- Site Security

OSE Anti-Hacker™ for Joomla!

OSE Anti-Hacker™ for Joomla!

Paid download | Site Security | Open Source Excellence
3
Score:
93
41 reviews
*Note: Joomla 1.5 websites can only use version 3.X. OSE Anti-Hacker version 5 supports Joomla 1.6/1.7/2.5 system only. Please note our updated version is callced Centrora Security which can be accessed here: http://extensions.joomla.org/extensions/extension/access-a-security/site-security/centrora-security Updates: OSE Anti-Hacker Version 5.3.3 - 5.3.4 * New feature -- Added the confidence level parameter for Stop Forum Spam Anti-Spamming function OSE Anti-Hacker Version 5.3.2 - 5.3.3 * New feature -- Added Stop Forum Spam Anti-Spamming function The major technical features include: * Double Firewall system providing Three Layers of protection: * o Layer 1: Signature-based Detection System - detecting most common hacking behaviours. + a) Surface Scanning, once hacking behaviour is found, the activity and corresponding IP will be banned immediately. o Layer 2: Pattern-based Instruction Detection Systems - blocking all inbound malicious codes and hacking activities, including network-, application-, and operating system-level attacks. + b) Scans and monitors all URL, Form Fields, Cookies values. + c) If hacking is found and the Risk Score exceed the secure level, the IP will be banned immediately. + d) If Suspicious Hacking behaviour is found for Form Fields and Cookies hacking, the
c
DataSafe PRO

DataSafe PRO

Free | Site Security | Barnaby Dixon
3
Score:
93
22 reviews
DataSafe Pro is professional database backup. It generates a snapshot of your full Joomla database, which allows you to quickly revert your content, whenever you want. It's ideal for creating a quick backup before you start any changes to your website. And to restore your Joomla database from a backup it's easy. Either select a DataSafe backup stored online, or upload a backup stored on your local computer using the DataSafe Pro interface. A DataSafe Pro backup contains all your database information, so if your system goes down, you make a mistake in configuration, or you want to roll back your system to an earlier time, just select a backup and restore it using the DataSafe Pro interface. If you can't access your Joomla administrator panel, you can also restore your DataSafe backup using PHPMyAdmin (or similar) which is installed on every server. Just use a DataSafe Pro backup stored on your local computer, or if your administrator area is unavailable, use FTP to download a backup stored online. Each DataSafe Pro backup is compressed using gzip; your database is automatically repaired and optimized during backup to maintain perfect performance, and every backup is instantly emailed to you so you have an offline copy. Each backup is also stored securely online, ready for you to restore whenever you like. And if you'd like to automate the process to create a backup every hour, day or week - it's easy, with the purchase of an optional license that allows you to automate backups across all your Joomla systems for one single low price. Try DataSafe Pro backup for yourself today, and get database backups you can depend on.
c p
Antivirus Website Protection

Antivirus Website Protection

Free | Site Security | SafetyBis Ltd.
3
Score:
93
15 reviews
Antivirus Website Protection is the security plugin to prevent/detect and remove malicious viruses and suspicious codes. It detects: backdoors, rootkits, trojan horses, worms, fraudtools, adware, spyware and etc. Antivirus Website Protection scans not only template files, it scans and analyzes all the files of your website (even if it's not a part of Joomla core files) Antivirus Website Protection will be especially useful for everybody who downloads templates and extensions from torrents and websites with free stuff instead of purchase the original copies from the developers. You will be shocked, how many free gifts they have inside :) *** Main features: *** - Deep scan of every file on your website. - Daily update of the virus database. - Heuristic Logic feature. - Alerts and Notifications in admin area and by email. - Daily cron feature. - Scanner can detect a wide list of malware types. - View Security reports online. *** The list of malware types what our scanner can detect: *** - MySQL and JavaScript injections (There is a lot of different attacks on your website but the most popular type and the easiest is probably MySQL injection. Our scanner will help you detect all possible issues with JavaScript and MySQL) - Website Defacements (When hackers break in to your website they can change the appearance of your website or a webpage. We have set up a feature that can help you prevent any changes on your website) - Hidden iFrames (If hacker gets an access to your website Ftp they usually set up a hidden iFrame. That way they can use your website to get the viruses on your visitors computers) - PHP Mailers (Sometimes hackers use your website to send a SPAM emails from your web server. Our smart scanning module was made to detect all possible PHP mailing scripts on your website and prevent your website from sending SPAM) - Social Engineering Attacks (There are a lot of social engineering methods to get an access to your website. Our scanning software will help you to protect your website) - Phishing Page Detection (Hackers can install a phishing page on your website without you knowing it. Sometimes they can use your website) - Redirects - Website Backdoors (Allow to get full control on website and server) - Website Anomalies - Drive-by-Downloads - Cross Site Scripting (XSS) - .htaccess (Hack Detection) - Rootkits and variants of this type of malware - Trojan horses - Internet worms - Fraudtools - Adware and spyware scrips and much more... Protect your website before the problems come. Monitor your website and minimize incident time with our automated scans. Please note: Plugin sends and receives the data to SiteGuarding.com API.
c
Stop Registration Bots

