Security is one of the most vague topic for any individual or company that is related to some sort of Web Services. It may be either a company providing online services for its customer, or an individual that is hosting his/her private portal or a user that surfs internet and shares some of his private information in the net. Security is one of the major concern that every individual has to think about before going in the internet.

I will talk about Application Security or Network Security in some other articles. Here I am focusing on the individual user’s security. Most probably the user should be aware of some kind of Computer Frauds, Internet Blackmailing, Sexual Abuses and Identity Theft.

Here I am providing some tips for your and your family’s safety if you are going over the internet:

1. Never gice out your personal information unless it is for verified source (Such as your full name, phone number, address, email address, school name to people you meet on-line)

2. Be very careful about what you say and post (About yourself (or your friends) in chat rooms or other public places like social networking sites. Once it is out there, it is public and you cannot take it back)

3. Meeting someone you only met can be dangerous (Never agree to meet anyone in person, alone. Only do so with your parent’s permission, meet in a public place and bring one of them or a trusted adult with you.)

Remember, that online people often lie about who they are. Angel14 could be a Man aged 45.

4. Never respond to nasty, suggestive (sexual solicitations) or rude emails or postings.

5. Be a good online citizen and treat others as you would like to be treated yourself.

6. Never give your internet password to anyone, not even to your best friend. Also, learn about creating complex password and password security.

7. Learn more about new types of threats to Internet Users (such as Scams, Phishing etc  ) and about problems with technological advances.

8. Never accept emails, Internet message( like on Yahoo messenger), or open files, pictures or texts from people you don’t know.

Have you ever heard this statement?

“Every cracker is a hacker but every hacker is not a cracker!!”

Well, if you are a computer enthusiast, then probably yes. One of my friends asked me about this statement and I thought I have satisfied him with my answer. I think, this phrase defines the difference between hacker and a cracker and is useful to share here.

Today, most of the writers and people define the term Hacker and Cracker synonymously. However, we are separating both the terms over here. So, let’s first define what a hacker is?

The RFC 1392: Internet Users’ Glossary defines “hacker” as:

“Hacker is a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where “cracker” would be the correct term.”

Some other definition defines the term hacker as:

“A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.”

So, this means a hacker is a nice guy which penetrates the security flaws for the world’s goodness. Let’s see what a Cracker means than,

A security cracker is someone whose purpose is to circumvent or break security measures. Some security crackers end up using their powers for good, providing penetration testing services or otherwise making efforts on the side of the angels. Many others use their powers for evil, however, as we are all too painfully aware.

Often there are misconceptions about Hacker as it is identical with a computer expert who was evil and damaging people’s computer systems or institutions, but this opinion was not true. Often Hackers are also known as White Hats and Crackers as Black Hats. Today, most of the people term Hackers as Ethical Hackers and Crackers as Hackers.

Hacker is a term for those who provide a useful contribution to the computer network, make a small program and share it with people on the Internet. Those, who have the satisfaction of breaking through computer and communication system, true hackers call these people ‘crackers’ and do not like to hang out with them. True hackers regard crackers as lazy people, not responsible, and not too savvy. Real hackers do not agree to say that the person through the security has become a hacker.

True hackers will always act based on the code of ethics and rules of the game whereas a cracker does not poses any code of ethics. According to the level of experience and skills, the Hacker’s Communities often categorize hackers as: Elite, Semi Elite, Kiddies and Lamer.

Cracker is a term for those who go into other people’s systems and do some destructive works, usually on a computer network, bypasses passwords or licenses a computer program, knowingly against computer security, deface the web home page belonged to someone else, even up to delete the data of others, stealing data and generally do the cracking to his own advantage, malice, or for other reasons as there are challenges.

So, regarding the phrase that we have read in the start of this post, a true hacker is someone who bears knowledge about finding security flaws in the computer and a cracker is someone who also has skills on finding security flaws as well as providing destructive characteristics that is not the case with real hackers. This justifies the statement given above.

