Home
  • You are here:  
  • Bruce Moore's Tech Blog

Moving a Joomla Web Site to a New Host

Moving a web site to a new hosting firm is a routine process if you take the time to prepare for the change. The article that follows talks about the steps in the process of moving a web site and transferring technical support responsibility.

It the decision is rebuild the web site, it is critical to capture ALL of the old URLs and set up redirects on the new site. If you do not, Google and Bing will lose all references to the site and your search engine ranking will start from scratch; if you are on page one, you will go to page fifty and work your way back up with the new URLs. This checklist does not cover the steps necessary to rebuild a web site as part of the hosting transfer process.

  1. Transfer of control

    This set of steps is only needed when you are transferring a client website or the website of a volunteer organization that you support.

    1. Transfer Control of Domain Registration
    2. Create New Hosting Account
  2. Prepare for cutover on new host
    1. Create domain definitions on new hosting account.

      These will be inactive until you update the DNS servers at the domain registrar in the final step. If you have verification definitions for Google Search Console, Bing Webmaster Tools, Google Postmaster Authentication and other verification definitions, you will need to add those too.

    2. Copy Email Forwarding Definitions to New Host
    3. Copy Email Autoresponder Definitions to New Host
    4. Copy Email Accounts to New Host
    5. Copy PHP Configuration to New Host
  3. Prepare for cutover at old host
    1. Modify Web Site to Remove Developer-licensed Extensions

      If the new hosting account will have legal access to the various paid extensions you can skip this step.

  4. Cutover
    1. Have Users Backup Email Accounts
    2. Copy the site-map.xml file or other site map file that is registered with Google, Bing and other search engines.
    3. Backup Web Site Using Akeeba Backup
    4. Restore backup using Akeeba Kickstarter
    5. Copy SSL certificates over as necessary
    6. Update Domain Registration DNS servers to point to DNS servers for new hosting
    7. Remove AutoSSL configuration on old host, assuming you are using CPanel
    8. Configure AutoSSL on the new host, assuming you are using CPanel
  5. Testing
    1. Verify the site with Google Search Console
    2. Verify the site with Bing Webmaster Tools
    3. Verify the site with Google Postmaster Console
    4. Verity the site with Google Analytics and other analytics tools
    5. Test sending and receiving email
    6. Test all web pages
    7. Test all references in the old site map XML file
Details
Hits: 1867

This Account Was Recently Infected! Email Extortion Scam

I recently got an email purportedly from my own account that began with “This Account Was Recently Infected!’ The full email is shown as an image below with the text in the description tag of the image reference. The text was contained in an an image file and since it spoofed my own account, my email client displayed the image. Concerned that my account had been hacked, I looked at the email source, and discovered that it was just a spoofed email originating from a server in Japan. I Googled the first sentence and found many hits for descriptions of the email scam and one that suggested reporting to the FBI.

Because it included a Bitcoin wallet ID, I decided to go ahead and report to the FBI. Finding the right site is not a trivial task, but I did end up filing a report.

Image of Email Extortion Text

The extortion email was presented as an image, which allowed it to get past SpamAssassin and the spam filtering in Thunderbird. It also made it impossible to cut and paste the Bitcoin wallet ID into the FBI report.

Text of “This Account Was Recently Infected!” extortion email presented as an image.
Image of email extortion scam text

Headers from the Extortion Email

In most email clients, you can view the source of the email which will give you information on where the email may have originated. In this case, the header shows that the email started out in intercom-45-29.pro which does not point to anything in DNSLytics, but intercom.pro does point to Russian ownership. From the first server, it went to max-luomo.com which is registered with a Japanese domain registrar. In any case, it is clear that the sender did not compromise my email account or server.