Stop Registration Bots

Free | Site Security | Ray Lawlor
3
Score:
93
7 reviews
Is your Joomla site constantly being bombarded with registration bots? i.e. there is a bot registering on your site with the same name, but different username and email each time? Sick of getting fake registration notices to your inbox? This plugin will allow you simply type in the name the bot is using and then block it forever. You can also prevent certain usernames and email addresses being used on your site, so if you find you're being bombarded with registrations from '@gmail.com' email addresses, use this plugin to stop them. Simply install the plugin as you would any Joomla Plugin. When installed go to the plugin in the Plugin Manager and open the plugin. Make sure it is enabled. In the "Basic Settings" you can enter what "Names", "Usernames" and "Email addresses" you'd like to be blocked. This prevents anyone using those credentials from registering. ::ADDED:: Block email addresses that use more than 2 'dots' in their addresses (a common trait of spam bots). This value is configurable. Block too many 'same name' registrations. Spam bots tend to use the same name over and over. there is now a setting to stop the same name being registered more than the set amount of times. ::ADDED in 1.0.1:: New email wildcard feature. Simply add an offending email domain i.e. "@gmail.com" and all users trying to us a gmail email will be blocked. ::ADDED in 1.2.0:: Bugs squashed! Also now you can block any Top Level Domain.
p
Captcha by Ideal

Captcha by Ideal

Paid download | Site Security | Ideal Extensions
3
Score:
93
7 reviews
Important: This plugin ONLY works with Contact Enhanced [1], Ajax Recommend [2] Ajax Contact [3] and iRecommend [4]. Multiple CAPTCHA Engine is a system plugin to produce and verify captcha images. With this new version, you will get 4 different captcha systems (libraries): SecurImage PHP library (requires GD image Library), ReCAPTCHA (requires an API key from recaptcha.net); MathGuard, simple but effective. VouchSafe, a New Spam prevention approach. (only compatible with Contact Enhanced and iRecommend) [1] - http://ideal.fok.com.br/joomla-extensions/component-contact-enhanced.html [2] - http://ideal.fok.com.br/joomla-extensions/module-ajax-recommend.html [3] - http://ideal.fok.com.br/joomla-extensions/module-ajax-contact.html [4] - http://ideal.fok.com.br/joomla-extensions/component-irecommend.html
p e
yKhoon Advanced Lock Account

yKhoon Advanced Lock Account

Paid download | Site Security | YK Lim
3
Score:
93
1 review
yKhoon Lock Account Advanced Edition (previously known as yKhoon Advanced Lock Account) is an extension that lock your visitor user account when there is multiple log in using the same account. When your visitor user account is locked, the extension will send the visitor a notification email based on the email address provided during registration. The notification email which contain all essential information will enable the visitor to reactivate his/her user account successfully. In case of something unpredictable happen, the administrator can manually reactivate the locked user account. yKhoon Lock Account Advanced Edition provides a method that will easily unlock the user account with a few clicks of button. A log file will be created when a user account is locked and when the administrator manually reactivate a locked user account. Information such as date, time, and the user account involved will be stored at the log file. This will enable the administrator to take further action if needed Changes: Compatible with PHP 7. Main Features: Lock an user account when multiple login is detected. The extension will not allow locked user account to log in until the locked user account is unlocked. Notify the user about his/her locked account and activation link via email. Added a method which allow the user to unlock his/her account. The reactivation link send to the user will have one time access only. The extension will automatically log out all user which use the same user account to login to the web site when the account is reactivated. Joomla! Administration (back-end) is immune to the functionality of this extension. Super Administration or Super Users is immune to the functionality of this extension. Tested compatible with Community Builder. Using AJAX to validate the input data. (Advanced Edition only) Added a feature for manually reactivate locked user account from back-end. (Advanced Edition only) Less setting is needed to setup the extension. (Advanced Edition only) Able to change the notification email content, sender email address, sender name, and email subject. (Advanced Edition only) Able to change the error messages that will shown when a user account is locked and when the locked user account want to access the web site. (Advanced Edition only) Able to prevent user from using old password as new password when reactivate the user account. (Advanced Edition only) Added Carbon Copy and Blind Carbon Copy on notification email. (Advanced Edition only)
c p
JHacker Watch

