jHackGuard
- This extension requires registration to download.
This plugin has been successfully used by SiteGround customers during the past few years. Now we make its latest version public, so that you can easily protect your Joomla site. All you need to do is to install jHackGuard and enable it – no additional configuration needed!
This plugin is most definitely not worth your time.
Hello,
jHackGuard actually filters only the input to your website and should not be causing such issues. We would kindly ask you to post a topic in our jHackGuard support forum (http://forum.siteground.com/forumdisplay.php?55-Joomla-Extensions) with more details on that matter so we can further investigate your case. For example the system extensions you are using on your website, the error messages you are receiving if any etc.
Earlier, I always got a lot of problems with my Joomla site. But since I am using this plugin, not a single attack more.
Thank you siteground team.
Thanks for the great extension!!!
It looks good, but after upgrading joomla and adding this plugin, my site was hacked - the index.php file was changed.
So it seems this isn't the best solution.
Please post a thread in the jHackGuard support forum(you can access it via the Support button above). We will happy to investigate your case in details and make sure we add the necessary changes to protect Joomla sites against such attacks. If possible please make an archive of your hacked files and allow us access to it. All logs from that period you may have will be useful too.
We take our customers feedback seriously and look into every issue reported to us. We have just released a new plugin version based mostly on the feedback by our users.
But I cannot enable logging on my Sever.
Is there any possibility to change the storage to the folder named logs.
Because, if you host a server by 1&1Puretec, they are using "logs" as there folder. And the permittion can not be set to 755. So a error will show up with every login.
Hello,
In the current version, you can only specify the name of the log file but not the directory it is saved in. We have already reported this request to the plugin developers and we will do our best to have this new functionality included in the next plugin version.
I ask for solution in SiteGround, but they told me I must create an account with them. I think the plugin is a hook.
In new versions the link to SiteGround is optional, but there is not a visible solution for the problem of oldest versions.
I know is free, but make a warning please. The new version perhaps have an Excellent rating for me, but my vote right now is for the attitude of SiteGround Team.
I see a lot of similars non happy comments in forums, but no real solutions, even when SiteGround's members participate. In best cases they answer is: "Go to SiteGround.com and contact using chat"; I did it, and the solution of the operator was: "create an account with us". And if I don't want to? My site must have an eternal link to SiteGround, even when I uninstall your plugin? This is legal?
If some body have an effective solution let me know an for sure I change my words.
Hello,
It seems that you are experiencing issues with some 3rd party caching extension. Once the plugin is removed there are NO links or other information that remains on your website. As for receiving support with using this plugin, our website chat isdefinitely not the best place, as our main business is web hosting and the live chat is operated by our web hosting Sales team. However, any jHackGuard user can receive timely assistamce (no matter if s/he uses our hosting services) by posting its request on the special forum category we have created for this purpose. You can access it either from the "Support" button above or directly through this link: http://forum.siteground.com/forumdisplay.php?f=55
Thanks SiteGround. You Guys Rock.
Regards
Syed
As brian mention, it filters out extremely common words, i have tried the latest 1.2.1 version and it has not sovlved the problem, we have a social network with public bloggers and no matter where you want to use the word union, front-end or back, user level irrespective it removes the work or that part of any word containing it.
Even tried posting it as my status in JomSocial and as a super admin it would not let the post succeed. They are completely delusional if they believe they have solved the problem.
Hello,
We have tested the plugin and we can confirm that the version for Joomla 1.7 no longer filters in any way content added by users that have access to the administrative area. To make sure that the latest version of jHackGuard is used please completely remove your current instance of jHackGuard, download it anew from our website and install it.
As to the JomSocial component, it allows users without access to the administrative area to create and publish content to your website. This behavior triggers the jHackGuard security checks and if anything suspicious is found it will be blocked. Our plugin utilizes the same logic in both Joomla 1.5 and Joomla 1.7 versions. This means that posting "union" through a JomSocial component will be filtered in all Joomla versions. Note that the majority of the MySQL injections work using precisely this command to execute unwanted queries to your database. For example, if someone posts 'and1=1 UNION select * from jos_users' and your comment extension is not written securely, this will return everything in your jos_users table. Through this command if an attacker find such security hole he/she can execute literally every query he/she wants.
We also plan to develop further the plugin and converting it to a component that utilizes the new Joomla ACL system. This will allow each user better control over the security checks to be applied on his/her website.
The extension is so badly coded that it tests for things without checking without checking the context
For example it is impossible to write an article about a trade union as the extension removes the word union
Or to write the word concatenate as it removes the characters concat
Or to write a basic tutorial about joomla as it removes common terms such as jos_users.
Removing any of these from your content is just plain stupid!!!!
Thank you for reporting these issues with jHackGuard in Twitter last week. We have tested and found that there was really a flaw in the jHackGuard version for Joomla 1.6 and 1.7, which was fixed and the new version of the plugin was uploaded yesterday.
Our plugin is originally designed to check whether the user submitting information to the site has admin privileges or not. By default only if the user has NO admin privileges we look for patterns for SQL injections and other hacking techniques and block posts containing such patterns in order to prevent the site from being hacked. Unfortunately, due to a slight modifications in the latest Joomla versions, the check whether an user has admin rights or not wasn't working correctly. This is why you were unable to post articles containing content that you've mentioned as your posts were block by mistake.
You can download the plugin again from our site and give it another try. I believe that you will find it useful and working as expecting to protect your site from hacking attempts. Of course any bug reporting or improvement suggestions are more than welcome!
I have installed it now on 5 websites I have created and they are all secure. (or seem to be)
On my personal Joomla website I have tried several other Admin tools, so that in the future (If one of my clients get hacked) I have other things I can do to help them out. Thanks to all the programmers who make these Extensions for Joomla! (Non-Commercial)
As far as the footer, just take it out of the plugin file. I didnt mess with the php code, just the html section that puts it in there.
The worst thing fo this plugins are that you don't notice if they are beeing useful, as the block the own problems that make you need them! :P
Thanks for publishing the plugin guys!
as for removing the "joombla extension by siteground" water mark at the bottom of the front page..
as stated by CarlG (a few post below)...
but it's gest if you use remove the URL and the text
and leave the codes be!!! since if you remove the codes.. you site will not even load!!!
my advice to remove the watermark is
1- copy and paste your codes into a txt file before doing anything.. so if you messed up.. you can just re-paste them
2- if you want to remove the trademark of the front page..
remove THE URL and the TXT in the Replacement line
so what you looking for is
www.siteground.com and joombla extensiones by siteground..
or soemthing like those two within the $replacement =
that's all
