Problems with ReCaptcha display

ReCaptchaWe have been seeing a strange problem on our site where the ‘ReCaptcha’ challenge was not always being displayed when it should have been. Most notably this is/was seen on the site registration page, but was not just restricted to that page. A complete page refresh often resolves the problem and shows the Captcha block.

We today saw that a change is proposed for the next Joomla update. It is mentioned in this post from OSTraining, which in turn refers to the fix itself which is extracted from this joomla.org doc.

The basic problem seems to be that Google changed the URL’s of the Recaptcha API location, which doesn’t completely explain what we are/were seeing, but implementing the fix cannot do any harm and may even resolve the problem.

We will watch it for a while and see whether it completely solves the problem, but recommend it is implemented on your sites if you are experiencing ReCaptcha problems.  It does require FTP or SSH/Telnet access to change the plugin code.

Update 29/11/2013: Doesn't solve the display problem, so still investigating.

1112 Hits
0 Comments

Implementing Online Storage - DropBox

b2ap3 icon dropboxWe have been investigating the use of ‘Cloud services’ in particular for backup and synchronising devices and discovered just how easy it was to use.   One attraction is that there is a ‘free’ no cost option, and there appears to be a wide variety of providers.  We have used Amazon Cloud Drive, Google Drive and also Microsoft’s SkyDrive but they didn’t easily integrate into all of our environments and we wanted to automate the use of the service.

Before we jump straight in, one often asked question is what is online storage?  The answer is of course, that online storage, or "cloud" services as they're also known, it that it is ‘storage space’ help somewhere in the ‘internet cloud’ that appears (often) as a virtual hard drive that's shown on your desktop and linked directly via the internet to the suppliers online space.  Exactly where it is stored is not really important, just that it is accessible.

They are easy to use, as one just opens the folder on the desktop and copies or pastes a file (or files) whether they be documents, music files, photos etc., and the files get synchronised across to the ‘online’ space.  If one has multiple devices (or machines) then each device, with the ‘providers’ software installed can see and access to files.

It is also possible to ‘share’ the files with other users as well,  once they've installed the same service.

Security

Data security is the number one concern since one is relying on the service to keep your files and documents secure.  If your account is hacked, your files are immediately available. However, there are several things you can do to prevent this:

  • Frequently change your passwords and don't use the same passwords as your email accounts. As a lot of these services require you to use your email address as your ID, it makes it easier for the bad guys to crack your password.
  • Use some encryption upon the files which is encoded with a password for sensitive files stored on the ‘online service.

And of course the ‘old’ standards still apply:

  • Install (free?) antivirus software and malware software, and keep it up-to-date.
  • Avoid opening any links or attachments that could be potential security risks.
  • Beware of phishing emails and any messages from unknown senders that request your bank details.

Note: Other ‘online storage’ users usually can't see your private files unless one deliberately invites them or places the files in the "public" (or shared) folder.  As expected everything in your public folder is, by definition, accessible to anyone.

As we said at the beginning we wanted to specifically concentrate on the ‘offsite’ storing of ‘backups’, in particular our web server.  Fortunately we make use of Akeeba Backup Pro, which allows easy integration into a number of providers.  We chose to look specifically at DropBox which since its launch in 2008 has become well know with techies, and has become one of the biggest names in online storage. It is also available upon a number of devices and has a simple, user-friendly interface. It can be downloaded on to PCs, Macs, iPads, iPhones, BlackBerrys and Android devices.  It also has an online version of the service, which you can use on any PC where Dropbox is not installed - just log in online.  IT is this flexibility that particularly appeals.

It initially comes with 2GB of space, but this can be boosted by introducing ‘new’ friends to Dropbox.  With every new referral, you'll both gain an extra 500MB, up to a maximum of 18GB. If more is still required a monthly subscription can be added to the account.  This was more than suitable for our requirements so we read the documentation on the Akeeba site and proceeded to set up Akeeba Backup to create a backup and ran a test.  It worked perfectly, so much so that we thought we had made a mistake, but the site backup was in the Dropbox account. The automation was then set up using a cron ‘daemon’ on our web site and left to see how it performed overnight.  Checking the following day showed the backups were working well.

Next we looked at the synchronisation process between devices.  The only snag we found was that some of our devices were a ‘little long in the tooth’ and the Dropbox software required ‘up to date’ operating system versions, which were of course not available for  some of the hardware.  Apart from that the processes work well, with only the expected delays caused by the network performance.

The next thing we looked at was synchronising with our NAS, (again another device, albeit one with certain characteristics). Again installing the software package upon the NAS went smoothly just as explained in the NAS documentation., and it then automatically created a folder on the NAS and saved all the files onto the NAS from Dropbox.

So we achieved what we set out to do.  Automatically created a web site backup (via cron), and transferred it to the ‘cloud Dropbox service’. Then on our NAS box it automatically synchronised the Dropbox backup files to out local NAS storage. Job done.

