, i.e. coming back to the same page would render with the most recently active panel as open
  • * direct addressing of panels from external pages
  • * ajax loading of panels content and are either refreshed every time the panel is visited or is fetched once only
  • * load specific modules (addressed by their ids) into a panel position
  • * recursively inclusion of panels in panels
  • * while loading external content you will be able to choose how to place fetched content: by prepending, appending or replacing to existing content
  • * and of course, you can place as many tabs and/or sliders as you want on the same page and with varying UI:s (i.e. sliders or tabs) and also with varying options
  • * all features are controlled globally from the plugin parameter setting and individual tabs are modified through their own options
  • * reuses Joomla! backend styles which can be easily modified by accessing the included css file.

4. Simple Tab and Slider Module

Simple ! Yes Just simple tab and slider module for joomla. Displays multiple modules with tabs/Slider. This modules is developed using the joomla tab/slide api JPane. This modules uses the joomla own resource like css, image from admin khepri template. Your feedback will help me to make more helpfull extentions :)

5.  2J Tabs

2J Tabs (component + module + plugin) – it’s a fresh breath for your website layout. Very easy and comfortable way to organize your front end content most effective way.
2J Tabs can emulate multi-pages structure based on the joomla content articles as result your visitors will get easy access to the big content articles (no need to scroll through a large page). Also 2JTabs have ability to load up joomla external modules to the tabs from joomla template locations (for example: left, right, banner, user1 and etc…).

6. jTabs

jTabs allow to created jQuery Tabs and Accordion via joomla modules and free to insert HTML code for tabs.

Look for more information on jquery http://jquery.com/ To modify styles check http://jqueryui.com/themeroller/

7. Dinamod Tab Modules

Dinamod is a special extension to easily render modules in highly customizable tabs. Just install, define a new position for the tabs (default is “dinamod”), publish each desired module in that position and finally configure and publish mod_dinamods. Some featured options are:

  • • Showing the tabs on top or on the bottom
  • • onClik or onMouseOver selectable tabs
  • • Auto rotating within a certain time
  • • Customizing size, border, margins and each possible color

8. IceTabs

IceTabs module marks another immense milestone at IceTheme. We can say without any single doubt that this module is one of the best ever built Joomla Extensions by our club and also on all the Joomla! market as well. But… why?!

First let’s describe what is the scope of the IceTab module.

IceTab module can display any content/banner/images/K2/VirtueMart information with a smooth and nice interface based on the tabular interface. So to describe more clearly, you may display your Joomla content and this is the primary scope of this module but you may easily use it to be a image gallery by switching to the “image” mode. Also you may use to display content from the popular K2 extension an to display products from the VirtueMart extension. The IceTab module is bult-in all parameters needed so that you have the possibility to adjust perfectly in the way you like.

9. RokTabs

RokTabs is a tabbed content module, standalone and sporting its own themes (light and dark). Content is transitions, either by fade or scroll, and is powered by mootools.

The module has the ability to be fully automated, switching based on time or manually by user interaction.
RokTabs also has support for the plugin allowing to load modules inside it, as well as supporting K2.

  • - Tabbed Content: Display multiple content items in a tabbed enclosure.
  • - Module Position Support: You can insert module positions inside the tabs.
  • - Inbuilt Styling: Both light and dark styling for standalone support
  • - Configurability: Highly configurable from options dealing with transition, to content type and layout.

10. JooTabs

Exhausted to waste space in your Joomla! powered website with a lot of modules? Put a lot of modules in just one position using jooTabs Features : 1. Option to change active tab with mouseover or mouseclick 2. 8 ready-to-use tab template 3. Up to 10 tab available 4. Option to use AutoChange of the Tabs and the delay time of each transition 5. Option to change the width of tabs 6. Option to choose which tab that you want to open after first page loading (to attract users attention) 7. Assign specific module into each tab 8. Set the title of each tab 9. Option to show or hide the modules title inside the tabs 10. Module Class Suffix ready 11. Show everything: Images, Scripts, Links… inside the tabs

11. Tabs Manager GK3

An overview of Tabs Manager GK3 component key features:

  • Joomla! 1.5 Native
  • Javascript Framework Mootools
  • Option for use compressed engine script
  • New technique of assets Java Scripts files
  • New, more friendly the interface
  • Creation of tabs groups presentation
  • Custom tabs names
  • Provided with Tab GK1 module for content display
  • Support for multi language translation for components, plugins, extensions and modules
  • 3 different styles presentation (horizontal – vertical and accordion)
  • Customize user style option formatting (for advanced users)
  • Integration of WYSIWYG editor for custom XHTML content production
  • Easy administration with Modalbox effect display
  • Lightweight, modern and fast-loading design
  • Different amazing styles transitions effects
  • W3C XHTML 1.0 Transitional. W3C CSS Valid
  • Fully compatible IE7+, Firefox 2+, Flock 0.7+, Netscape, Safari, Opera 9.5, Chrome

 

文章標籤

AJlin-DES鼎益盛 發表在 痞客邦 PIXNET 留言(0) 人氣()

找更多相關文章與討論