» Compatible with Joomla! 2.5 & 3.x
» Backend Password - Add an extra layer of security by typing in a password before logging in the administration!
» Blacklist - Block unwanted (single or multiple using wildcards *.*.*.*) IP addresses.
» Whitelist - Bypass protections for selected IPs.
» Stop brute-force login attempts - Capture login attempts (as well as incorrect passwords).
» Malware database - Detects obfuscated, encoded as well as potentially dangerous files (eg. base64_encode, eval, gzinflate, preg_replace /e)
» Automatically drop dangerous files when they're uploaded - such as .php, .js, .exe, .com, .bat, .cmd
» Disable the creation of new Administrators
» Protects selected Administrators from any changes - including password change!
» Log all security events and send messages to specified email address(es)
» Powerful exception system - Disable protections based on User Agent, URL or component (regular expressions allowed).
» Database Check - Optimize & repair your database tables.
» Display CAPTCHA in the administration section after a predefined number of failed login attempts.
» Country blocking - Allows you to select which countries have access to your Joomla! website (also blocks anonymous proxies). Based on GeoIP Lite Country database.
» Local file inclusion (LFI)
» Remote file inclusion (RFI)
» SQL injection (SQLi)
» Denial of Service (DoS) - Block unwanted User Agents
» Automatic blacklist
» Actively scans POST and GET variables.
» Keeps an eye on sensitive Joomla! files and alerts you if they are changed.
» Check for the latest Joomla! & RSFirewall! versions.
» Provides suggestions on how to tighten your PHP & Joomla! configuration.
» Scan Joomla! core files for integrity.
» Scan files and folders for common permission errors.
» Scan files for common malware.
It looked like a server attack as several other sites got hacked soon after - I have about 160+ Joomla sites, it took a few days to get a firewall on all, so some of the other hacked ones did not get the firewall installed in time.
Before getting the firewall I was already moving my configuration file to a safer place, but the firweall instructions taught me several additional methods of hardening sites.
I have used the firewall for three years now, and in THREE YEARS out of 160+ SITES I have only had a couple of sites hacked whilst using it , not bad as many are only the latest patched Joomla 1.5x and 2.5x. Of those two hacked sites I reckon one probably already infected when I installed the firewall. I contacted RSFirewall support about the other site that was compromised that did have the firewall installed and they gave me a fix within a few hours. The next day they released a new version with that fix incorporated.
Prior to installing the firewall I must have had about 10 sites hacked in the space of months, some repeatedly as I had not cleaned them sufficiently.
Some webmasters like to signoff on a site, take the money and run on to the next one to churn out. I like to look after my clients, repeat customers and word of mouth is gold dust in this networking world. I am a reseller, I get them to host with me, I harden their site the best I can, install the firewall and update the extensions and apply security releases to the core as quickly as I can. I don't charge rock bottom price for hosting and earn a bit back toward the time spent on updating each site.
The customers come back for more :-)
Thank-you very much RSfirewall.
Thank you for your review.
Please note that RSFirewall! does incorporate checks for uploaded files ($_FILES) as well:
Please read the "Uploads" section.
I don't tend to buy many commercial Joomla extensions but this is one that I think is well worth every penny.
The component a.) secures your installation in critical points b.) protects for hacks of insecure uploads c.) cleans your Database and temp-folders d.) a county-blocklist (even a black-white-list) e.) has an outstanding support-team (what not every paid component has...).
So an cost-free alternative without the "one-stop-solution-idea" could be "Admin Tools" by Akeeba, but without the really nice security features.
Now, there is no way I can keep up with new hacks so I tried and installed RSfirewall. Since then, zero successful attack! And I love that it runs a full security diag on the website and tells you what to change/fix. Great support also from the devs when I updated the website to Joomla 2.5. Five stars, although I wish the functionality was built-in joomla. I learned the hard way that a default joomla install it NOT secure and that there are alot of stuff to do to iron it.