* Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
* Notifies you by e-mail when a alert is generated.
* Protect also from unKnown 3rd Party extensions vulnerability.
* White list for safe components (at your risk ;) )
* automatic ip blocking on attack
Enable mail report and prepare yourself to be scared!
Anyway remember that security it is a 'forma mentis', not a plugin!
Version 1.2 Mar 26th, 2013:
* Joomla! 3.0 compatility & coding style
* try - catch table checking
* InnoDB table support
* it works fine, nothing else to do on J2.5 ;)
Version 1.1 (Mar 10th, 2011)
* ip auto banning on attack (ip blocking)
* RegEx improvements to intercept more SQL attacks
Version 1.0 (Jan 7st, 2011)
* Joomla! v1.6 compatibility
* send mail also when error is raised
* minor code optimization
Version .98a (Jun 1st, 2010) Thanks to Jeff
* fixed backtics matching
* fixed union all matching
* fixed ....// exploit
* added more info to report mail
Version .98 (May 29th, 2010)
Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".
Great work Marco, I've been using joomla since it was Mambo never wrote a review before, after using this plugin and see it working perfectly.
Today there were 126 attacks from different servers within USA trying to inject the strings into joomlub? No such component has been installed, so it was a blind attack. Strange.
Keep in mind - our site is non-profit - what is the point of crashing our site? NONE...
THANK YOU, Marco!!! May this Great Karma find its way back to you tenfold!
Here is an example of some of the info from e-mail notification from one of the attacks:
**PAGE / SERVER INFO
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
** SUPERGLOBALS DUMP (sanitized)