JHacker Watch

Free | Site Security | Innato BV
3
Score:
93
1 review
A plug-in that continuously monitors your Joomla! install and analyses whether critical user account details have been changed or directories and files have either been modified, added or are not part of a standard Joomla! install. It therefore provides an additional line of defense against website hacking attempts. The plug-in slows down repeated back-end log-in attempts to make brute force attacks frustratingly ineffective. Includes an optional Remote Monitoring service. The plug-in does NOT prevent hacking attempts and cannot guarantee that your website will never be hacked, but it counteracts certain unusual activities and - most importantly - notifies the site administrator(s) of these activities, thus making sure that hack attempts will not go unnoticed and providing more specific information for the website administrator(s) to remediate these. A non-expiring free trial edition is available, but if you want the 'real thing', you should get yourself the Standard or Business edition, which provide better protection and have more options. These editions include, for example, an extended option to autoremove files that are not part of a standard Joomla! install. Compatible with PHP 7. The download link also provides access to the J2.5 version.
p
DMC Firewall Professional

DMC Firewall Professional

Paid download | Site Security | Dean Marshall Consultancy Ltd
3
Score:
93
1 review
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Pro increases your websites protection by blocking 'Bat Bot' attempts - preventing your website from being taken down. You can also: * Change your database's table prefix * Change your Super Administrator ID * Password protect your 'administrator' folder * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time Along with the main DMC Firewall component, we also install an 'authentication' plugin that adds additional protection for all login modules (admin area and front end). This module prevents brute force login attempts by 'banning' any attempt before they get the chance to perform multiple login attempts. 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
EXP PassField

EXP PassField

Free | Site Security | Grusha
3
Score:
93
1 review
EXP PassField is a javascript that simplifies creation of sophisticated password fields. *** Version 1.2 *** Add warning tells you all of the rules
p
JR SecurImage

JR SecurImage

Paid download | Site Security | JoomlaRoad
3
Score:
93
1 review
Features HTML5 audio Customizable code length, character sets, and Unicode support TTF font support Easily add background images Several security features such as image distortion, random lines, and noise Flash button to stream audible codes in WAV format Ability to use a word list Case sensitive option for added security Display alphanumeric captchas, mathematical captchas, or a multi word captcha Highly customizable!
p
Antispam by CleanTalk

