Securely updating Simpleboard to Joomlaboard
Because of the recent published vulnerability of the popluar Forum component for the CMS Joomla, it's long overdue to update to the newer version Joomlaboard. If you notice a high number of hits on the files file_upload.php or image_upload.php, you should take Simpleboard offline immediately, because some bots are trying to exploit the vulnerability.
But what to do with all the links to "http://www.example.com/index.php?option=com_simpleboard&...", both from external sources or internal from your board? To solve that issue, I created a little forwarder script, which passes only the allowed functions to Joomlaboard.
Below is a little Howto for upgrading, because I ran across some small problems when updating from Simpleboard 1.1 to the current Joomlaboard 1.1.2. Also, by now this has been updated to produce SEF-compatible links, get around a restricted ItemID and produce a correct 301 header. Thanks to Michael Miller extending the script with all this!
Upgrade Procedure
- Proceed as described in the Howto from the TSMF-Homepage, but don't uninstall Simpleboard!
- E.g. by FTP, delete everything in the com_simpleboard directory, except at least the uploaded-Folder. Old posts are still linking to the images and file attachments there! But be sure that all .php files are deleted, and the vulnerabilities with them.
- Create a hidden menu using the menu manager (This is done by creating a menu called hiddenMenu and setting the menu to a module position that won't get displayed in your template's index.php (eg user9))
- Move your old simpleboard menu link to the hiddenMenu.
- Upload the file simpleboard.php in the provided zip-file into the directory from 2.). That file will redirect only a few allowed functions (view posts and categories, list categories, rss) to the new Joomlaboard component, to allow old links to work.