jHackGuard
- This extension requires registration to download.
- Includes visible backlink
This plugin has been successfully used by SiteGround customers during the past few years. Now we make its latest version public, so that you can easily protect your Joomla site. All you need to do is to install jHackGuard and enable it – no additional configuration needed!
Thanks SiteGround. You Guys Rock.
Regards
Syed
As brian mention, it filters out extremely common words, i have tried the latest 1.2.1 version and it has not sovlved the problem, we have a social network with public bloggers and no matter where you want to use the word union, front-end or back, user level irrespective it removes the work or that part of any word containing it.
Even tried posting it as my status in JomSocial and as a super admin it would not let the post succeed. They are completely delusional if they believe they have solved the problem.
Hello,
We have tested the plugin and we can confirm that the version for Joomla 1.7 no longer filters in any way content added by users that have access to the administrative area. To make sure that the latest version of jHackGuard is used please completely remove your current instance of jHackGuard, download it anew from our website and install it.
As to the JomSocial component, it allows users without access to the administrative area to create and publish content to your website. This behavior triggers the jHackGuard security checks and if anything suspicious is found it will be blocked. Our plugin utilizes the same logic in both Joomla 1.5 and Joomla 1.7 versions. This means that posting "union" through a JomSocial component will be filtered in all Joomla versions. Note that the majority of the MySQL injections work using precisely this command to execute unwanted queries to your database. For example, if someone posts 'and1=1 UNION select * from jos_users' and your comment extension is not written securely, this will return everything in your jos_users table. Through this command if an attacker find such security hole he/she can execute literally every query he/she wants.
We also plan to develop further the plugin and converting it to a component that utilizes the new Joomla ACL system. This will allow each user better control over the security checks to be applied on his/her website.
The extension is so badly coded that it tests for things without checking without checking the context
For example it is impossible to write an article about a trade union as the extension removes the word union
Or to write the word concatenate as it removes the characters concat
Or to write a basic tutorial about joomla as it removes common terms such as jos_users.
Removing any of these from your content is just plain stupid!!!!
Thank you for reporting these issues with jHackGuard in Twitter last week. We have tested and found that there was really a flaw in the jHackGuard version for Joomla 1.6 and 1.7, which was fixed and the new version of the plugin was uploaded yesterday.
Our plugin is originally designed to check whether the user submitting information to the site has admin privileges or not. By default only if the user has NO admin privileges we look for patterns for SQL injections and other hacking techniques and block posts containing such patterns in order to prevent the site from being hacked. Unfortunately, due to a slight modifications in the latest Joomla versions, the check whether an user has admin rights or not wasn't working correctly. This is why you were unable to post articles containing content that you've mentioned as your posts were block by mistake.
You can download the plugin again from our site and give it another try. I believe that you will find it useful and working as expecting to protect your site from hacking attempts. Of course any bug reporting or improvement suggestions are more than welcome!
I have installed it now on 5 websites I have created and they are all secure. (or seem to be)
On my personal Joomla website I have tried several other Admin tools, so that in the future (If one of my clients get hacked) I have other things I can do to help them out. Thanks to all the programmers who make these Extensions for Joomla! (Non-Commercial)
As far as the footer, just take it out of the plugin file. I didnt mess with the php code, just the html section that puts it in there.
The worst thing fo this plugins are that you don't notice if they are beeing useful, as the block the own problems that make you need them! :P
Thanks for publishing the plugin guys!
as for removing the "joombla extension by siteground" water mark at the bottom of the front page..
as stated by CarlG (a few post below)...
but it's gest if you use remove the URL and the text
and leave the codes be!!! since if you remove the codes.. you site will not even load!!!
my advice to remove the watermark is
1- copy and paste your codes into a txt file before doing anything.. so if you messed up.. you can just re-paste them
2- if you want to remove the trademark of the front page..
remove THE URL and the TXT in the Replacement line
so what you looking for is
www.siteground.com and joombla extensiones by siteground..
or soemthing like those two within the $replacement =
that's all
Thanks so much for this FREE security extension!
function onAfterRender() {
$output = JResponse::getBody();
if (!(preg_match("/sgfooter/", $output))) {
$pattern = '//';
$replacement = "Secured by Siteground Web Hosting";
$output = preg_replace($pattern, $replacement, $output, 1);
}
JResponse::setBody($output);
return true;
}
About footer link :) you can remove it, if dont like it.Problem is that people dont know where to remove and try to tell bull thinks like that first review about footer link and some charge $49.
:) dont be stupid, this plugin cost free, no body ask about money, use it and be happy of FREE...
When I uninstalled the plugin it was still there and they wanted to charge $49 to advise how to remove it!!
Hello,
We have extensively tested the plugin and we can guarantee that the link does not stay after the plugin is uninstalled. I would guess that you have some cashing extension that causes this problem with your particular websites. However, we cannot say for sure without testing it on your website.
We would like to thank you, however, for the feedback about the backlink to our website. We have added this token of appreciation since it is a standard practice amongst such extensions but we will consider making it optional for the next versions.
However, I agree with everyone here who said that the back link is simply cheap, and makes the developers look more greedy than credible. Should be an option.
Note to the JED Team:
Please consider reviewing your criteria for a non-commercial plugin. The back link should optional for user, otherwise all our sites will look like link farms. The great gallery component Phoca, and many others are in the same boat.
Another thing: placing the Siteground link on one page is fine, but when it places the siteground link on all my pages and throws my template out wack, I was left with one choice remove the link...
But what good is this plug-in when everything you have or want to use conflicts with it? Just do a search on this plug-in and it clear more than 50% of the people thats using it or have used it have un-installed it. And I still don't know if it ever worked! But I do know the link to Siteground website worked! And no one in this review section knows if it works or what it does? There no read out or any that shows what it blocked or prevented! Wait, here a thought and a scary one at that maybe the hackers was supposed to see the Protected By Siteground and run away...or find another website to hack into...
No one that have downloaded this plugin knows what this plugin does?
Like all the high quality security extensions I've tried and installed on all the sites that passed through my hand, I'd love to use this one.
But adding a "Secured by Siteground Web Hosting" footer on all the pages is a huge turn off.
First, and as was said before, it's misleading. Second, does it have to be on all the pages?
I really liked it when I looked at the code, it's just sad that I can't use it, more so recommend it.
I hope you'll add an option to disable the footer. If that's not possible, maybe you could provide a commercial version so that people who really want to use jHackGuard can do so but without the Siteground footer.