brian
The extension is so badly coded that it tests for things without checking without checking the context
For example it is impossible to write an article about a trade union as the extension removes the word union
Or to write the word concatenate as it removes the characters concat
Or to write a basic tutorial about joomla as it removes common terms such as jos_users.
Removing any of these from your content is just plain stupid!!!!
Thank you for reporting these issues with jHackGuard in Twitter last week. We have tested and found that there was really a flaw in the jHackGuard version for Joomla 1.6 and 1.7, which was fixed and the new version of the plugin was uploaded yesterday.
Our plugin is originally designed to check whether the user submitting information to the site has admin privileges or not. By default only if the user has NO admin privileges we look for patterns for SQL injections and other hacking techniques and block posts containing such patterns in order to prevent the site from being hacked. Unfortunately, due to a slight modifications in the latest Joomla versions, the check whether an user has admin rights or not wasn't working correctly. This is why you were unable to post articles containing content that you've mentioned as your posts were block by mistake.
You can download the plugin again from our site and give it another try. I believe that you will find it useful and working as expecting to protect your site from hacking attempts. Of course any bug reporting or improvement suggestions are more than welcome!
This can be easily fixed by adding some simple code in the plugin to test if it being called in the front or admin of the site and only enabling it in the admin
Even if my username and password are somehow discovered, perhpas written down on a post it note no one can access my site as they dont have the physical key, a small usb dongle.
The software plugin is free and the usb dongle at $15 is nothing when you consider the security it provides.
And you can use the same key on multiple joomla sites, any openid site, phpmyadmin, drupal etc. (a full list is at the publishers site)
The plugin is easy to install and during the beta stage they have been extremely quick and responding to queries and taking on board suggestions.
for me this is the "killer app"
"
This means that ANYONE can access the html file used to send email
This module actually uses a series of javascript functions and a hidden input box to deny spam. Spam bots work by populating all input boxes, hidden or not, and then submitting the form. Our script checks to see if the hidden box is populated or not. If it is populated then a bot populated it. If it's not pouplated then it's an actual user because a user never sees the box and therefore could never fill it in. The script checks to see which is the case and sends or denies the submission accordingly.
All that to say this module is spam protected.
- Shape 5