All in all it was as ‘easy as pie’ and we recommend it.  In fact we wonder why we didn’t do it before, it just ‘worked’!

It is easy to see how beneficial this service could be to someone at or going to University who wanted to preserve their work in the unlikely event  of an accident or possible theft of their personal computer.

Download it now: Dropbox

1067 Hits
0 Comments

Chinese Domain Name Scam

We received the following email yesterday and were immediately suspicious and did a search on the Web to see what we could find.  We immediately hit upon this blog article which matched what we had received.  Reading the blog post we could see that although our email had a nice looking logo and a slightly different registry name it was the same thing just dressed up a little differently.  The General manager has also got a new first name, perhaps he is the brother of the previous incumbents?

Looking a little further we wonder why an Office Supplies company would want to give IT consultancy services?

For those interested the blog article, describes it very well and we will not repeat it here.  Suffice to say, I also do not consider it worth while going into what I will be doing with the emails.

Just another example of the types of scams that we see so often these days!

=== Email follows ===========

(Please forward this to your CEO, because this is urgent. Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China. On Nov 26, 2013, we received an application from Huamai Ltd requested "macrotoneconsulting" as their internet keyword and China (CN) domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it's necessary to send email to you and confirm whether this company is your distributor or business partner in China?

Kind regards
Scott Zhang

***************************************************

Scott Zhang
General Manager 
Shanghai Office (Headquarters)
Tel: +86-21-6191-8696
Mobile: +86-182-2195-1605
Fax: +86-21-6191-8697

 cnregistry

============ End of Email =============

Tags:
1032 Hits
0 Comments

Design Criteria for processing emailed issues

We have been busy with a forthcoming feature for our Issue Tracker, which is the ability to receive emails with details of new issues or emails containing updates to previously raised issues.

After much thought and consideration the following design criteria are  deemed necessary in the email issues functionality. They are included in no specific order of
priority.

Continue reading
1482 Hits
0 Comments

Problems getting a front end wget/curl cron working.

joomlaIn completing the testing of our ‘cron’ addition to a Joomla component we experienced a small problem, which is worthy of noting especially as we have not seen any mention of the problem anywhere else on the web.

The problem manifested itself as the apparent ‘inactivity’ when a front end web page was accessed via wget, curl or lynx.  This was very puzzling since accessing via the usual web browser appeared to be working.  After much testing we discovered that wget, curl etc. were indeed accessing the page but the underlying actions that the page was intended to run were not occurring.

To cut a long story short, we discovered that the pages were being served up by the ‘page cache’.  In the normal course of events this is what one wants to occur, however with a ‘cron’ page we want the underlying actions to occur.  It was necessary to disable the caching of the specific accessed page and this completely resolved the problem.

What was interesting was that this specific problem was not mentioned on any sites on the web, despite extensive searches. Either everyone else is aware of the problem, possible but unlikely, or equally unlikely no-one else uses page caching.

As part of our investigations we also tried out a well known ‘free cron’ service.  This didn’t help us resolve our problem, but did make us aware of possible ‘redirections’ that may be caused by the use of ‘SEF’ components on a web site. It was necessary to specify the ‘redirection URL’ rather than the ‘original URL’ to the service. Not a specific problem but one of those things to be aware of. 

3351 Hits
0 Comments

Problems installing a Joomla component

joomlaWe met a very strange problem when we had to re-install a third party Joomla component.  We will not go into the details of why we had to do a fresh re-install, sufficient to say it was to try and fix an ‘opportunity for improvement’.  We couldn’t uninstall using the standard Joomla mechanism because we wanted to retain all the underlying database tables used by the component so did a manual uninstall instead.

The component was quite large but we extracted all the files and placed them in the tmp directory, so it was easy to reinstall until we determined the cause of the problem.  [We encountered a few MySQL Error 2006 – DB Server has gone away’ messages, but apart from being annoying were not really causing a problem.]

The component ‘spun’ its icon and then presented us with the following messages:

"Component Install: DB function reports no errors"
"Error installing component"

In addition an entry was make in the #__extensions table but no files are ever installed.  It is impossible to remove it via the Joomla ‘Manage’ feature and all one can do is remove the entries from the table via phpadmin (or similar).

Attempts to re-install again, are repeatable and every time a new entry was inserted into #__extensions.  If one tried several times, several rows were created.

Then we found this problem report, which had all the symptoms we were seeing.  It was raised against Joomla 1.6 but was still very useful. The clue was the mention of the #__assets table and sure enough we found a single line entry in the #__assets table which we could then remove and the next attempt to reinstall worked perfectly.

887 Hits
0 Comments

Running scheduled (cron) tasks with Joomla

joomlaWe have recently developed a feature with one of our components to make use of a scheduled task to perform a repetitive action, which avoids the need for us to enter the site and manually click upon various icon(s) which in turn cause the required action(s) to occur. Such a requirement is reasonably common and includes things such as sending scheduled emails etc. We were expecting it to be difficult to implement but as it turned out was pleasantly easy to achieve.

