* Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
* Notifies you by e-mail when a alert is generated.
* Protect also from unKnown 3rd Party extensions vulnerability.
* White list for safe components (at your risk ;) )
* automatic ip blocking on attack
Enable mail report and prepare yourself to be scared!
Anyway remember that security it is a 'forma mentis', not a plugin!
Version 1.4 Apr 28th, 2014:
* minor code fixes (not security related)
* default table type set by DB engine
* table creation by sql install file
Version 1.2 Mar 26th, 2013:
* Joomla! 3.0 compatility & coding style
* try - catch table checking
* InnoDB table support
* it works fine, nothing else to do on J2.5 ;)
Version 1.1 (Mar 10th, 2011)
* ip auto banning on attack (ip blocking)
* RegEx improvements to intercept more SQL attacks
Version 1.0 (Jan 7st, 2011)
* Joomla! v1.6 compatibility
* send mail also when error is raised
* minor code optimization
Version .98a (Jun 1st, 2010) Thanks to Jeff
* fixed backtics matching
* fixed union all matching
* fixed ....// exploit
* added more info to report mail
Version .98 (May 29th, 2010)
Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".
There will be detailed report, with attempt string, and hacker's IP.
I try to report each attack at projecthoneypot
Report looks like:
** Local File Inclusion (and string)
** SUPERGLOBALS DUMP
This plugin Rocks and Roll
I discovered this extension, installed and set it up, and passed the security screen on its next scheduled scan.
It works as advertised...thanks much!
Advantages: basic protection of SQL injection, attack attempts to notify the site.
Disadvantages: not currently identified.
Support - not used.
Unfortunately there is no way to verify the effectiveness of this extension yourself.
Use this extension on graduate school ites.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
the report is designed for a sysadmin because only an experienced one can understand what to do.
Anyway every one can get a quick help by posting a comments on the page of the plugin: as soon as possible I will reply. (don't post the full hack, I use this plugin too!!)
thak you for using this extension,
Will be sharing details of the attack with my web hosting provider.
Thanks for providing this great tool to the Joomla! community. Much appreciated.