These are the script I use to maintains all my 3 demo Joomla! sites:
These scripts increased security and are trying to standardized how to create, update and maintain Joomla! demo site. Feel free to submit, send me ideas how to improve them or ask for help.
This project is hosted at http://forge.joomla.org/gf/project/demosite/ under a GPL v3.0 license and the latest documentation can be found in my WIKI
- 1 script (snapshotit.bat ) per Joomla! instance to create snapshots (files+ database) and save the result in a zip file.
- 1 generic scripts (renew.sh) that renew an instance of Joomla! (files+ database) and secure it at the same time
- An access to a Linux bash on your server, ideally as root
- The possibility to define new crontab entries
On your desktop or reference server, install preferably in xampp/htdocs as much version of Joomla! as needed. These directories are containing Joomla versions . In these versions you will be able to install, remove configure your extensions. I personally have them in XAMPP
In each of these Joomla! installation, copy this file snapshotit.bat inside and configure the variables accordingly. The file is well documented to not describe these variables here.
This small batch file is making a snapshot of all files and database and create a new file demo-joomla-1.5.zip for example.
Consider while installing Joomla!
- To not choose as a default for table name the prefix jos_ but something longer and more random, something like gZ45dF_ to mitigate SQL injection
- Do not name your admin user admin, but choose something longer and more random, Fdhtz56df_Gdte34 to reduce risk of brute forcing the administrator login/sql injection
On the server
Copy now this file demo-joomla-1.5.zip to your server, using FTP, SSH
Copy also renew.sh to your server, using FTP, SSH
Add to your crontab for each of your demo site the following big line, I renew demo site every 30 minutes
$ crontab -e
add this line
30 * * * * locationOf_renew.sh locationOf_zip locationof_httpdocs dbuser dbpassword dbtablename unixuser unixgrp
- locationOf_renew.sh fully qualified path to renew.sh
- locationOf_zip fully qualified path of zip file (containing Joomla! and .sql file)
- locationof_httpdocs fully qualified path of the httpdocs directory where this zip file content will be extracted
- dbuser : database user that is used by Joomla!
- dbpassword : database user password that is used by Joomla!
- dbtablename: database schema name that is used by Joomla!
- unixuser: unix user that is supposed to own all files in httpdocs, for example cedric
- unixgrp: unix user that is supposed to own all files in httpdocs, for example psaserv
This script renew.sh is doing the following with the zip file
- Delete all files in locationof_httpdocs removing all potential security threat and settings changes by visitors of your demo site
- Lock the demo site by adding an htaccess and htpasswd files temporary
- Unzip all file in demo-joomla-1.5.zip to locationof_httpdocs
- Restore the database with the file demo-joomla-1.5.sql found in demo-joomla-1.5.zip
- Change user and usergrp to the right one (unixuser, unixgrp)
- Change all files and directory to the minimum required set of permissions (555 for directory and 444 for files)
- Make the cache directory of Joomla! read write for the owner unixuser
- Delete the file demo-joomla-1.5.sql
- It remove potentially dangerous components from demo site, among others
- com_media Removing the users the right to upload, alter or delete files
- com_config Removing the users the right to change configuration
- com_installer Removing the users the right to install extensions
- it remove installation or installation.old if present
- Unlock the demo site by removing the htaccess and htpasswd files, and restoring the one from the zip files
All in all and thanks to this development, my 3 demo site are now online, update will be a lot easier and I will keep them more often up to date
Joomla! 1.0 tricks
In Joomla! 1.0 configuration.php I use the following trick to not have any stage dependent values.
$mosConfig_absolute_path = dirname(__FILE__);
$mosConfig_cachepath = dirname(__FILE__).'/cache';
You might like also
It starts today. The winner will be announced on October 31, 2010, before Midnight GMT+1. Win a book PacktPub “Joomla! 1.5 Development Cookbook book” Solve real world #Joomla! 1.5 development problems with over 130 simple but incredibly useful recipes. http://www.packtpub.com/joomla-15-development-cookbook/book Here are the basics but PLEASE read all the rules. You must be 18 years or older to enter You must be following me http://www.twitter.com/cedricwalter You must send out the following tweet EXACTLY as it appears – failure to do …
3061 Days ago
This small plugin add automatically to any articles a set of social icons that let your reader increase your social ranking. It support Twitter Facebook Google Buzz Digg LinkedIn There is 2 different branches of this plugins depending on your version of #Joomla! Download version 1.5.x for #Joomla! 1.5.x, a running demo of this extension can be seen at http://demo-joomla-1.5.waltercedric.com/ or you can see it in action on this site (I eat my own …
3225 Days ago
Only for SecurityImages 5.1.x and #Joomla! 1.5.23 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.23 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.23-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and overwrite file on your server with the zip package usign FTP/SCP Go to #Joomla! control panel and HIT at least SAVE configuration …
3229 Days ago
Only for SecurityImages 5.1.x and #Joomla! 1.5.22 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.22 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.22-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and overwrite file on your server with the zip package usign FTP/SCP Go to #Joomla! control panel and HIT at least SAVE configuration …
3229 Days ago
PhotoFEED is a small content plugin for #Joomla! 1.5 that allow you to inline a set of images from your favorite online gallery: Smugmug, Flickr, Picasa or any RSS feed in any article. You can see it running here in my Demo site. New version 1.5.0 is available! NEW: use /media directory for resources NEW: online documentation in administrator panel NEW: plugin log data in debug mode at /logs/plg.photofeed.log.php you cant point a browser to it, use FTP/SCP/Plesk/Cpanel to read …
3288 Days ago
From the official press release The #Joomla Project announces the immediate availability of #Joomla 1.5.22 [senu takaa ama woi]. This is a security release, and we recommend users upgrade immediately. The Development Working Group's goal is to continue to provide regular, frequent updates to the #Joomla community. Download Click here to download #Joomla 1.5.22 (Full package) » Click here to download #Joomla 1.5.22 (Upgrade packages) » You can also download these files from my Unofficial Miror of Joomla! files (nearly …
3391 Days ago
Only for SecurityImages 5.1.x and #Joomla! 1.5.21 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for #Joomla! 1.5.21 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below for more details Download file Joomla_1.5.21-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and overwrite file on your server Go to #Joomla! control panel and HIT at least SAVE configuration once, this will add a …
3413 Days ago
A small Joomla! extension (plugins), highly customizable to display picture randomly from your SmugMug gallery.This plugins displays Smugmug photos using shadowbox. Any improvements, ideas are welcome, use the forum board Here are some screen shots output Features Native #Joomla! 1.5 plugins, Code produced is XHTML 1.0 Strict, If you have shadowbox installed, the SmugMug gallery when a user click on a picture will be displayed in a hovering windows CSS driven output, can be manually edited at …
3443 Days ago
It starts today. The winner will be announced on September 25, 2010, before Midnight GMT+1. Win a book PacktPub “Joomla! 1.5 Site Blueprints” Here are the basics but PLEASE read all the rules. You must be 18 years or older to enter You must be following me http://www.twitter.com/cedricwalter You must send out the following tweet EXACTLY as it appears – failure to do so will disqualify you – do NOT put @ sign in front of cedricwalter anywhere in …
3443 Days ago
A warm thanks to PACKT publishing for having sent me this book free of charge for review! The author of the book recounts the examples of how to quickly create a variety of web projects using CMS Joomla!. From the book you will learn how to edit menu, set extensions, work with the extensions, setting up the comments and maps from Google Map’s and much more. I will offer this book randomly to one of my twitter follower!!!! …
3443 Days ago