SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

CoolClock 1.5

Overview

This module implements all available features of Simon Bairds CoolClock Javascript. Where other clock modules provide a limited number of skins, this module provides 19 predefined skins plus the ability to define your own! Any number of clocks may be present with or without custom skins!

Installation

  1. Download CoolClock from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "CoolClock".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Modules". When in the module manager, search for "CoolClock".

Configuration

Skin
Choose one of the 19 skins, or choose the custom option and proceed to the Advanced tab for styling
Radius
Radius of the clock, in pixels
Show Seconds
For performance reasons, this option is available. If you are displaying a lot of clocks, you may see better performance by disabling the second hands.
Day Start Hour
Hour at which the "day" class is added to the canvas tag and the "night" class is removed.
Day End Hour
Hour at which the "night" class is added to the canvas tag and the "day" class is removed.
Advanced Tab - Custom Skin
Each configuration item heading has a mouseover tooltip which explains the values expected by the input. Play with it and you'll find some very interesting combinations.

HELP

Please report bugs!

Discuss this article in the forums (0 replies).

Nomad 3.2

Overview

Nomad is not login redirection, it's homepage redirection!!! Joomla gives you a single homepage - Nomad gives as many as you need! Per-group or per-user - as many as you need.

An administrator can make global redirect setting, per-group settings, and/or individual user settings. The plugin checks first for a user setting, then a group setting, then a global setting - redirecting on the first value it finds. If no value is found, the user is sent to the normal homepage. Users who aren't logged in are not affected by this plugin, they see the normal homepage.

There are no limits to the number of assignments you can make!

Installation

  1. Download Nomad from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Nomad".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Nomad".

Configuration

Choosing a "Selection Type" (Global, User, Group) changes the available selection options.

  • Global redirects all users to an alternate page.
  • User redirects specific users to specific pages.
  • Group redirects members of specific groups to specific pages.

Order of operations is User, Group, Global - whichever is found first becomes the redirection

The plugin offers a list of existing redirections for modification or removal.

HELP

Please report bugs.

Discuss this article in the forums (1 replies).

HashCash 1.6.6

Overview

Finally, a captcha you can't read...wait...that's not what I meant... This is the captcha you don't even need to see.

Everyone knows the annoyance caused by captchas that are unreadable. HashCash is a different kind of validation. Unlike other captcha solutions, HashCash doesn't rely on 3rd party services or resources - and it doesn't require anything from your users other than a JavaScript enabled browser. No mangled words to decipher, no math problems to solve, no photos to match - nothing but arrival on a form page.

Originally proposed by Adam Beck in 1997, HashCash requires a form to include the solution to a complex calculation. The calculation is so complex (it takes hundreds or even thousands of attempts to solve it) that any human or bot attempting to abuse your forms will spend so much processor time solving the calculation that it wouldn't be profitable to continue attacking your forms! The server receives the result and can easily and quickly test it in 1 calculation - either it's right and your user continues or it's wrong and the form submission fails.

The best part is, HashCash is invisible (you can't read it - or even see it) and it happens in the background without user interaction! Your users arrive at the form and the HashCash calculation is automatically executed. Any bot attempting to submit your form without completing the calculation is rejected, and the calculation changes every time the form is submitted.

Installation

  1. Download HashCash from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "HashCash".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "HashCash".

Configuration

Configuration is simple. Open the plugin and choose the difficulty level. The predefined minimum (1) and maximum (4) levels prevent calculations that are too simple or too difficult to complete in an acceptable amount of time.

HELP

Please report bugs

Discuss this article in the forums (2 replies).

StaticPassword 1.0

Overview

Prevent one or more user groups from changing their passwords! Enforce static passwords for selected groups.

A similar extension existed for J1.5, but since it hadn't been updated - I created a modern, compatible version.

Usage is simple - enable the plugin after selecting which user groups will be prevented from password changes. When saved, the users in those groups will not be presented with the password fields when editing their account details. Additionally, it prevents submission of passwords (just in case someone decides to submit the password field values anyway by hacking the form).

Installation

  1. Download StaticPassword from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "StaticPassword".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "StaticPassword".

Configuration

The plugin has only one configuration: Restricted Groups. Choose one or more groups, and those groups will be prevented from changing their passwords.

HELP

Please report bugs

Discuss this article in the forums (0 replies).

Log Bad Passwords 1.2

Overview

Capture the bad passwords your users type. Learn and track what bad passwords your valid users are entering into login screens.

One day, while trying to remember which password I used to log into my Google account, it occurred to me that Google could easily track bad passwords and associate them to a particular user. With this information, along with the rest of what Google knows about us, they could easily gain access to other accounts and services.

So, I wrote this pair of plugins to provide this capability to Joomla administrators. Because this plugin only stores bad passwords, storing clear text passwords isn't exactly a security risk because they're known bad. When a user changes his or her password to one that is already in the stored list, that password is cleared from the list.

The list appears on the user edit screen in administrator and nowhere else. Administrators also have the option of clearing the list for individual users. Additionally, the plugin can be configured to store bad passwords for the frontend, the backend and to exclude specific groups from bad password storage.

This package was an experiment, to determine if it could be safely built. I wouldn't suggest running it on public sites because it may expose the passwords your users use on other sites.

Is this extension unethical? It depends on what you use it for. For a support representative on a private intranet site - this can be a very useful tool. Using this on a public site may be more questionable. I released it so everyone would know it's possible, as a warning - not so accounts can be compromised. Either way - please keep your opinions on ethics out of your review.

If you're concerned that a site might be using it, you can browse the site for /plugins/system/logbadpasswords/index.html . If the page is blank, the site uses the extension. If you receive an error - the site does not use it.

Installation

  1. Download Log Bad Passwords from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "Log Bad Passwords".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Log Bad Passwords".

Configuration

  1. Install the package.
  2. Enable both plugins.
  3. Configure the User - Log Bad Passwords plugin to set where it should run, and what group restrictions should be enabled.

HELP

Please report bugs

Discuss this article in the forums (0 replies).