Redirect Registration for Joomla

This is a simple plugin, that is created to redirect the users of a Joomla site from default registration page to Jomsocial registration page. To be able to work perfectly, the plugin needs prior installation of Jomsocial in your Joomla site. This plugin only works with Joomla version 1.6/1.7 with Jomsocial installed. This plugin will be helpful if you want to register users only from a single registration page using Jomsocial. Otherwise, there will be two different registration pages in your Joomla site.

Click on the link below to download the plugin:

Download Registration Redirect Plugin for Joomla 1.6/1.7/2.5

Updates in V1.1
+++++++++++++++++++++

1. Add Jomsocial Itemid
   Itemid preserves the module positions, templates, access control (acl), sef URL etc. If you have created the menu link for Jomsocial, then you will get an Itemid. Add it here. Leave blank if you don’t have it. Add numeric value only. This only works if SEF links are enabled.
   If you want to know more about Itemids in Joomla, here is a good post. Check this also.
   You can add Itemid from the plugin  parameters on plugin page. If you don’t want to add Itemid, then leave the field blank.
2. Redirect Joomla Login link to Jomsocial Login Page
   The Joomla has a default login page (except the module). If you want to redirect the default Joomla login to Jomsocial login page, then you can enable this feature from the plugin parameters. This feature is turned off by default.

There are other plugins to do this job for Joomla 1.5, however there are not for Joomla 1.6/1.7. So I created this plugin. If you find this plugin helpful, then please leave some good review on JED. Thanks.

Enabling Nepali Unicode Romanized Layout in Ubuntu is very easy. In-fact, there is no need to install any Unicode drivers as needed in Windows Computers. Nepali Unicode drivers already come bundled with Ubuntu. We just need to enable it in Ubuntu.

To enable Nepali Unicode, just follow the steps described below:

How to enable Nepali Unicode in Ubuntu – Unity

To enable Nepali Unicode in Ubuntu Unity Desktop Interface, simply click on Dash Home at the launcher and type System Settings and press Enter. Alternatively you can also select System Setting icon from the launcher at right side of the window.

System Settings in Ubuntu

The System Settings window will open as shown in figure above. From there, select Keyboard Layout option. Initially, you will see only English Language there.

Click on the ‘+’ button at the bottom of the window and select Nepali, then click Add button. After adding Nepali Language Keyboard Layout, you will see the Keyboard Layout icon automatically pop up in the top bar from where you can change between English and Nepali Keyboard Layouts.

Select Nepali in Keyboard Layout

How to enable Nepali Unicode in Ubuntu – Gnome

Enabling Nepali Unicode in Ubuntu Gnome interface is similar however there are slight differences when you go to System Settings -> Keyboard Layout window. There you will see three tabs. Now click on the Layouts Tab and add the Nepali Keyboard Layout by clicking on ‘+’ button at the bottom. The process is similar as described above.

Adding Keyboard Layout in GNome

Adding shortcut for Layout Switching between English and Nepali
You can also set the shortcut keys to change the layout from keyboard. To do this, in the Keyboard Layout window, click on Options button. Go to the Key(s) to Change Layout option and select appropriate key combination such as ‘Alt+Shift’.

Keyboard Layout Options

That’s it. You are done. Now, you can easily type in Nepali Unicode in Ubuntu and switch between languages by using keyboard keys.

Often we come to conditions where we do not want to display modules or content in the front page. One example of this is, we do not display breadcrumb (pathway) in the front page of a Joomla website. So, lets see how we can achieve this:

Please note that the simplest way to hide modules from front page is to click on the required module from Joomla administration and under menu assignment, you can select all other menu items except home menu. This will display the module on all pages except front page. However, this method does not work for some of our specific requirements. Also, to hide content from front page, you need to follow the method described below.

To hide content or modules from front page, we need to modify index.php file of the default template. So, open index.php file of your default template, which is inside templates/[default template folder]/.

How to hide content from front page?

To hide content from front page, you need to add following code where you display content in your template:

<?php
$menu = &JSite::getMenu();
if ($menu->getActive() != $menu->getDefault()) {
?>
    <jdoc:include type="component" />
<?php } ?>

How to hide module from front page?

