BuyHTTP Corporate Blog

There is a fairly major security issue with Expose, and a fix is available. This issue affects all versions. First, you want to make sure to upgrade to the latest release (4.6.1) and apply the patch available at http://joomlacode.org/gf/project/expose/frs/.

We have had a number of requests recently asking about various page caching components. It’s always nice to be able to squeeze that extra bit of performance out of your site. We decided to test out the page cache component from Ircmaxell as it seemed to have the most promise.

We first installed it on MamboDemo and noticed page loading times decrease between 90%-98%. We’re using about half of the server resources today that we were using yesterday. That’s a pretty impressive decrease.

The we decided to see what it would do on a high traffic site and popped it on MamboHUT. We got the same 90%+ decrease in page loading times. The impact on server load wasn’t as great, but that’s because we’re running phpAdsNew on MamboHUT as well and that is the cause of almost all of the load it creates.

We didn’t notice any bugs on either site and installation was a breeze. We highly recommend this component for use on our servers.

WordPress has released updates to both the 2.1 and 2.0 branches. These releases fix XSS and XML-RPC errors and are highly recommended.

If you upgraded to WordPress 2.1.1 you need to upgrade immediately to 2.1.2.

From the WordPress notification:

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

You can download WordPress here.

We have created a new Firefox toolbar to help you navigate BuyHTTP and our system. The toolbar features one-click access to the Account Manager, Affiliate system and more. Click the button to install the toolbar.

WordPress has also released version 2.1. There are over 500 bugfixes available, so it is highly recommended to upgrade. You can download the release here.

We at BuyHTTP would like to wish everyone a happy 2007 and start the year with a new tip for your Joomla or Mambo site.

When uninstalling components it’s not at all unusual for them to leave their database tables behind. Many do this to help with upgrading, making it a simple uninstall/reinstall situation. But if you are completely uninstalling a component, make sure to check the database using phpMyAdmin as see if the tables have been removed as well.

Have to thank friesengeist of the Joomla core team for this very nice tip for your Joomla or Mambo site.

There has been a lot of discussion lately on further securing your Joomla or Mambo installations and what can be done. We do everything possible at the server level but there are a few things that can done in your individual site to help ensure a hackless Joomla or Mambo existence.

This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.

Read more »

In the world of dynamic sites there is often a lot of worry about duplicate content penalties since so many different URLs can point to the same exact page. We have good news to help quell those worries.

At the recent SES (Search Engine Strategies) in Chicago, Vanessa Fox of Google stated in an interview with WebProNews that there really are no duplicate content penalties for pages within your site. She even went as far as to specifically address dynamic sites and their content.

It is an extremely informative interview and great insight into some Google processes. She also goes over Google Sitemaps and how they can help your site get spidered faster.

To view the interview in it’s entirety visit  http://videos.webpronews.com/2006/12/06/vanessa-fox-clarifies-the-role-of-google-sitemaps/

Search engines like Google see http://yoursite.com and http://www.yoursite.com as two completely different sites and that can lead to duplicate content penalties and lower rankings. What can be done to correct this issue? Amazingly it is just a few lines of code in your .htaccess file.

On BuyHTTP.com we use the following code:

RewriteEngine On
## SEO REWRITE
RewriteCond %{HTTP_HOST} !^www\.buyhttp\.com
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) http://www.buyhttp.com/$1 [R=301,L]

Let’s go through that line-by-line to examine what’s happening.

RewriteCond %{HTTP_HOST} !^www\.buyhttp\.com

This line says if the host URL doesn’t start with www.buyhttp.com execute the following code. It is important to have the \ before each .

RewriteCond %{SERVER_PORT} !^443$

This line says if the request isn’t made on port 443 (used for SSL or https://) execute the following code

RewriteRule (.*) http://www.buyhttp.com/$1 [R=301,L]

This is the meat of the rule. It tells the server to take all of the URL after the .com/ and put it after http://www.buyhttp.com and do it as a 301 (permanently moved) redirect.

The overall rules state that if a request comes in without the www. and it’s not over a secure connection rewrite it to contain the www.

If you are adding this to an existing .htaccess file for a system like Mambo or Joomla with SEF URLs the placement is very important. It must be after RewriteEngine On in your existing file and before the core SEF rewrite rules. You will also want to make sure you only have one instance of RewriteEngine On in the file.

Taking a few minutes to implement these few lines of code will not only help with your search engine rankings but will also result in uniform URLs throughout your site.