The Joomla! Extensions Directory ™


Marco's SQL Injection Plugin

This plugin adds a simple but, in most cases, fondamental protection against SQL injection and LFI (local files inclusion) attacks. It checks data sent to Joomla and intercepts a lot of common exploits, saving your site from hackers.

* Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
* Notifies you by e-mail when a alert is generated.
* Protect also from unKnown 3rd Party extensions vulnerability.
* White list for safe components (at your risk ;) )
* automatic ip blocking on attack

Enable mail report and prepare yourself to be scared!

Anyway remember that security it is a 'forma mentis', not a plugin!


HISTORY

Version 1.2 Mar 26th, 2013:
* Joomla! 3.0 compatility & coding style
* try - catch table checking
* InnoDB table support
* it works fine, nothing else to do on J2.5 ;)

Version 1.1 (Mar 10th, 2011)
* ip auto banning on attack (ip blocking)
* RegEx improvements to intercept more SQL attacks


Version 1.0 (Jan 7st, 2011)
* Joomla! v1.6 compatibility
* send mail also when error is raised
* minor code optimization


Version .98a (Jun 1st, 2010) Thanks to Jeff
* fixed backtics matching
* fixed union all matching
* fixed ....// exploit
* added more info to report mail


Version .98 (May 29th, 2010)
first release.


Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".

Report Extension

 

 

2014-02-21
Reviews: 6
A eally useful plugin, helps a lot to prevent attacks on the DB.
Although the assistance is timely and of high quality.
For sure I would recommend it to a friend
2014-01-31
Reviews: 6
I have tried to find an effective method to prevent, or at least hinder SQL injection attacks from wannabe script jockeys, so far this plugin has stopped two such attacks. I like the idea of IP blocking. It's a shame that so many wannabe hackers are using automated Pen-testing software to find vulnerabilities. none more so observed than that on WordPress and older Joomla installation. I have no errors to report on the functionality of this great plugin (as yet) and encourage the use of this plugin to anyone looking for FREE SQL injection protection. Keep up the good work Dev'. 5 Stars!
2014-01-08
Reviews: 4
Its Really Really a Great Plugin, i have experimented with all possibilities to hack, and its worked excellent, It will give you a detailed report and also you can set the time for temporary Banning of IP.
Thanks for sharing such a great plugin.
★★★★★
Wow
2013-08-08
Reviews: 8
This blocks POST, GET, REQUEST and blocks SQL injections.

There will be detailed report, with attempt string, and hacker's IP.
I try to report each attack at projecthoneypot

Report looks like:
** Local File Inclusion (and string)

*REMOTE_ADDR
*HTTP_USER_AGENT
*REQUEST_METHOD
*QUERY_STRING

** SUPERGLOBALS DUMP
*$_GET DUMP
*$_POST DUMP
*$_COOKIE DUMP

This plugin Rocks and Roll
2013-05-02
Reviews: 4
Very Good Extension... Saved me a lot of trouble tracing potential attacks, and avoiding them.
2013-04-25
Reviews: 2
Thanks for this extension, is exactly what I needed.
It works perfect.
gby
2013-04-06
Reviews: 8
Great plugin, very effective and easy to set. Thanks a lot
2012-08-15
Reviews: 6
I was having difficulty getting a passing grade with GoDaddy's Website Protection Service regarding SQL injection and XSS.

I discovered this extension, installed and set it up, and passed the security screen on its next scheduled scan.

It works as advertised...thanks much!
2012-06-10
Reviews: 2
what a fantastic little plug-in for joomla
easy to install and configure and does exactly what it says on the tin so to speak !
keep up the great work
2012-06-06
Reviews: 27
Using Marco's SQL Injection in Joomla 2.5 and 1.5 since version 1.1 (April 2011).
Advantages: basic protection of SQL injection, attack attempts to notify the site.
Disadvantages: not currently identified.
Support - not used.
Unfortunately there is no way to verify the effectiveness of this extension yourself.
Use this extension on graduate school ites.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
2012-05-09
Reviews: 8
Thank you very much. I instaldo the extension and I hope that this is more difficult that malignant iyecten instructions to site ... thanks for sharing work and above all keep fighting for freedom and security ... thanks
2012-04-24
Reviews: 7
very nice, but how can we interpret the email messages with the hack attempts, so we can try and fix something if needed? is there a place to post those email messages with the sql injection attempts to get help on them?
Owner's reply

Hi learwbc4,
the report is designed for a sysadmin because only an experienced one can understand what to do.
Anyway every one can get a quick help by posting a comments on the page of the plugin: as soon as possible I will reply. (don't post the full hack, I use this plugin too!!)

thak you for using this extension,
marco

2012-04-06
Reviews: 2
Your plugin just indicated an attack from an overseas location. I added this tool to my site as a matter of principle just in case it was attacked. Now after having the site up for only 45 days I suffered an attack.
Will be sharing details of the attack with my web hosting provider.

Thanks for providing this great tool to the Joomla! community. Much appreciated.
2012-04-01
Reviews: 3
Somebody tried to hack my site with a code injection. I have received an e-mail about this. This extension do the job very well. Thanks.
2012-03-19
Reviews: 56
I've used this on several of my websites. It's really good, easy to install and helps me sleep better at night knowing i got some protection on my websites. A must have for any serious Joomla webmaster!

Thank you Marco!
2012-01-04
Reviews: 4
The amount of attacks it prevents is pretty scary. Install this, then start looking for the problems.
2011-12-12
Reviews: 1
Very good job Marco. I use your plug for all my sites.
2011-12-08
Reviews: 7
Excellent plugin, easy to use and extremely useful, thank u!
2011-12-08
Reviews: 2
This plugin is really great, does what it is build for. I installed it on my 2 websites, and what a surprise... 30 email per night... so my website is now much safer... Thank you for good plugin
Marek
2011-11-12
Reviews: 11
Iam a site builder in Greece and have more tha 50 joomla sites online.
This plugin has save mu job and my money for many many times, has help me to found an attacker and go him to the judge... except saving my sites ofcourse!
A REALLY BIG THANK YOU FOR PROVIDING US THIS PLUGIN!
I 10000% suggesting it with closed eyes!
Inform me when u will make a donation system on your site!
Page 1 of 2