To hide module from front page, you need to add the module position in the place of component, such as:

<?php
$menu = &JSite::getMenu();
if ($menu->getActive() != $menu->getDefault()) {
?>
    if($this->countModules('breadcrumb')) : ?>
                <div id="breadcrumb">
                    <jdoc:include type="modules" name="breadcrumb" />
                </div>
                <?php endif; 

} ?>

Here, the module position breadcrumb is displayed in other pages except front page. We have also checked if there is any module published in the breadcrumb position or not.

Hiding modules for specific pages in a component displayed in front page

Sometimes the above described methods may not be sufficient to achieve what we wanted. One of the cases that I have faced is when I was developing a directory site in Joomla. I have used SOBI2 extensions and in the front page, the SOBI2 categories were displayed. And the requirement is, do not display the breadcrumb in the front page (the category page) while in other pages (sub-category pages, item details page etc.) of SOBI2 we need it. Now, non of the methods described above worked for me, because the Itemid that the menu takes is same for all pages as it was for the home page.

So, I slightly modified the above if condition for not just checking the default menu item as well as the URL return value by get method. The example is as:

Before reading this article, you must have knowledge about Joomla extensions development. If you don’t know how to develop joomla extensions, then I suggest to read Developing Component in Joomla first.

If you have created a user input form in your Joomla component, such as Comment Form or Picture Upload Form, then you must be aware that processing the user input without properly validating it may make the application vulnerable to XSS attacks. Most of the extensions that doesnot properly validate their inputs against XSS vulnerability are prone to attacks from attackers.

So, What is an XSS attack?

Cross Site Scripting (XSS) is a common website vulnerability, that can be exploited if proper input sanitation is not used in custom Web Applications.

XSS is one of the most common website attack, in which attackers inject client-side scripts into a web page mostly from input forms, which displays odd behavior when viewed by other users. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.

Search google for more information on XSS attack.

Let’s see how you can provide safeguards to your extension against XSS attacks in Joomla.

Validating Form Inputs in Joomla

Joomla has its inbuilt validate module for validating Form inputs. You just need to call that module in your model before saving the input data. In your Joomla component, the controller calls the store function in the required model for saving data. In the controller, you should have the something like this:

/**
     * Method to save a record.
     *
     * @param    string    $key    The name of the primary key of the URL variable.
     * @param    string    $urlVar    The name of the URL variable if different from the primary key (sometimes required to avoid router collisions).
     *
     * @return    Boolean    True if successful, false otherwise.
     * @since    1.6
     */

public function save()
{
        JRequest::checkToken() or die( 'Invalid Token' );

        $model = $this->getModel('[ModelName]');     //[ModelName]: Use your model name

        if ($model->store())
        {
            $msg = JText :: _('COM_XXX_DATA_SAVED_SUCCESS');
        }
        else
        {
            $msg = JText :: _('COM_XXX_DATA_SAVED_ERROR');
        }

        $link = 'index.php?option=com_xxx&view=[ViewName]';    //[ViewName]: Use viewname to display after saving data
        $this->setRedirect($link, $msg);
}

This controller function passes control to the model where actual store of input data takes place and returns true if everything is fine. Now, in the model you should have following code to store the data:

/**
     *
     * Store the Data
     *
     */

    function store()
    {
	// Check the request token.
	JRequest::checkToken('post') or jexit(JText::_('JINVALID_TOKEN'));

	// Initialise variables.
	$app	= JFactory::getApplication();
        $row    = & $this->getTable('[TableName]');  //[TableName]: Use your table class here

        // Get the user data.
	$requestData = JRequest::getVar('jform', array(), 'post', 'array');

	if (!$row->bind($data))
	{
	    $this->setError($this->_db->getErrorMsg());
	    return false;
	}

	if (!$row->store())
	{
	    $this->setError($this->_db->getErrorMsg());
	    return false;
	}

	return true;
}

This function gets data from the input form, binds it to the table row and if everything is fine, stores it to the database. However, you are storing the information without properly validating it. Hence, any html or javascript tags inside the input box will be accepted and stored in the database.

