/ 2026-04-07T16:45:35-07:00 e107 https://e107.org/ e107 e107 https://e107.org//e107_images/button.png admin - e107inc@nospam.com e107 is an open-source website content management system designed for maximum flexibility and ease of use. https://e107.org/blog/878.html 2011-01-28T07:21:12-08:00 Alex1983m keller11de@nospam.com

As some of you might have noticed, the sourceforge-provided SVN browser has not worked for the past 24 hours. The error you are seeing is related to the services downtime that is detailed here: http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/service-downtime/This will be fixed once the downtime is over. You can monitor the following for updates:Site Status: http://sourceforge.net/sitestatus@sfnet_ops on Twitter: http://twitter.com/sfnet_opsUPDATE: Since 07-Feb-2011 the ViewVC for SVN has been restored.

2011-01-28T07:21:12-08:00 https://e107.org/blog/876.html 2010-09-11T11:06:08-07:00 Alex1983m keller11de@nospam.com

Have you been translating e107 in an official sense or just for your own personal use?Perhaps you also have a community language site?Or maybe you have never tried, but you would like to see e107 in your language? If so, then we want to hear from you!We're asking everyone who translates to fill in this form. Part of the purpose of this is to: 1) bring together people who are translating the same language. (avoiding duplication of work)2) make your language-pack (and community site if you have one) e107 certified - listing you on our website.3) increase communication between developers and translators. Thank you ! We look forward to hearing from you!

2010-09-11T11:06:08-07:00 https://e107.org/blog/874.html 2010-08-28T04:47:22-07:00 unknown

I would like to give you some more details and hopefully speed up the 'next stable release' process.After the release of 0.7.24 rc1 I'm overloaded with false positives due to a missed point of the upgrade instructions (see previous news). This slows down the process of discovering of not covered yet (if any) issues related with the latest e-token security protection.The case is simple, we are able to stop those false positives with one line of code. However, this will solve our (core developer and support team) problems only. I'll give you some extra info which should help you identify us as 'good guys' During e-token test, I found very bad issue - it was there forever. In few simple words, if you use default e107.htaccess (renamed to .htaccess) your site will do something like 10 to 20 extra sql queries (depending on your site configuration) plus of course additional php parsing processor job of your server per missing image/css/javascript file reference. A simple calculation says: if your average site sql requests count is 20, you have 4 missing images, you end up with 100 sql queries per page (instead 20). You should understand now the issue is really bad.Most of "Access denied" issues were side effect of the above. It's really easy for me to 'mask' the problem as solved, but I hope you understand now why I don't want to do this. We didn't invented upgrade instructions to 'keep you' busy, so please follow them, give us maximum information so that we'll be able to reproduce your problems, fix them and go forth. A whole 0.8 branch is waiting for us for the final work.I wish to use the moment and add big THANKS to all community members who helped us fighting the latest issues.

2010-08-28T04:47:22-07:00 https://e107.org/blog/873.html 2010-08-26T09:47:11-07:00 Alex1983m keller11de@nospam.com

Well, despite what we thought was some good testing of our 'stable' 0.7.23 prior to release, some users' installations became 'unstable' after upgrading. We believe most of these issues have now been corrected, but rather than simply making another official release, we will be introducing beta 'release candidates' into our release process. In retrospect, this is what we should have done with 0.7.23 - so we've learned our lesson. From now on, the stable 0.7 will remain as such, and release candidates will be made available prior to any official release. This will allow us (and yourselves) to test the code more thoroughly and will also give official translators more time to update and validate their language-packs so they are ready in time for the next official release. We recommend that only experienced users upgrade to rc1, while less-experienced users may wish to stick with 0.7.22 or 0.7.23 (if it's running smoothly for you)So, here's 0.7.24 release candidate 1. (rc1) To upgrade from 0.7.x: 1. extract and overwrite your existing files2. clear your site cache (admin->cache) and your browser's cache. 3. update/merge your .htaccess file (if you are using one) with the changes made in e107.htaccess4. be sure you don't use footer_something.php override but the default footer_default.php in e107_themes/templates5. post your bugs in the bugtracker when you find them.Its also worth reiterating that if you use the browser's 'back' button, a subsequent 'posting' of data will generate the 'Access Denied' error - this is a security feature.We'd particularly like to thank Allow and cyrus, who gave SecretR access to their sites to diagnose the problems (which weren't very obvious!) - without this constructive assistance things wouldn't have got fixed.Cheers

