- This extension requires registration to download.
This plugin has been successfully used by SiteGround customers during the past few years. Now we make its latest version public, so that you can easily protect your Joomla site. All you need to do is to install jHackGuard and enable it – no additional configuration needed!
I tried to resolve this issue using many different methods (password resets, account re-creation, and disabling the jHackGuard functions one-by-one [turning each one back one as I proceeded to the next function]).
Simply, whenever a registered user, a blogger, attempts to sign in to their account (front-end) they're faced with an invalid token error. I had to turn off the jHackGuard plug-in so that it would re-enable their access. I want to secure my website from SQL injections and other malicious code, but not at the expense of my users. How can I fix this?? Thanks.
I had to learn:
"If you pay peanuts, you get monkeys."
"If you buy cheaply you pay dearly."
First, we’d like to say that jHackGuard doesn’t have a paid version. It’s a free plugin designed to improve your site’s security.
As to your site being hacked over and over again, we’d advise you to get it checked by a professional and make sure that there are no backdoors left from previous hacking attempt.
Having a secure website is a combination of following good practices, having the proper software and keeping it up-to-date. Unfortunately, you can’t have all hacking threads neutralised by using only a single plugin.
The unsubscribe link in the emails does not work, the email siteground link does not work, to file a ticket you have to make an account, and the live chat is a bot.
We are sorry that you decided not to use our plugin. We usually receive very positive feedback from people who have enabled it on their websites.
In regards to the promo emails that you have received from us - during the download of the extension we explicitly ask users for their permission to receive updates from us about our services and products. We have investigated the issue with the broken unsubscribe link and it turned out that during our recent website redesign, the unsubscribe form has stopped working. Our developers have fixed it immediately, and now it is working just fine. Thank you very much for reporting this! If you want, you can either try it again or send us an email at news'at'siteground.com and we will remove your address from the list manually.
As to our Chat support I can assure you that there are no bots working for us at the moment :) However, note that the best place to get a jHackGuard support in case you're not our customer is via the support link above which will redirect you to our forum. It is monitored and questions answered by our Joomla experts (and jHackGuard developers personally). We will be glad to help you there, just drop us a line with your request.
Thanks for the great extension!!!
It looks good, but after upgrading joomla and adding this plugin, my site was hacked - the index.php file was changed.
So it seems this isn't the best solution.
Please post a thread in the jHackGuard support forum(you can access it via the Support button above). We will happy to investigate your case in details and make sure we add the necessary changes to protect Joomla sites against such attacks. If possible please make an archive of your hacked files and allow us access to it. All logs from that period you may have will be useful too.
We take our customers feedback seriously and look into every issue reported to us. We have just released a new plugin version based mostly on the feedback by our users.
But I cannot enable logging on my Sever.
Is there any possibility to change the storage to the folder named logs.
Because, if you host a server by 1&1Puretec, they are using "logs" as there folder. And the permittion can not be set to 755. So a error will show up with every login.
In the current version, you can only specify the name of the log file but not the directory it is saved in. We have already reported this request to the plugin developers and we will do our best to have this new functionality included in the next plugin version.
I ask for solution in SiteGround, but they told me I must create an account with them. I think the plugin is a hook.
In new versions the link to SiteGround is optional, but there is not a visible solution for the problem of oldest versions.
I know is free, but make a warning please. The new version perhaps have an Excellent rating for me, but my vote right now is for the attitude of SiteGround Team.
I see a lot of similars non happy comments in forums, but no real solutions, even when SiteGround's members participate. In best cases they answer is: "Go to SiteGround.com and contact using chat"; I did it, and the solution of the operator was: "create an account with us". And if I don't want to? My site must have an eternal link to SiteGround, even when I uninstall your plugin? This is legal?
If some body have an effective solution let me know an for sure I change my words.
It seems that you are experiencing issues with some 3rd party caching extension. Once the plugin is removed there are NO links or other information that remains on your website. As for receiving support with using this plugin, our website chat isdefinitely not the best place, as our main business is web hosting and the live chat is operated by our web hosting Sales team. However, any jHackGuard user can receive timely assistamce (no matter if s/he uses our hosting services) by posting its request on the special forum category we have created for this purpose. You can access it either from the "Support" button above or directly through this link: http://forum.siteground.com/forumdisplay.php?f=55
Thanks SiteGround. You Guys Rock.
As brian mention, it filters out extremely common words, i have tried the latest 1.2.1 version and it has not sovlved the problem, we have a social network with public bloggers and no matter where you want to use the word union, front-end or back, user level irrespective it removes the work or that part of any word containing it.
Even tried posting it as my status in JomSocial and as a super admin it would not let the post succeed. They are completely delusional if they believe they have solved the problem.
We have tested the plugin and we can confirm that the version for Joomla 1.7 no longer filters in any way content added by users that have access to the administrative area. To make sure that the latest version of jHackGuard is used please completely remove your current instance of jHackGuard, download it anew from our website and install it.
As to the JomSocial component, it allows users without access to the administrative area to create and publish content to your website. This behavior triggers the jHackGuard security checks and if anything suspicious is found it will be blocked. Our plugin utilizes the same logic in both Joomla 1.5 and Joomla 1.7 versions. This means that posting "union" through a JomSocial component will be filtered in all Joomla versions. Note that the majority of the MySQL injections work using precisely this command to execute unwanted queries to your database. For example, if someone posts 'and1=1 UNION select * from jos_users' and your comment extension is not written securely, this will return everything in your jos_users table. Through this command if an attacker find such security hole he/she can execute literally every query he/she wants.
We also plan to develop further the plugin and converting it to a component that utilizes the new Joomla ACL system. This will allow each user better control over the security checks to be applied on his/her website.
The extension is so badly coded that it tests for things without checking without checking the context
For example it is impossible to write an article about a trade union as the extension removes the word union
Or to write the word concatenate as it removes the characters concat
Or to write a basic tutorial about joomla as it removes common terms such as jos_users.
Removing any of these from your content is just plain stupid!!!!
Thank you for reporting these issues with jHackGuard in Twitter last week. We have tested and found that there was really a flaw in the jHackGuard version for Joomla 1.6 and 1.7, which was fixed and the new version of the plugin was uploaded yesterday.
Our plugin is originally designed to check whether the user submitting information to the site has admin privileges or not. By default only if the user has NO admin privileges we look for patterns for SQL injections and other hacking techniques and block posts containing such patterns in order to prevent the site from being hacked. Unfortunately, due to a slight modifications in the latest Joomla versions, the check whether an user has admin rights or not wasn't working correctly. This is why you were unable to post articles containing content that you've mentioned as your posts were block by mistake.
You can download the plugin again from our site and give it another try. I believe that you will find it useful and working as expecting to protect your site from hacking attempts. Of course any bug reporting or improvement suggestions are more than welcome!
I have installed it now on 5 websites I have created and they are all secure. (or seem to be)
On my personal Joomla website I have tried several other Admin tools, so that in the future (If one of my clients get hacked) I have other things I can do to help them out. Thanks to all the programmers who make these Extensions for Joomla! (Non-Commercial)
As far as the footer, just take it out of the plugin file. I didnt mess with the php code, just the html section that puts it in there.