The Joomla! Extensions Directory ™

Marco's SQL Injection Plugin

This plugin adds a simple but, in most cases, fondamental protection against SQL injection and LFI (local files inclusion) attacks. It checks data sent to Joomla and intercepts a lot of common exploits, saving your site from hackers.

* Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
* Notifies you by e-mail when a alert is generated.
* Protect also from unKnown 3rd Party extensions vulnerability.
* White list for safe components (at your risk ;) )
* automatic ip blocking on attack

Enable mail report and prepare yourself to be scared!

Anyway remember that security it is a 'forma mentis', not a plugin!


Version 1.4 Apr 28th, 2014:
* minor code fixes (not security related)
* default table type set by DB engine
* table creation by sql install file

Version 1.2 Mar 26th, 2013:
* Joomla! 3.0 compatility & coding style
* try - catch table checking
* InnoDB table support
* it works fine, nothing else to do on J2.5 ;)

Version 1.1 (Mar 10th, 2011)
* ip auto banning on attack (ip blocking)
* RegEx improvements to intercept more SQL attacks

Version 1.0 (Jan 7st, 2011)
* Joomla! v1.6 compatibility
* send mail also when error is raised
* minor code optimization

Version .98a (Jun 1st, 2010) Thanks to Jeff
* fixed backtics matching
* fixed union all matching
* fixed ....// exploit
* added more info to report mail

Version .98 (May 29th, 2010)
first release.

Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".

Report Extension



Reviews: 5
If installed on a server that uses IPv6 the server will return a 500.
So IPv6 support would be nice and make it usable again.

Features and functionality is excellent!
If you dont use IPv6, than this is the best plugin for blocking unwanted users.
Reviews: 6
It is very useful plugin which make it clear when and what type of attack on your site happens, so you can choose god way to protect it.
I hope that in next release subject will be customizable.
Reviews: 16
I love the pure simplicity of this plugin. So easy to set up you might think it doesn't work! On the contrary...this plugin has saved my website time and time again from hacker attempts. Definitely a MUST HAVE for your website.
Reviews: 1
This plug in has protected my personal sites after losing one to a sql injection attack.

Reviews: 6
A eally useful plugin, helps a lot to prevent attacks on the DB.
Although the assistance is timely and of high quality.
For sure I would recommend it to a friend
Reviews: 10
I have tried to find an effective method to prevent, or at least hinder SQL injection attacks from wannabe script jockeys, so far this plugin has stopped two such attacks. I like the idea of IP blocking. It's a shame that so many wannabe hackers are using automated Pen-testing software to find vulnerabilities. none more so observed than that on WordPress and older Joomla installation. I have no errors to report on the functionality of this great plugin (as yet) and encourage the use of this plugin to anyone looking for FREE SQL injection protection. Keep up the good work Dev'. 5 Stars!
Reviews: 4
Its Really Really a Great Plugin, i have experimented with all possibilities to hack, and its worked excellent, It will give you a detailed report and also you can set the time for temporary Banning of IP.
Thanks for sharing such a great plugin.
Reviews: 7
This blocks POST, GET, REQUEST and blocks SQL injections.

There will be detailed report, with attempt string, and hacker's IP.
I try to report each attack at projecthoneypot

Report looks like:
** Local File Inclusion (and string)



This plugin Rocks and Roll
Reviews: 4
Very Good Extension... Saved me a lot of trouble tracing potential attacks, and avoiding them.
Reviews: 2
Thanks for this extension, is exactly what I needed.
It works perfect.
Reviews: 7
Great plugin, very effective and easy to set. Thanks a lot
Reviews: 6
I was having difficulty getting a passing grade with GoDaddy's Website Protection Service regarding SQL injection and XSS.

I discovered this extension, installed and set it up, and passed the security screen on its next scheduled scan.

It works as advertised...thanks much!
Reviews: 2
what a fantastic little plug-in for joomla
easy to install and configure and does exactly what it says on the tin so to speak !
keep up the great work
Reviews: 32
Using Marco's SQL Injection in Joomla 2.5 and 1.5 since version 1.1 (April 2011).
Advantages: basic protection of SQL injection, attack attempts to notify the site.
Disadvantages: not currently identified.
Support - not used.
Unfortunately there is no way to verify the effectiveness of this extension yourself.
Use this extension on graduate school ites.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
Reviews: 8
Thank you very much. I instaldo the extension and I hope that this is more difficult that malignant iyecten instructions to site ... thanks for sharing work and above all keep fighting for freedom and security ... thanks
Reviews: 8
very nice, but how can we interpret the email messages with the hack attempts, so we can try and fix something if needed? is there a place to post those email messages with the sql injection attempts to get help on them?
Owner's reply

Hi learwbc4,
the report is designed for a sysadmin because only an experienced one can understand what to do.
Anyway every one can get a quick help by posting a comments on the page of the plugin: as soon as possible I will reply. (don't post the full hack, I use this plugin too!!)

thak you for using this extension,

Reviews: 2
Your plugin just indicated an attack from an overseas location. I added this tool to my site as a matter of principle just in case it was attacked. Now after having the site up for only 45 days I suffered an attack.
Will be sharing details of the attack with my web hosting provider.

Thanks for providing this great tool to the Joomla! community. Much appreciated.
Reviews: 3
Somebody tried to hack my site with a code injection. I have received an e-mail about this. This extension do the job very well. Thanks.
Reviews: 54
I've used this on several of my websites. It's really good, easy to install and helps me sleep better at night knowing i got some protection on my websites. A must have for any serious Joomla webmaster!

Thank you Marco!
Reviews: 4
The amount of attacks it prevents is pretty scary. Install this, then start looking for the problems.
Page 1 of 2