Marco's SQL Injection
Version
1.2 (last update on Mar 26, 2013)
Rating
Compatibility
Reviews
32
License
GPLv2 or later
Non-Commercial
Type
Date Added
29 May 2010
* Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
* Notifies you by e-mail when a alert is generated.
* Protect also from unKnown 3rd Party extensions vulnerability.
* White list for safe components (at your risk ;) )
* automatic ip blocking on attack
Enable mail report and prepare yourself to be scared!
Anyway remember that security it is a 'forma mentis', not a plugin!
HISTORY
Version 1.2 Mar 26th, 2013:
* Joomla! 3.0 compatility & coding style
* try - catch table checking
* InnoDB table support
* it works fine, nothing else to do on J2.5 ;)
Version 1.1 (Mar 10th, 2011)
* ip auto banning on attack (ip blocking)
* RegEx improvements to intercept more SQL attacks
Version 1.0 (Jan 7st, 2011)
* Joomla! v1.6 compatibility
* send mail also when error is raised
* minor code optimization
Version .98a (Jun 1st, 2010) Thanks to Jeff
* fixed backtics matching
* fixed union all matching
* fixed ....// exploit
* added more info to report mail
Version .98 (May 29th, 2010)
first release.
Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".
Very Good Extension... Saved me a lot of trouble tracing potential attacks, and avoiding them.
I was having difficulty getting a passing grade with GoDaddy's Website Protection Service regarding SQL injection and XSS.
I discovered this extension, installed and set it up, and passed the security screen on its next scheduled scan.
It works as advertised...thanks much!
I discovered this extension, installed and set it up, and passed the security screen on its next scheduled scan.
It works as advertised...thanks much!
what a fantastic little plug-in for joomla
easy to install and configure and does exactly what it says on the tin so to speak !
keep up the great work
easy to install and configure and does exactly what it says on the tin so to speak !
keep up the great work
Using Marco's SQL Injection in Joomla 2.5 and 1.5 since version 1.1 (April 2011).
Advantages: basic protection of SQL injection, attack attempts to notify the site.
Disadvantages: not currently identified.
Support - not used.
Unfortunately there is no way to verify the effectiveness of this extension yourself.
Use this extension on graduate school ites.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
Advantages: basic protection of SQL injection, attack attempts to notify the site.
Disadvantages: not currently identified.
Support - not used.
Unfortunately there is no way to verify the effectiveness of this extension yourself.
Use this extension on graduate school ites.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
very nice, but how can we interpret the email messages with the hack attempts, so we can try and fix something if needed? is there a place to post those email messages with the sql injection attempts to get help on them?
Owner's reply
Hi learwbc4,
the report is designed for a sysadmin because only an experienced one can understand what to do.
Anyway every one can get a quick help by posting a comments on the page of the plugin: as soon as possible I will reply. (don't post the full hack, I use this plugin too!!)
thak you for using this extension,
marco
Your plugin just indicated an attack from an overseas location. I added this tool to my site as a matter of principle just in case it was attacked. Now after having the site up for only 45 days I suffered an attack.
Will be sharing details of the attack with my web hosting provider.
Thanks for providing this great tool to the Joomla! community. Much appreciated.
Will be sharing details of the attack with my web hosting provider.
Thanks for providing this great tool to the Joomla! community. Much appreciated.
this Plug-in is banned my own IP Address now i cannot access my site :'( T_T firmanmaulananumber1.tk
can someone help me???
am only 13years old man
Thanks
can someone help me???
am only 13years old man
Thanks
Owner's reply
The site contains instructions for action in case of problems like these (the 'Recovery of improper installation' section), there are also the comments of users and a help service.
You played with the configuration without reading the instructions and you locked yourself out of your house: why did not you ask for help before writing a negative review?
You have 13 years and you are young, but take a moment to think about what damage you could have done with your review, if this extension was a commercial component.
bye,
marco
The amount of attacks it prevents is pretty scary. Install this, then start looking for the problems.
Iam a site builder in Greece and have more tha 50 joomla sites online.
This plugin has save mu job and my money for many many times, has help me to found an attacker and go him to the judge... except saving my sites ofcourse!
A REALLY BIG THANK YOU FOR PROVIDING US THIS PLUGIN!
I 10000% suggesting it with closed eyes!
Inform me when u will make a donation system on your site!
This plugin has save mu job and my money for many many times, has help me to found an attacker and go him to the judge... except saving my sites ofcourse!
A REALLY BIG THANK YOU FOR PROVIDING US THIS PLUGIN!
I 10000% suggesting it with closed eyes!
Inform me when u will make a donation system on your site!
This is an excellent plugin,I've suffered so much in the past from sql injection until this plugin made it so easy for my at least to find out which extension the hacker is trying to get into.
Great work Marco, I've been using joomla since it was Mambo never wrote a review before, after using this plugin and see it working perfectly.
Thanks again
Great work Marco, I've been using joomla since it was Mambo never wrote a review before, after using this plugin and see it working perfectly.
Thanks again
Very good, use it on all my sites. Thanks Marco!
Page 1 of 2
