I just found a terrible bug/issue. For a while, mambohacks/joomlahacks.com was offline. I realised that, during this time, the Joomla-SMF Forum backend configuration is also unavailable.
Looking through the source, i realised that admin.smf.php, smf.class.php, and functions.smf.php makes frequent calls to the variable $MAMBOHACKS, which is defined as "//MAMBOHACKS.COM".
I understand (roughly) that this is to allow the admin backend to connect to mambohacks.com in order to check for patched files..? But isn't it a really bad idea to have a certain function(s) of my site be dependant on another site..? Can't the "patched" version of the files be resident somewhere on my site too..?
I noticed this crap the very first time I installed it 'cause I do my development offline.
This behaviour (automatic backdoor connections) is inexcusable and can only serve to cast doubt on Joomla code in general.
For me, I edited my hosts file and put a loopback address for MamboHacks etc to block it.
I already scan all my component downloads and read through the code to see what it does.
I URGE EVERYONE to get one of those offline joomla installations .ie. "JOOMLA Starter kit" (go to joomla.org, developers and search for it)
AND setup a STAND ALONE PC (it does not need more than a Pentium 133 to run, really, and 150mb free disk space.
This PC should NOT be connected to the net, and you copy stuff to/from with a floppy or usb stick.
It seems helpful at first, a component that lets you know if more updated versions are out there, but it also announces your IP address and the current status of your Joomla configuration and God knows what else
A simple user clickable link "Check for Updates" would be much better behaved I feel.
Author
Forum
Logged
