Sorry for the delay. I investigated a little the other day, but was unable to make any changes that worked, and I couldn't understand why. After further investigation today, I found that the correct path to edit was Joomla_011 instead of 009, which you had mentioned in your PM. You have a lot of sites in that directory, with generic names, which makes it tough to navigate.
As for the issue itself, the problem is that JFBConnect tries to use the highest level of security possible. We always configure our outgoing connections to verify that the remote SSL certificate is correct. With the Heartbleed security issue that's been in the news lately, Facebook has updated their SSL certificates. The certificate bundles on your server are out of date and are not recognizing that Facebook's new certificate is valid, and therefore, rejecting the connection. That's causing an empty avatar and cover to be set.
To fix, I edited our /libraries/sourcecoast/utilities.php file. Around line 399, you'll see:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, true);
$response = curl_exec($ch);
We updated that to:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,false); // ADD THIS
$response = curl_exec($ch);
That made things work as expected. We're investigating another change for the next release which may make this work with an additional (distributed) certificate bundle that we can keep up to date as well.
I also enabled the Social Profiles - JomSocial plugin and configured it in the JFBConnect -> Profiles area, but I'm assuming you know how to do that.
I hope that gets you going. Should you need any more help, just let us know.
Thanks,
Alex