Potential JoomlaStats Component Exploit Could Drain Server Resources

An urgent update to anybody who is using the Joomla component called “JoomlaStats”.

My server host and I have discovered a potential exploit in the JoomlaStats component that could heavily drain your servers resources and possibly leave your site at risk.

The issue was discovered earlier today when my hosts data center suspended my account due to excessive resource usage. This should never have happened of course, as there had been no new updates to any of my websites in recent days. Upon review of the Joomla Stats component, we found the following data, which as you can see, is completely out of the ordinary for my website.

JoomlaStats Exploit 1

On the 5th and 6th of July the number of visitors / hits to the site jumped by OVER 1000%!

Looking deeper, we found that the majority of the hits came in blocks of IP’s, such as the one below.

JoomlaStats 2

This is not necessarily a sign of hacker, script or bot, but for my site, this type of traffic is heavily out of the ordinary. Also, as you can see, the hits all came from the same host in this example, but different IP addresses and are all just seconds apart. What this image doesn’t display is that they were also from a range of differnt operating systems and browsers.

joomlastats03The graph on the right shows the sites total server usage for the month of July so far. The first few days of the month are as expected, but as you can see, the jump is quite drastic on the 5th and 6th.

To further add to the confusion, Google Analytics are not displaying a huge increase in visitors to the site. Why, we are not yet sure, but are looking into whether the JoomlaStats numbers are accurate, or if they are caused by this apparent exploit.

The Server Load

At the point the server suspended my account, the server load was almost 4 times what it should have been. Since disabling and removing the JoomlaStats component that has dropped back to what it should be.

My suggestion, if you use JoomlaStats, is to keep a close eye on your data and if possible, server load. The exploit may simply be a one-off thing, but it is always best to be safe when it comes to things like this.

Share This:

The 3 Best “Must Have” Joomla Components

Earlier on today I was in a meeting with a potential web-design client and I was asked what i thought were the best addons for Joomla. The question at first seemed like a fairly easy one to answer, but the more I thought about it, the more i realised that there are a ton of great components, all of which are equally as good as the next depending on your needs.

So i go to thinking, specific components and modules aside, what are 3 Joomla Components i personally could not build a website without. After consideration, I came up with the following 3 components. Each of these serve a unique, but essential purpose and are all highly relevant to your Joomla website(s).

K21. K2.

K2 is one of the most powerful components I have used in a long-time, and turns your regular Joomla website into a far more powerful content driven site. K2 essentially “replaces” the standard Joomla article manager. When you add new content you do it through the K2 component, which gives you a broad range of great new features, and most importantly, a killer new look and feel. This article was created using K2. It is simple to use, 100% free and really easy to learn. Better yet, the latest version is compatible with SH404SEF out of the box, so you don’t have to stress about getting your website Search Engine Friendly URLs working. K2 can be downloaded here.

SH404SEF2.SH404SEF

SH404SEF is, in my opinion, the best SEO component you can get for Joomla. It’s purpose is to re-write those long Joomla URLs and replace them with much cleaner looking URLs that search engines like Google love. SEO and SEF URLs are no longer an option for websites, they are a “must-have”, and SH404SEF delivers perfectly. There is a small cost for the component (less than $40), but it is money well spent. SH404SEF can be found here.

Xmap3. XMAP

Coming in at number 3 is the often disregarded XMAP component. It doesn’t make your site look better, and it doesn’t add any features that your customers will enjoy, but it does deliver a service that is paramount to your websites long-term success. XMAP is a Joomla Sitemap component. That means, it takes all your websites URLs and collates them into a single, usable and viewable file. This Sitemap can then be submitted to Google and other search engines so they can “spider” and list your URLs in their search engine. I want to give a shout-out to SEF Service Map also, which is another Sitemap component that does the same job, and is just as good (from experience). Each time you submit a new article, XMAP will automatically add that new URL to your sitemap, and, depending what version you have, ping the ping-networks (much like WordPress does). Get XMAP today here.

There you go, 3 great Joomla components that play 3 very important roles in your Websites; Content creation, SEF URL Re-writing, and Search Engine Sitemap.

