Announcement regarding the JoomLeaks allegations

This is in response to the allegations made by the JoomLeaks actor in the mass email sent out to people who had created a user account on the JoomlaDonation site. For more information about this email please take a look at

Read more ...

Problems with Admin Tools 3.2.x

Admin Tools 3.2.x causes a blank page on Joomla! 2.5. You need to remove the plugins/system/admintools directory and install Admin Tools 3.1.1 to fix this issue. For more information read on.

Read more ...

Security update, September 2014

Executive summary: It is possible for a remote attacker to extract a remotely hosted archive while you are extracting a backup archive / installing an update, depending on your server settings. The attack is NOT possible at any other time. Merely having our software installed DOES NOT make your site vulnerable. The vulnerability was discovered and reported by Johannes Dahse of Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany.

Read more ...

Misleading article regarding Admin Tools posted by GoDaddy

It has come to our attention that GoDaddy has a very misleading post comparing security extensions for Joomla!, including Admin Tools. We want to address the blatant inaccuracies in that blog post.

Read more ...

Security updates, August 2014

Today we have issued security updates of Akeeba Backup for Joomla!, Akeeba Backup for WordPress and Akeeba Solo. The information disclosure vulnerability affects the JSON remote API which is only available when you enable front-end backups. The nature of this vulnerability makes it nearly impossible to exploit unless you are an experienced cryptanalyst and cannot be used to directly hack a site (the attacker can't write to the files or a database). Even though it's extremely difficult to use in a real world situation, we have issued a security update for all versions of our backup software and request all of our users to update as a sane precaution.

Credits: the vulnerability was discovered by Marc-Alexandre Montpas of Sucuri LLC and reported on Monday, August 18th 2014.

Read more ...