Return-Path: Delivered-To: mail@domain_name.com Received: from cpanel.domain_name.com by cpanel.domain_name.com with LMTP id 4C3ZCfrnn1xMEQAAdMgoMg for ; Sat, 30 Mar 2019 17:04:42 -0500 Return-path: Envelope-to: mail@domain_name.com Delivery-date: Sat, 30 Mar 2019 17:04:42 -0500 Received: from oogw1239.ocn.ad.jp ([153.149.141.169]:47343) by cpanel.domain_name.com with esmtp (Exim 4.91) (envelope-from ) id 1hAM5e-00019t-N8 for mail@domain_name.com; Sat, 30 Mar 2019 17:04:42 -0500 Received: from cmn-spm-mts-006c1.ocn.ad.jp (cmn-spm-mts-006c1.ocn.ad.jp [153.153.67.160]) by oogw1239.ocn.ad.jp (Postfix) with ESMTP id 6551360E8B for ; Sun, 31 Mar 2019 07:03:57 +0900 (JST) Received: from mwb-vc-mts-002c1.ocn.ad.jp ([153.138.237.206]) by cmn-spm-mts-006c1.ocn.ad.jp with ESMTP id AM3Shggxt07dLAM4zhkTVZ; Sun, 31 Mar 2019 07:03:57 +0900 X-BIZ-RELAY: yes Received: from sgs-vcgw117.ocn.ad.jp ([153.149.141.227]) by mwb-vc-mts-002c1.ocn.ad.jp with ESMTP id AM4zhSVQmPu64AM4zhc1qI; Sun, 31 Mar 2019 07:03:57 +0900 Received: from max-luomo.com (max-luomo.com [210.190.145.37]) by sgs-vcgw117.ocn.ad.jp (Postfix) with ESMTP id E800024019A for ; Sun, 31 Mar 2019 07:03:56 +0900 (JST) Received: from [intercom-45-29.pro] (unknown [185.153.45.29]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by max-luomo.com (Postfix) with ESMTPSA id DB58F8401F6B for ; Sun, 31 Mar 2019 07:03:50 +0900 (JST) Content-Type: multipart/related; boundary="--_com.android.email_84542265731905" MIME-Version: 1.0 To: mail@domain_name.com List-Help: X-aid: 7446357115 From: Date: Sat, 30 Mar 2019 23:03:47 +0100 X-CSA-Complaints: This email address is being protected from spambots. You need JavaScript enabled to view it. Message-ID: <714g1951i8hd13pbkr7ggspa1baaxrwv@p33o3zg1lyt59sw8zro101uxkts4rlbeym9hwbr8kpm91ibkhnd5spa41x2amg6m> Organization: Ymfyoolx Subject: mailid Feedback-ID: 478791:07697752.05799481:yw18:hh Abuse-Reports-To: This email address is being protected from spambots. You need JavaScript enabled to view it. X-Sender: This email address is being protected from spambots. You need JavaScript enabled to view it. This is a multi-part message in MIME format ----_com.android.email_84542265731905 Content-Type: multipart/alternative; boundary="--_com.android.email_25217509735885" ----_com.android.email_25217509735885

Conclusion

This is a hoax and a scam. Sadly, it is a part of life today.

Details
Hits: 3112
When upgrading PHP, make sure to edit php.ini to disable functions with security problems.

Upgrading Joomla to PHP 7.3

PHP 7.3 was released in December of 2018 at about the same time that PHP 7.1 moved to support for security fixes only; PHP 7.2 is the primary release, but 7.3 offers some incremental improvements. PHP 7 was claimed to be about a 2X performance improvement over PHP 5.6, and each release of the 7 series claims performance of 5-20% better than the previous release. CPanel announced that EasyApache 4 added PHP 7.3 in December, so I decided that three months was enough time for many of the problems to be worked out and took the plunge on moving to 7.3; it went fairly easily.

If you are still on PHP 5.6, or on a Joomla release prior to 3.9, you should probably look at Upgrading to Joomla 3.8, 3.9, 3.10 and 4.0 before reading this article.

Backup

As always, make sure that you have backups before beginning any system level work.

Upgrade Joomla Extensions, and Joomla

As always for a PHP upgrade, make sure that both Joomla and all extensions are current and that you are on the current release of Joomla.

Add PHP 7.3 in CPanel

If you have a VPS, you will need to log in to Web Hosting Manager and add PHP 7.3 in EasyApache. It will prompt you to include the PHP packages that are used in the other versions of PHP; say “yes” unless you know that you no longer need some of the packages.