2010-08-26T09:47:11-07:00 https://e107.org/blog/871.html 2010-08-05T16:11:05-07:00 unknown

There has been a lot of speculation about the future direction of e107 recently, and its time to put that to rest and move forward.The dev team has spent quite a long time (weeks, if not months) discussing all aspects of e107 - the code, the community, the organisation, to try and establish a coherent plan for the future. Some of the results have been around for a while - the establishment of jira as an issue tracking system, some draft coding standards and guidance that we're refining before making public, better code documentation and so on. Overall the objective is to have a much more professionally run project.We recognise that some things have been far from perfect in the past - sometimes simply due to lack of time; sometimes for other reasons. We're trying to get it right now.It is also sad to lose McFly's input - hopefully not entirely, since he's still going to be around. As a long-term contributor to e107, its hardly surprising that he needs to concentrate on other things for a while.Moving on, there are a number of things planned:1. For 0.7, as well as continuing to maintain the code, we will be adding a few enhancements. These are mostly ones which the dev team already have available, or can release with minimal work, since we don't want to deflect too much effort from getting 0.8 on the way. Various members of the community are also working on enhancements which we will consider.2. For 0.8, the intention is to move to a release as soon as possible. Part of the delay was due to a realisation that some of the structure was wrong, and is having to be redesigned. This is nearly done, and you should start seeing code changes in SVN soon.We have a good idea of the final structure we need, and 0.8 is going to be the 'bridge' between old and new in order to maintain a reasonable degree of backward compatibility and provide an upgrade path.3. On the organisational side, Cameron is going to be the overall project leader (much as jalist was in the early days), backed up by SecretR and myself as the 'old hands'. We already have a capable support team under the leadership of 2dopey, which will continue. The dev team is to be strengthened - as well as existing devs Bugrain and nlStart we have some other community members to be approached. One area where we'd particularly like some input is on the security side. We've also had a tremendous number of offers of talented assistance from all round the world. Not just on the coding side, but also in areas such as marketing and public relations.So over the next few weeks, we're going to review all these offers, and put together a team to take e107 forward.More to come - so watch this space.

2010-08-05T16:11:05-07:00 https://e107.org/blog/870.html 2010-08-02T07:17:29-07:00 CaMer0n cameron@nospam.com

This has been something I have been considering for quite some time and I feel the time is finally here.As of today, I am no longer developing for e107.The main reason for the decision is due to priorities changing. Other things in my life (work, family, fire department, etc) just seem to be taking up most of my free time and I can't devote the time to e107. It also seems that the fire has gone out for me, I just don't seem to have the desire to open up the code like I used to.For all the people that I have promised code for and for all of the work I have done that is incomplete, I am sorry. I had intended to tie up some loose ends before leaving, but it just didn't happen.I do not know what the future hold for e107, but I wish it the best. I will still be hanging out #e107 during the day, so I'll still be seeing some of you.I want to thank all of the people I have worked with on e107...especially jalist. He graciously accepted code from a complete php newbie and allowed me to get involved with the project. I have totally enjoyed my experience with e107.Now for some fun, for those of you that understand the reference of the news title...discuss Top three Firefly episodes:1) Out of Gas2) Objects in Space3) JaynestownTop 3 Firefly characters (not part of the crew):1) Jubal Early 2) Stitch Hessian3) Adelei Niska