To validate against XSS you need to add validation module in the store function of module. Now, the function looks like:

/**
 *
 * Store the Data
 *
 */

function store()
{
	// Check the request token.
	JRequest::checkToken('post') or jexit(JText::_('JINVALID_TOKEN'));

	// Initialise variables.
	$app	= JFactory::getApplication();
        $row    = & $this->getTable('[TableName]');  //[TableName]: Use your table class here

        // Get the user data.
	$requestData = JRequest::getVar('jform', array(), 'post', 'array');

	// Validate the posted data.
	$form	= $this->getForm();

	if (!$form) {
		JError::raiseError(500, $model->getError());
		return false;
	}

	$data	= $this->validate($form, $requestData);

	// Check for validation errors.
	if ($data === false) {
		// Get the validation messages.
		$errors	= $this->getErrors();

		// Push up to three validation messages out to the user.
		for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
			if (JError::isError($errors[$i])) {
				$app->enqueueMessage($errors[$i]->getMessage(), 'warning');
			} else {
				$app->enqueueMessage($errors[$i], 'warning');
			}
		}

		// Save the data in the session.
		$app->setUserState('com_xxx.[ViewName].data', $data);   //[ViewName]: Enter view name here

		// Redirect back to the input form
		$this->setRedirect(JRoute::_('index.php?option=com_xxx&view=[ViewName]', false));  //[ViewName]: Use viewname to display after saving data
		return false;
	}

	if (!$row->bind($data))
	{
	    $this->setError($this->_db->getErrorMsg());
	    return false;
	}

	if (!$row->store())
	{
	    $this->setError($this->_db->getErrorMsg());
	    return false;
	}

	return true;
}

Here, from line number 19 to 27, we have get the input form and validate the data by calling Joomla’s validate module. From line 30 to 49, we have checked for any errors. This function also checks for other validation errors such as required field data. If the error occurs then the user is redirected to the input form with pre-entered data stored in session variable. If everything is ok, then only the data is saved in the database.

The validate method is pretty much useful for securing Joomla component from XSS vulnerability in input data and other input data validation in Joomla. For other type of security requirements in Joomla, you need to look at Securing Joomla Extensions and Security link. Also search Google for more information.

Recently I have been searching for sites related to Nepal for several categories. I came to know a website (http://directory.mynepal.com.np) contains most of the listing categorized nicely. The online website directory contains listing of websites related to Nepal Government, Bank and Financial Institutions, Domestic and International Airlines operating in Nepal, Educational Institutions and many more.

While googling for the listings contained in the websites, I found that for most of the listings the site is listed in the first page of google. After this, I must say that the SEO ranking of the site is very good. I am curious about how the website has been developed and what tools are used to develop such a website, that lists contents in the first page of google. After a bit of excercise, I knew that the site is developed in Joomla with SOBI2 extension.

It was good to know that such sites are available in Nepal and I am also looking to develop one like My Nepal Directory.

Nepali Calendar Module for Joomla 1.6

Nepali Calendar Module is a Bikram Sambat based Calendar for Joomla 1.6.x. This module is the upgraded version of Nepali Calendar for Joomla 1.5.x, which I have developed a year before (Nepali Calendar for Joomla 1.5.x can be found here »).

I have upgraded this module to support Joomla 1.6.x with slight modification and limited support for Nepali Language.

You can simply install this module in your Joomla 1.6.x site and display in any Module Position. The installation and configuration is quite similar to the module for Joomla 1.5.x. Click here » to view the documentation. You can download the module by clicking on the download link below:

Download Nepali Calendar Module for Joomla 1.6.x »

If you find any problem or have any suggestion, please feel free to contact me at info@lbsaud.com.np.

If you are a PHP based web developer, you need all the software running and configured properly. Here I am talking about installing them One by One in your Ubuntu Desktop. We are installing all the applications from terminal.

How to Open Terminal:
So, to fire up the terminal follow any of these steps:

1. If you are running Unity Desktop, click on the Ubuntu Logo at top left corner and type Terminal in the search application bar. Then click on the terminal icon.
2. If you are running GNome Desktop, click on Applications->Accessories->Terminal
3. For shortcut, you can also press Ctrl+Alt+T at once, to open the terminal.

How to install Apache:

1. Make sure you have the internet connection. To install apache execute the following command in the terminal:

sudo apt-get install apache2

It takes some time to download and install apache. After the setup completes, type http://localhost/ in your browser window to make sure apache is installed and running properly. If you see the page with It Works!, the setup of apache2 completes successfully.