If you do not have a VPS, PHP 7.3 may be available in the Multi-PHP settings within CPanel. If not, call your web hosting technical support to make sure that it is added. This will probably take a day or two, and may be much longer.

In WHM, Update PHP Configuration

You will need to update the PHP configuration so that it matches the settings for your working PHP 7.1 or 7.2:

  • Make sure that the maximum file upload and post size are increased, otherwise you will not be able to upload many Joomla extensions.
  • Depending upon your site and the defaults, you may need to increase the default memory. Some sites of mine that were fine on 32M in PHP 7.2 required an increase in PHP 7.3.
  • Update the php.ini setting for disable_functions to disable at least "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, ini_set". The CPanel security audit will complain if you do not.
Figure 1. Make sure to update php.ini to disable functions with security exposure; you cannot do this is the basic config panel.
Make sure to directly edit the php.ini file to disable functions with security problems.

Turn on Error Messages in Joomla

If everything goes perfectly, you will not need error messages, but it will be easier if you turn this on before switching over the first time. If you do not turn it on now, you will have to log in to Joomla each time you switch PHP versions (assuming you are using PHP sessions for performance).

Figure 2. Turn on error reporting in Joomla before switching to PHP 7.3. Make sure to set it back to the default when you have completed the upgrade.
Make sure to set the Joomla error reporting to simple to help in diagnosing problems in PHP settings.

In WHM, Switch to PHP 7.3

Once you have done all the prep work, switch to PHP 7.3 and test everything on your site. If you have extensions for managing photo galleries, make sure to test these; some of them are dependent upon PHP modules that are not installed by default.

Turn off Error Messages in Joomla

Once you are done, make sure to turn error messages off in Joomla. You will probably still get a number of warning messages, but no fatal messages.

Summary

If you are current on Joomla maintenance and have already switched to PHP 7.1 or 7.2, moving to 7.3 should be a relatively painless. The most likely problem area will be forgetting to change a memory settings.

Details
Hits: 5018
Software for a new computer need not be expensive. Open source alternatives are quite good today.

Ten Software Packages for a New Computer

A friend recently bought a new computer to replace an aging Windows 7 machine, and asked what software I though he should load. It was easy to come up with a short list of programs that would satisfy the basic needs of most people. This list is heavily weighted to open source software and to programs that run on both Windows and OS X, there really are not any sacrifices to be made.

Libre Office

The easiest recommendation is for LibreOffice, an open source office package for word processing, spreadsheet, presentation, graphic design and light database work. It can read and write files in Microsoft Office formats, though because MS Office uses copyrighted fonts, the look will not be identical. Unless you need exchange a lot of business documents with other MS Office users, this will meet your office software needs.

Browsers

Most people should have a couple of different browsers installed, as some web sites do not work with all browsers, and some browsers are not very good about privacy. I generally use one browser for sites where I am logged in and need to keep session cookies (Chrome), and another (Firefox) where I delete cookies and all history when I close the browser.

Firefox

Firefox is generally the best browser for those who are security and privacy conscious. The default settings are pretty tight by changing the default search to DuckDuckGo, you can have a much more privacy than with Chrome or Internet Explorer with default settings.

Chrome

Chrome is the most popular browser and has the fewest compatibility issues at this point in time, but the default settings are not very good from a privacy perspective. With default settings, Google will know pretty much everywhere you go and what you do.

Chromium

Chromium is an open source distribution of Chrome, but with somewhat better default privacy settings.

Vivaldi

Vivaldi is a browser that was developed and released by some of the team that originally developed Opera. Although I used Opera a lot, I have stopped since it was acquired by a Chinese firm. I am just less comfortable about privacy and security with software from Chinese companies, especially after what happened to StartCom after it was acquired by WoSign.

Password Manager

Good security today requires a that you never reuse a password, and this in turn requires that you use a password manager. There are many good candidates; here are a few that I have used.