Share This:

Seyret Vs HWDvideoshare Part 1: Install & Admin

*** This article is part of a series comparing 2 very popular Joomla video components; Seyret & HWDVideoshare. ***

Part 1: Installation & Administraton Comparison

A) Installation

Installation of both Seyret and HWD are straigt forward processes involving the download and/or direct URL install from the Joomla installation screen. Both have a number of optional modules and plugins which are installed in the same method as needed.
For video conversion you may need to check that your server has the appropriate codecs installed, however both Seryet and HWD use popular video conversion systems so we’ve found very few cases where this has been an issue. Contact your server administration if you do experience issues.
Result: Equally good.

B) Modules & Plugins

Both Seyret and HWD can be used straight “out of the box” however there are optional modules and plugins that can be installed to greater enhance your Joomla websites capabilities. Seyret has a number of free modules, such as featured videos slider and stand-alone seyret video player. Further modules and addons are available for Seyret, however they will often either require a Seyret PRO Membership, or will be a one-time purchase. HWDVideoShare is slighly disadvantaged in this respect as the free version only features the video component and basic plugins. For an annual fee (reasonably priced) you can subscribe to the PRO version of HWD which gives you full access to all the modules and plugins, at which point HWD becomes just as good, if not better than Seyret.

Result: Seyret gets the slight win here simply due to the fact that free modules are available. When comparing both PRO versions though, I give the advantage to HWD.

C) Templating

Both components offer templating capabilities and have a few different templates available for download, although in HWD’s case, a pro acct is required to use templates. The main diffence between the 2 is the method of templating. Seyret uses standard coding to theme their system so those familiar with HTML and PHP will have no problem manually making changes to the system. HWD uses the popular “Smarty” templating method and uses TPL files instead of the standard PHP. Smarty files can be edited like standard PHP however the minor differences between the 2 may cause issues with those not familiar with the Smarty system.

Result: Due to the ease of editing the template files, Seyret gets the edge.

D) Video Import & Adding New Videos

This is where the heart of both these components lie, and depending on your needs and wants both the systems “can” be equally as good. Seyret offers 2 methods to adding new videos; upload direct from your PC or add a third party video such as Youtube or Google video. Seyret is compatible with a long list of online video networks, making it appear more versatile.

HWD offers the same features as Seyret, however also offers other options as well including remote, scan, SQL Import, CSV Import, Direct import from Seyret, RTMP and the ability to bulk add videos from youtube playlists and user profiles.

Result: HWD easily has the better features in this category.

E) Categories & Groups

Both Seyret and HWD offer the same features regarding the creation of primary and child categories. HWD has an extra feature called groups however which allow users to create groups relating to a particular topic, and then other users can join that group and share their favorite videos.

Result: HWD easily has the leg up here.

F) General Settings and Set-up

For the most part, both these 2 components are equal in this category, and both allow you to edit the component settings to suit your websites needs. HWD does appear to have more features in this category and gives you a few more options regarding the general setup.

Result: Equal

G) SEO Features

This is often one of the biggest problems with Joomla components and in my experience is quite oftenen a headache for video components. I believe the reason being that until recently video components were not widely used so didn’t have a large group of scripters writing addons and plugins for them. That has changed however and both Seyret and HWD are compatible with all the popular SEF components including JoomSEF, SH404SEF, SEF Servicemap and more. HWD is allegedly compatible with the standard Joomla SEF features also.

Result: While HWD could have the advantage here I am yet to test it, so will call this a tie.

H) Video & Server Maintenance Features

Seyret and HWD both offer a range of basic maintenance features, such as video removal, viewing and editing of pending and reported videos and general editing of video settings. One of the biggest advantages that puts HWD well up in this area is their specific maintenance administration area which offers a single location for you to; Delete videos, fix SQL Errors, Recount SQL Database, Re-Generate local video thumbnails, archive access logs and re-calculate video durations. Seyret to my knowledge does not have similar features.

Result: HWD by far offers the most options and wins hands down.

I) Summary

Reading through the above you would be forgiven for thinking I think much less of Seyret than I do of HWD, which is most definitely not the case. For the last 2 years my hockey video website “2 Minutes For Hockey” has used the Seyret component to deliver the videos with efficiency. I admit however that I am in the process of migrating the system over to HWD simply due to it’s much more user-friendly features.

Overall, the 2 components are very much on par with each other and the only thing separating the 2 are personal preferences based around your particular websites needs. On a direct comparison I do rate HWD as the better component to use.

What do you use? Do you have a preference? Please leave a comment below.

Share This: