kareebu Secure Manual

This is what you need to get started with kareebu Secure. Please read the manual carefully before posting any questions.

Getting started

How do I install this plugin ?

Install the plugin through Extensions > Install/Uninstall.
Go to Extensions > Plugin Manager. Search for "System - kareebu Secure". Click to edit the plugin.
Look to the left. Set Enabled to Yes. This will enable the System Plugin in Joomla!.

Administrator Wednesday, 21 April 2010 17:04 Installation No comments

Configuration

How do I configure this plugin ?

Go to Extensions > Plugin Manager. Search for "System - kareebu Secure". Click to edit the plugin. Look to the right. You will see the plugin parameters.

Enable: Yes or No. This is just used so that you do not lock yourself out when you first install and enable the plugin. This is by default set to No. When you want to activate kareebu Secure, just set it to Yes.
Password: This is your password. Just type your desired password. If no password is set, kareebu Secure will not trigger so there is no chance for you to lock yourself out.
Mode: HTTP Authentication: You will be greeted with a standard Apache authentication window. You will need to enter your password in the "Password" field. You can either leave the "Username" field empty or fill anything because it is not verified. or Compatibility: You will need to type your URL as http://www.yourwebsite.com/administrator/?yourpassword — "yourpassword" will need to be replaced with your actual password that you have setup in kareebu Secure.

So, if you set Mode to HTTP Authentication you will see a login window. If you set it to Compatibility, you will need to access your website like http://www.yourwebsite.com/administrator/?yourpassword
http://www.yourwebsite.com/administrator?yourpassword works as well but we recommend that extra forward-slash.

Click Save or Apply on the top to save your changes.

Administrator Wednesday, 21 April 2010 17:04 Installation No comments

Recovering your password

I have forgotten my password. How do I recover it ?

  • If you are using Joomla! 1.5

Go to phpMyAdmin or any other MySQL manager that you use and run the following query:

 

SELECT params FROM `jos_plugins` WHERE element='ksecure'

This will show your current password.
PS: This assumes that your database prefix is "jos_"; if you have configured another database prefix please use that.

  • If you are using Joomla! 1.6 or newer (1.7, 2.5)

Go to phpMyAdmin or any other MySQL manager that you use and run the following query:

SELECT params FROM `a7vdh_extensions` WHERE `type`='plugin' AND `element`='ksecure'

This will show your current password.
PS: This assumes that your database prefix is "a7vdh_"; if you have configured another database prefix please use that.

 

Administrator Sunday, 25 April 2010 02:34 Recovery No comments

Disabling the plugin

I have forgotten my password. How do I disable it and regain access ?

There are a few ways how this can be done:

  • Disable the plugin through SQL.
    If you are using Joomla! 1.5
    Go to phpMyAdmin or any other MySQL manager that you use and run the following query:
    UPDATE `jos_plugins` SET  published='0' WHERE element='ksecure'
    If you are using Joomla! 1.6 or newer (1.7, 2.5)
    Go to phpMyAdmin or any other MySQL manager that you use and run the following query:
    UPDATE `jos_extensions` SET  published='0' WHERE `type`='plugin' AND `element`='ksecure'
  • Delete the files through FTP.
    If you are using Joomla! 1.5
    You can connect to your website's FTP and delete /plugins/system/ksecure.php.
    If you are using Joomla! 1.6 or newer (1.7, 2.5)
    You can connect to your website's FTP and delete /plugins/system/ksecure/ksecure.php.
    After you've deleted this, uninstall it through Extensions > Install/Uninstall and then reinstall the plugin. All of your settings will be back to default.
Administrator Sunday, 25 April 2010 02:38 Recovery No comments

Illegal variable

When you try to login in Compatibility mode, you might have received this message:

Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.

This is not generated by kareebu Secure but actually by Joomla! itself. There's a protection in Joomla! that forbids using numbers as characters in a variable passed to the URL. So, if you were typing http://www.yoursite.com/administrator/?12345 this would generate the above message.
As of now there is no known solution other than to use passwords that are not made only of numbers (when in Compatibility mode) - we actually encourage you to use a stronger password as passwords consisting only of numbers are easier to crack.

Note: if you use HTTP Authentication instead of Compatibility mode, this error never occurs.

Administrator Tuesday, 27 April 2010 20:13 Usage No comments

Search Website

Joomla! Services

kareebu is offering protection for your Joomla! website by providing a plugin that will deny access to your administrator section.

We are also developing a new Joomla! security plugin that will contain much more, so stay tuned!

To get in touch with us or request a service, just use the contact form.