KeePass

Keepass is an open source password manager that is available on all major platforms. It does not provide cloud capability, which can be a plus or a minus depending upon your security philosophy; personally, I think lack of cloud capability is a plus as it requires a compromise of your machine to get access to the file and potentially to a key file that you can keep on a flash drive.

1Password

This is a popular option for OS X.

Thunderbird

An old-fashioned desktop email client is still a necessity for times when you want to work with email but are not connected to the Internet. Thunderbird is open source and has some key features that are hard to find:

  • Google addressbook synchronization (via a plugin)
  • Google calendar synchronization (via a plugin)
  • S/MIME email encryption and authentication (via a plugin)
  • PGP email encryption and authentication (via a plugin)
  • Integration with major CRM software to keep email attached to customers (via plugins)
  • Tools for sending large attachments via a secure cloud-storage link (via plugins). This is really helpful when you need to send attachments that are larger than the receiver's attachment size limit.
  • Powerful filters and rules for deleting/forwarding/handling mail based upon the contents and senders.

The only think it does not do is provide a multi-line display like the one in the Apple mail client.

DigiKam

Both Windows and OS X have built-in photo library managers, but if you want to retain the ability to move between operating systems, you may want to consider using DigiKam, an open source photo library manager. DigiKam is perhaps more complex, but it provides more control for facial recognition, file formats and a variety of other things.

Messaging

It is really handy to have a messaging app that works on your phone, tablet and desktop and that provides end-to-end security. There are many candidates, but here are two that are widely used.

Signal

Signal is one of the most secure messaging systems and is now one of the most convenient with a desktop application. It is moderately widely used but is slowly growing in popularity.

Hangouts

Google Hangouts is no longer a stand-alone application, but is instead a browser extension for Chrome. It is available to anyone who has a Gmail account.

Adobe Acrobat Reader

You will need something to read PDF files. Though there are clients that are better, it is always handy to have Acrobat installed.

Two-factor Authenticators

If you use Google Authenticator for two-factor authentication, you will probably want to have a client on your desktop. This is an area where trust in the application provider is paramount; you will probably want to use one from the Microsoft, Apple or Google Stores respectively.

Microsoft Windows– Oracle Authenticator

Of all of the authenticators in the Microsoft Store, the Oracle product appeared to be the most trustworthy and easy to use. Microsoft has a authenticator in the Apple App Store, but only for phones and tablets. I cannot find one in the Microsoft Store.

HTML Editor

Anyone who does work for a non-profit will need to write HTML for a blog post at some point, and for that you will need a simple HTML editor with syntax highlighting and spell checking. Advanced users will want more, but here some simple ones.

Bluefish

Bluefish is a very simple HTML editor with few bells and whistles, but it runs on Linux, Windows and OS X. It taks very little to figure it out.

Brackets

Brackets is also a cross-platform editor like Bluefish, but has more options and capability than Bluefish.

Audacity for Audio Editing

Audacity is an audio file editor that will help you speed up or slow down audio without changing the pitch among other things. If you are doing video or podcast editing, this can be handly. It is cross-platform.

GRAMPS for Family History

Family history (or genealogy) is a growing hobby with many for-fee packages. If you are looking for something that is free or cross-platform to enable cooperation with people running lots of different systems, GRAMPS is a good open source alternative.

Network Caller ID

Robocalls are a constant annoyance today; Network Caller ID (NCID)can turn you computer (and modem) into an effective call logger and blocker. See Stopping Robocalls from Rachel at Cardholder Services for a longer description of NCID.

Details
Hits: 2564
Although not statistically complex, the ACLU use of R for litigation support in the family separation case was big.

RStudio::conf 2019

What a difference 12 years makes. My first R-related conference was the 2007 UseR! at Iowa State University in Ames, Iowa. It was about 300 people and almost all attendees were from academia. Fast forward to the 2019 RStudio::conf, with 1700 people, almost all of whom are from industry. The UseR! conference now draws about 1000, the RFinance conference draws hundreds, and the BioConductoR conference draws large crowds. The constant theme over this decade has been documentation and reproducibility of research; in 2007, a pharma developed and put the MS Word version of sweave into the open source world because they needed a MS Word version and wanted to contribute. At the 2011 conference in Warwick, RStudio and IDEs that made the use of sweave and then knitr much easier. 2015 in Aalborg brought discussions of Docker and portability/archivability into the discussion.