Upon UNIX based systems ‘Cron’ is a daemon that provides a time-based job scheduler that runs in the  background on UNIX systems that executes commands at specified intervals. These commands are called "cron jobs."  Windows servers use a Scheduled Task to  execute commands. Typically a task requiring repetitive actions  to be carried out on a regular (pre-determined) basis would be ideal candidates for using ‘cron’.

There are basically a few methods that can be used to provide a  scheduled task within Joomla. The preferred method will depend upon the specific web hosting supplier and the facilities they supply. [For our implementation it was necessary to supply both mechanisms, since some of our users’ systems may not have one or the other.]

Continue reading
2718 Hits
0 Comments

reCAPTCHA updated by Google

We have noticed recently that on some sites, that Google’s reCAPTCHA have included a number of numeric challenges instead of characters. We didn’t take much interest at the time but mentally noted it.

Google has today rolled out an updated version of its reCAPTCHA system.  We first saw the details herereCAPTCHA is a user-dialogue system originally developed by Luis von Ahn, Ben Maurer, Colin McMillen, David Abraham and Manuel Blum at Carnegie Mellon University's main Pittsburgh campus, and acquired by Google in September 2009. CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”, and as its name implies, it is a quick test used in computing to determine whether or not the user is human, and one has probably seen it many times on different sites, and we even use it upon our own, however we still seem to be displaying character strings.

http://techglam.com/wp-content/uploads/2013/10/reCAPTCHA.jpg

Generally reCAPTCHA  presents two words (and the term words is used loosely): one which it knows (used to test whether you are human), and one which it doesn’t (used to help digitize the text in books). Since humans find numeric CAPTCHAs (pictured above) significantly easier to solve than those containing arbitrary text, Google will be showing you more and more numbers, which explains our observations. So we can expect to see it more often.

1203 Hits
0 Comments

Using an IDE for Joomla development

phpstormWe have never really taken to using an Integrated Development Environment tool (IDE) for product development.  This is nothing against IDE’s per se, just that over the years we have used a lot of tools, some good, some bad, and have found that just when one starts getting productive with them, they suddenly stop being supported.  We could name (but won’t) numerous tools that fall into that category.  A lot end up being taken over by a certain well known ‘computer software vendor’ who then milks them for the support fees, but never develops them, before finally dropping them. This then leave one ‘high and dry’ and forced to change to another tools.

Continue reading
Recent Comments
Geoffrey Chapman
Looks reasonable, with a free and a (paid for) professional version. Support for Joomla framework also claimed (but not tested by ... Read More
Saturday, 16 November 2013 10:26
1913 Hits
5 Comments

Changing Joomla MySQL database connection details

mysqlWe recently had cause to have to modify the connection details that a Test Joomla setup was using to connect to the underlying database.  The reason was that we wanted to test out a component installation where some specific database privileges had not been granted.

In out case we were interested in the database privileges ‘CREATE VIEW’, ‘CREATE ROUTINE’ and ‘TRIGGER’. Since our component would make use of database triggers, procedures and views we needed to test out an installation on a system where such grants were not present.

Our systems had the required privileges granted and we knew that editing the ‘configuration.php’ file in the existing Joomla installation should enable us to achieve this easily, but despite our attempts this wouldn’t work and instead gave us an error: ‘Database connection error (3): Could not connect to database ‘.

We played with the username and password settings in the ‘configuration.php’ file without any success it just wouldn’t connect and we knew that we had another database set up with the same username and password.

Then we remembered that we had only granted permissions for this ‘restricted’ database account to a specific database.  All we had to do was ensure that the correct grants were made for our 'second database’.

   1:  CREATE USER 'test'@'localhost' IDENTIFIED BY 'password';           -- Not required if the user already exists.
   2:  GRANT SELECT, INSERT, UPDATE, DELETE ON DBX.* TO 'test'@'localhost';
   3:  CREATE USER 'test'@'%' IDENTIFIED BY 'password';                    -- Not required if the user already exists.
   4:  GRANT SELECT, INSERT, UPDATE, DELETE ON DBX.* TO 'test'@'%';
   5:   
   6:  GRANT LOCK TABLES, CREATE TEMPORARY TABLES, CREATE, DROP, INDEX, ALTER ON DBX.* TO 'test'@'localhost';
   7:  GRANT LOCK TABLES, CREATE TEMPORARY TABLES, CREATE, DROP, INDEX, ALTER ON DBX.* TO 'test'@'%';

 

Where test is the name of your connection user, password is whatever your desired password is, and DBX is the name of your MySQL database.  Obviously if your database is not on your localhost you need to modify it for the appropriate host name or IP address, which ever is most apt.

Once we had done this it all worked perfectly and our testing could commence.

1070 Hits
0 Comments
Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.