First just let me say that the extension appears to be VERY effective at securing the web site.. It's blocked a few SQL injection attempts already.. with that said.
I'm running joomla 2.5.13 and OSE Anti-Hacker 5.3.4
1. When a hack is blocked, I get multiple copies of the notification.. the first comes to just me, the second goes to me and another admin, third goes to me and all of the admins and the fourth goes to all but one of the admins ( 4 total admins ) .. It notifies based on "Receives System Emails" user configuration. I would much rather have the recipients be manually configured personally.. but the multiple notifications is really annoying.
2. The IP Management screen doesn't work.. It acts like there's no entries when I try to add white listed addresses.. yet, they are in the database.. I'm not sure that the white list even works, I've not tried to test that yet.
We hoped to deploy this on several sites but if I get multiple notifications for every blocked hack on dozens of sites I'll be flooded.. also, not all of the admins need to be receiving this notification.. some are just interns that approve new user registrations for example.. so I seriously think having a recipient list in the OSE configuration would be better.
Once the notification issue is resolved I'll be happy =)
Thank you for your report. Please upgrade the component to version 6, the two issues have been resolved in version 6 already. Especially this one:
'I seriously think having a recipient list in the OSE configuration would be better.'
In version 6, please go to Configuration --> There is a section called Admin-Email Mapping, please enter that section and choose which user you wouldl like him / her to receive notifications.
Also, in this new version, the notification will be sent the first time the alert is triggered, and there is another email being sent when the attack is blocked, so the duplicated email notifications issue is resolved in version 6.
Hope this helps. :)
While my company sticks to pretty strong security policies such as never having an "admin" account and a daily password change ( yes, daily.. automated password changes ) .. I still don't like the idea of someone sending hundreds of POST requests per hour trying to break into one of our sites.
I had written a script to analyze the apache logs for x number of POST requests in an hour to ban them from the server ENTIRELY but while that's been successful.. it's had one or two false positives and it still doesn't prevent someone from getting in a hundred or so tries before the script catches them.
In comes this plugin! I love it because it's more specific, it doesn't just count POSTs per hour it counts failed login attempts in a row and allows you to temp ban them as well as get notified.. I have it set up to ban after only 4 attempts for a period of an hour which I think is fair.. I get notified so if I see abuse I can permanently ban them myself.
Great job! I'm glad I found it so I didn't have to write it myself =)
You might be able to get away with re-ordering the plugins so that the default redirect plugin is below this one.. I haven't tried that yet to confirm, I know on some of our sites we make use of the built in redirect so this would be a big problem on those sites.
So clearly documentation on that particular, rather important issue is sorely needed! .. I spent a good hour trying to figure out why this wasn't working until I went back and re-read the reviews for help ... The author's site has a forum but it has zero posts and it only has "Suggestion Box" .. so no help there.
The lack of help/documentation is the only thing that kept me from giving this a perfect score..
Not need to disable just you can play with ordering of plugins, sort this plugin in top of all
Nevertheless, the only thing I could suggest is the ability to select multiple articles at once and add them all to a menu at the same time... If I had that ability I would literally have only needed 2 minutes to do what just took me 5 with your module ( and would have taken me 15-20 with Joomla by itself )..
Another person mentioned browser incompatibilities but we tested with Chrome, Firefox, IE8, IE9, Older versions of Safari and the latest version of Safari .. all of which worked perfectly fine for us.
I do find it odd however that there's another plugin with this same exact name, and same exact syntax by another person.. nevertheless, we love what it's done for us.. it saves time and looks good out of the box... we went with this one because we're also very happy users of the K2 extension.
My company builds websites that make use of the popular K2 content system.. And while the version plugin does show up under the editor window, there are no revisions in the system because it's not K2 aware.
For most people this is a non-issue but it's good to know in case you're using something other than the out of the box Joomla content management.
With all of that said, I've used it in the past before we switched and it definitely saved our life more than once.. if/when K2 support is ever included, I'll be a user again.
The category structure is nice and fits with the menu layouts we create so the clients that end up using our sites have no issues at all working with it.
I also love that we can build multiple custom templates for outputting K2 content, we can create a category for events that are laid out entirely different than standard content pages for example.. This ability is one of the key reasons we use this component so extensively.
Generally speaking, when we build a site for someone and use K2, the end-user can do virtually everything within K2 without ever needing another component.. I've even built a shopping cart around it.