Reproducible Research Continues to be a Theme

Reproducible research has been a theme in R for a decade, and the RStudio::conf 2019 continued the theme with workshops and conference sessions on Markdown and Bookdown among other reproducibility- and repeatability-related topics. I have continued to stick to LaTeX due to inertia and the early lack of citation capability in Markdown, but that has changed, and it is time to make the switch for new work. Many of the new books in R are being produced in Bookdown rather than LaTeX.

Garret Grolemund’s talk R Markdown: the Bigger Picture pointed out the scope of the repeatability and reproducibility problems in research today and how using Markdown can help in documenting what you did and how you did it.

The proportion of published articles describing experiments that cannot be repeated due to lost code, documentation or data is a huge problem.
A large portion of current published research cannot be replicated. R Markdown can help with documenting data and procedures.

Using R for Family Reunification

Although much of the RStudio::conf presentations were oriented to the RStudio products and open source packages, many were not. One of the most compelling was Brooke Watson presentation on using R to clean up the total garbage data provided by the U.S. Government on the locations of children and parents who were separated at the border. Regardless of politics, it is clear that the government was unprepared for this policy and did not (does not?) have procedures in place to keep track of kids and their parents who have been separated.

Brooke Watson's (@BrookLYNevery1) presentation on family reunification showed a jumble of files provided during discovery.
The Department of Homeland Security provided jumbled data to the ACLU for child separation lawsuits.
Brooke Watson's (@BrookLYNevery1) presentation on family reunification showed that the Department of Homeland Security does not have systems in place to track children separated from their parents..
The Department of Homeland Security provided bad data to the ACLU during discovery in the child separation lawsuit.

RStudio Package Stickers Continue to be a Hit

The RStudio package stickers were a major hit in Brussels, and continue to be a big hit at R conferences. This has to be one of the best marketing ideas I have ever seen. Whenever they put out a new batch of stickers, there was always a scrum as people searched for ones that they didn’t have.

The RStudio hexagonal package stickers are clearly one of the best marketing ideas I have ever seen.
The RStudio hexagonal marketing stickers continue to be a hit at conferences.

R and Data Science are No Longer PhD Things

The Education track on the last day was poorly attended, but I think in many ways it was perhaps the most important for understanding the future, the future of R and the future of Data Science. Mary Rudis (@mrshrbrmstr) spoke on teaching R at the community college level and on improving data literacy in the general population. Her presentation talked about certificate programs that do not require a prior bachelor’s degree. Her presentation was followed by Carl Howe’s (@cdhowe) presentation on Teaching the Next Million R Users. Carl is RStudio’s Director of Education or something like that and it is clear that RStudio is looking not just at the professional Data Scientist, but at increasing data literacy in the general population.

Panel Discussion of Data Science as a Career

The conference concluded with a panel discussion that was effectively how to manage a career in Data Science. It has a lot of useful information, but failed to talk about how to survive being the messenger in “shoot the messenger,” which all Data Scientists need to know how to do. How I would answer that question will be the subject of a future blog post.

Knitting is Making a Comeback

When I was a kid, my mom knitted all of the time–it was the major form of her gift giving, and I still have most of the sweaters from my late teen and college years that theoretically still fit. Mom was quite proficient and could do intricate patterns while carrying on a spirited conversation, though if the conversation was too spirited, she might have to rip out a row and re-do it. During the education track on the last day, the woman in front of me did a major portion of a child’s sock during the session. It was pretty cool.

Knitting is making a comeback. A child somewhere is going to get some cool socks for a birthday.
The woman in front of me made major progress on knitting a childs sock during the education track on Friday.
Details
Hits: 2391
  1. Choosing a DNS Server
  2. Upgrading to Joomla 3.8, 3.9, 3.10 and 4.0
  3. New Privacy (GDPR) Features in Joomla 3.9
  4. Upgrading a Raspberry Pi from Wheezy to Jessie