2010-08-02T07:17:29-07:00 https://e107.org/blog/869.html 2010-07-10T02:34:30-07:00 unknown

I decided to write this post because of the large number of forum help requests and accusations against e107 system. Although support team has tried to consolidate the discussion in low number of forum threads (see septor's Consolidated Flood Attack Information) people are still opening new threads which is only increasing the panic. I often read angry posts of people who are blaming e107 because it can't handle the situation. This is wrong. You would never blame your medical man why he can't invent (develop!) a medicine against your current disease. Don't blame e107 because it's installed on servers which can't handle current bot attacks. Don't search e107/PHP based solution to fight the problem. This won't help.I spent time to write a detailed information on my blog about server tools which will help to stop attacking bots before they reach your PHP engine. They also should help for finding rootkits already installed on the attacked servers. The information should be used by Dedicated server owners, but it could be pointed to your shared hosting provider if needed. The information I'm providing is based on my experience - number of attacked servers were able to come back in normal working state (no CPU overload, large number of FW blocked IPs). For those server owners not familiar with server administration, I posted link to a company which offers low cost server configuration service. If you are not experienced enough, you really should look up for a security professionals.I'm hardly convinced this is the only way we stop the attack against our community.The whole article - Secure server configuration - stop the madnessGood Luck!

2010-07-10T02:34:30-07:00 https://e107.org/blog/868.html 2010-06-07T13:13:27-07:00 unknown

Over the past couple of days a lot of e107-based sites (including e107.org) have been under attack from two angles:1. Repeated accesses of contact.php. The objective of these attacks was to compromise sites via a vulnerability which existed in older e107 versions.This vulnerability is fixed (as far as we know) in 0.7.22 - so if you haven't already upgraded, do it yesterday!If you already have 0.7.22 installed, the attack simply loads up the server, and becomes a DDOS. It shouldn't be able to gain access to your site; but will slow it down (or seize it up).If you are running earlier versions of e107, the hackers will most likely have gained access and uploaded various files. These include a Perl script which does all sorts of nasty things. So upgrade your site, and check carefully for strange files - delete any which shouldn't be there. This thread lists the files one user found. File Inspector will also help here.2. Repeated accesses of the file 'help_us.php' (which they expect to be uploaded as part of the previous attack). Usually this will trigger a 'page not found' error. Typically this is the standard e107 error page, which does some database access, again slowing down the server. Thus this is also a DDOS attack.In most cases (assuming you are running 0.7.22) your host is the best person to help with these attacks, by putting in server level blocks on the relevant IP addresses. (There are a large number of addresses involved - most likely a botnet of some sort).There are a number of forum threads on this topic; things you can do to reduce the effect of the attacks (but not stop them) include:1. If you're not using the contact form, delete contact.php2. If you are using the contact form, rename it, and update the link.3. Put in a 'pure HTML' error page for '404' (page not found) errorsWhile we believe that 0.7.22 blocked these attacks, we are aware of a few 0.7.22 sites that have been compromised. It seems likely that a different attack vector was used in these cases - most likely via a plugin. Or possibly via other means, such as a compromised FTP password. So please check server logs etc to try and identify how access was gained.

2010-06-07T13:13:27-07:00 https://e107.org/blog/867.html 2010-05-27T11:49:04-07:00 CaMer0n cameron@nospam.com

As promised, here's another releaseThis release includes the fixes for the e_parse issues introduced with the last release (sorry about that).It also includes a fix for a small security issue.I have also done some work on my build system, hopefully now:All files should pass the File Inspector test now.Upgrade files no longer contain empty directories.Link to downloads here: https://e107.org/edownload.phpChanges found here in the changelogPlease let us know if you find any problems, which I'm sure you will Update:The Russian Language pack for 0.7.22 has already been completed and can be found here: https://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_langpacks/zipped_langpacks_utf-8/0.7.22/

2010-05-27T11:49:04-07:00