How to Install PHP:

1. To install PHP 5, type following commands in the terminal one by one:

sudo apt-get install php5
sudo apt-get install libapache2-mod-php5

The first line installs PHP5 in the computer. The second one provides the PHP5 module for the Apache 2 webserver. If second one is not installed, then Apache cannot parse PHP codes in a web page.

2. After installing PHP5 and PHP module for apache, restart the apache with following code:

sudo /etc/init.d/apache2 restart

3. While restarting the apache server, if you see a warning as “Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName”, then you can fix this by creating a file with the Server name. To do this type the following command in the terminal:

sudo gedit /etc/apache2/conf.d/fqdn

When the text editor opens, type “ServerName localhost” inside the file and click Save. Then close it. Now restart again with the above code and you will see that the warning message has gone.

4. Now, we have successfully installed php and apache web server. However, still we don’t know if PHP is successfully installed. To check this, create a file inside /var/www/ folder named test.php as:

sudo gedit /var/www/test.php

and write following code in it

<?php   phpinfo();  ?>

Save the file and type this in browser: http://localhost/test.php

If you see the various information about PHP and installed modules there, then we can confirm that Apache is parsing PHP codes. Hence the installation is successful up to this point.

How to Install MySQL:

1. To install MySQL Server in ubuntu, type following code in terminal window:

sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql

This will install latest mysql server and other necessary PHP modules for recognizing mysql functions from PHP code. While installing MySQL server, you may require to enter the password for MySQL root user.

How to Install PHPMyAdmin:

1. To Install PHPMyAdmin, type the following codes in the terminal:

sudo apt-get install phpmyadmin

While installing PHPMyAdmin, you may require to select the web server. In such case, tick the Apache2 Server and proceed with the installation. You may also require to input MySQL root user password during installation.

Once the installation completes, type this in your browser window to confirm the successful installation of PHPMyAdmin: http://localhost/phpmyadmin/index.php.

Now, you are finished. Your environment is setup and you can enjoy using all these applications. Next, you can install other applications that may be necessary such as Eclipse, GIMP etc.

Ubuntu Unity Interface

A few days ago, Ubuntu team has released Ubuntu 11.04 code named Nattry Narwhal. This release of Ubuntu has featured a newer desktop shell environment named Unity which was previously used for Ubuntu 10.10 Netbook Edition. The unity desktop environment looks a bit odd and painful at first to the users, however after spending a couple of hours with unity, it becomes very usual to work.

At my first thought about Unity, I found myself into a totally new world. By this time, I feel a bit anger about the Ubuntu team for using such a different environment than that of traditional GNOME based environment. However, after spending a couple of hours I felt like with the introduction of Unity in ubuntu, the Linux based desktop operating system has given a new and improved user interface to the world. Which, definitely will change the traditional type of environment and provide a fresh look to the users. Here are some of the changes introduced with the introduction of Unity:

Improvised Launcher

The Unity launcher is far more different that the traditional windows type or gnome based launcher. It looks like a fancy dock that resides in the left part of the screen. Programs can be pinned or unpinned to the launcher. The launcher auto hides when you maximize the applications. To recover the launcher, just poke the left hand bar of your screen with the mouse.

OS X like Panel

With the introduction of Unity, ubuntu has moved to a bit near to Apple’s OS X. The global panel acts as a menu bar for applications and if no applications are open, then its just a panel with basic menus.

At first, this part is a bit more confusing for the users. The menu items for applications are only visible when you put cursor over the panel. However, introduction of such panel, adds extra space for the main application by removing the extra space occupied by menu bars in previous versions.

The Dash

The top left corner of the screen consists of a Ubuntu icon, which on clicking opens the dash. This is one of the biggest improvement I have found on Unity. You can find any of your application just by typing the first some letters of application and when listed, you can simply open it by pressing tab key for selection and then enter key.

Other Changes

Besides these major changes in the Unity interface, there are several other changes such as Drag and Drop Support for applications. Improved look and feel of icons, Introduction of new applications and Improved accessibility to the programs and files.