Misleading article regarding Admin Tools posted by GoDaddy

It has come to our attention that GoDaddy has a very misleading post comparing security extensions for Joomla!, including Admin Tools. We want to address the blatant inaccuracies in that blog post.

Read more ...

Security updates, August 2014

Today we have issued security updates of Akeeba Backup for Joomla!, Akeeba Backup for WordPress and Akeeba Solo. The information disclosure vulnerability affects the JSON remote API which is only available when you enable front-end backups. The nature of this vulnerability makes it nearly impossible to exploit unless you are an experienced cryptanalyst and cannot be used to directly hack a site (the attacker can't write to the files or a database). Even though it's extremely difficult to use in a real world situation, we have issued a security update for all versions of our backup software and request all of our users to update as a sane precaution.

Credits: the vulnerability was discovered by Marc-Alexandre Montpas of Sucuri LLC and reported on Monday, August 18th 2014.

Read more ...

Information for clients using GoDaddy

Changes made around July 18th, 2014 by GoDaddy on their servers made it impossible to run any backup software and cause grave issues to Javascript-heavy applications running on their servers. As a result we have to immediately stop providing any kind of support to our clients hosted on GoDaddy as their issues are outside our control. If you are affected please contact GoDaddy and let them know of the problems they have caused. For more information please read on.

UPDATE July 29th: GoDaddy engineers have identified the issue and have deployed a reversal of the patch causing the backups problems since July 26th. However, it takes a while for all of their servers to become up to date. We have tentatively removed the warning about not providing support for GoDaddy customers but please DO NOT request support for backup failures on GoDaddy until August 4th as we can't know if your server is affected or not.

Read more ...

Information about FOF and F0F

Executive summary: Since March 2014 the framework we use to build our software is placed in the directory libraries/f0f (f-zero-f) inside your site and it appears as "F0F (NEW) DO NOT REMOVE" in the Extensions Manager. This entry is legitimate and you must not remove it, otherwise you are risking locking yourself out of your site.

Read more ...

Announcement regarding the Heartbleed bug

Executive summary: Our software is NOT affected by Heartbleed.

Read more ...