Antispam by CleanTalk

Paid download | Site Security | CleanTalk
3
Score:
92
41 reviews
Max power, all-in-one, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any Joomla forms. Just install and forget. No CAPTCHA, no questions, no counting animals, no puzzles, no math and no spam bots. Invisible antispam without CAPTCHA, questions, puzzles, counting animals, math and etc. CleanTalk Anti-Spam is a Joomla! partner https://www.joomla.org/about-joomla/partners.html Anti-Spam features Stops spam comments. Stops spam registrations. Stops spam contact emails. Stops spam orders. Stops spam bookings. Stops spam subscriptions. Stops spam in widgets. Spam protection • Stops spam bots at VirtueMart. • Stops spam bots at JComments 2.3, 3.0, K2. • Stops spam bots contact emails on Joomla feedback from, Rapid Contact, VTEM Contact, Sobipro, RS Form, Breezing forms, Easybook Reloaded. • Spam protection for any Joomla forms (with enabled anti-spam option 'Enable anti-spam test for any contact forms'). Cloud anti-spam for Joomla. CAPTCHA less, no spam comments, no spam registrations, no spam contact emails Spam is one of the most irritating factors. Spam become every year more and conventional anti-spam can no longer handle all the spam bots. CleanTalk prevents spam and automatically blocks it. You'll be surprised of effective protection against spam. Anti-spam plugin info CleanTalk is an anti-spam protection 4 in 1 for Joomla that protects login, comments, contact and VirtueMart forms all at once. You don't need to install separate anti-spam plugins for each form. This allows your website to work faster and save resources. After installation you will forget about spam, CleanTalk plugin will do all the work. You won't have to deal with spam, CleanTalk will do this for you automatically. CleanTalk is a transparent anti-spam protection, we provide detailed statistics of all entering comments and logins. You can always be sure that there are no errors. We have developed a mobile app for you to see anti-spam statistics wherever. We have developed antispam for Joomla that would provide maximum protection from spam bots and you can provide for your visitors a simple and convenient form of comments/registrations without annoying CAPTCHAs and puzzles. Used to detect spam multistage test that allows us to block up to 99.998% of spam bots. The anti-spam method offered by CleanTalk allows switching from the methods that trouble the communication (CAPTCHA, question-answer etc.) to a more convenient one. The CleanTalk is premium anti-spam for Joomla, please look at the pricing. We try to provide anti-spam service at the highest level and we can not afford to offer a free version of our service, as this will immediately affect the quality of providing anti-spam protection. Paying for a year of anti-spam service, you save a lot more and get: Up to 99.998% protection against spam bots. Time and resources saving. More registrations/comments/visitors. Protect several websites at once at different CMS. Easy to install and use. Traffic acquisition and user loyalty. 24/7 technical support. Clear statistics. No captcha, puzzles, etc. Free mobile app to control anti-spam function at your website. Low false/positive rate This plugin uses multiple anti-spam tests to filter spam bots with lower false/positive rate as possible. Multiple anti-spam tests avoid false/positive blocks for real website visitors even if one of the tests failed. Spam attacks log Service CleanTalk (this plugin is a client application for CleanTalk anti-spam service) records all filtered comments, registration and other spam attacks in the "Log of spam attacks" and stores the data in the log up to 45 days. Using the log, you can ensure reliable protection of your website from spam and no false/positive filtering. Spam FireWall CleanTalk has got an advanced option "Spam FireWall", this option allows blocking the most active spam bots before they get access to a website. It prevents loading of pages of the website by spam bots, so your web server doesn't need to perform all scripts on these pages. Also, it prevents scanning of pages of the website spam bots. Therefore Spam FireWall significantly can reduce the load on your web server. Spam FireWall also makes CleanTalk the two-step protection from spam bots. Spam FireWall is the first step and it blocks the most active spam bots, CleanTalk Anti-Spam is the second step and it checks all other requests on the website in the moment before submitting comments/registers and etc. Private blacklists: Personal blacklists are very flexible and powerful tool, you can block or allow IP address, email address or mask e-mail (*@mail.com - will block/allow every address ending on @mail.com) Anti-Spam service Automatically block comments and registrations from your private black IP/email address list. This option helps to strengthen the protection from a manual spam or block unwanted comments from users. You can add not only the certain IP addresses but also a separate subnet to your personal black list. SpamFireWall It allows you to add individual IP addresses and subnets to SpamFireWall. It blocks the attacks from IP addresses which are not included in the SFW base yet. This option can help to block HTTP/HTTPS DDoS, SQL, brute force attacks and any others that made it through the HTTP/HTTPS. You can add not only the certain IP addresses, but also a separate subnet to your personal black list. Blocking users by country Automatically block comments and registrations from the countries you have set a ban for. This option is useful in cases of manual spam protection and for protection enhancement. If your site is not intended for an international audience and you do not expect comments/users from other countries. Blocking comments by "stop words" You can block comments which contain "stop words" to enhance spam filtering and messages with obscene words blocking. You can add particular words or phrases. How Spam FireWall works? The visitor enters to your website. HTTP request data is checked of the nearly 5,8 million of certain IP spam bots. If it is an active spam bot, it gets a blank page, if it is a visitor then it gets a site page. This is completely transparent to the visitors. All the CleanTalk Spam FireWall activity is being logged in the process of filtering. Spam FireWall DDoS Protection (Experimentally option) Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website. Spam FireWall blocks all requests from bad IP addresses. Your website gives infringer a special page with a description of DDoS rejection instead of the website pages. Therefore Spam FireWall can help to reduce CPU usage on your server. How to protect sites from spam bots without CAPTCHA? The most popular method is CAPTCHA -- the annoying picture with curved and sloping symbols, which are offered to the visitor to fill in. It is supposed that spam bots won't discern these CAPTCHA, but a visitor will. CAPTCHA provokes great irritation, but if one wants to speak out, he has to fill in these symbols time after time, making mistakes and starting once again. Sometimes CAPTCHA reminds doodle 2x year old child. For users with vision problems captcha is just an insurmountable obstacle. Users hate captcha. Captcha for users means "hate". Unreadable CAPTCHA stops about 80% of site visitors. After 2 failed attempts to bring it up to 95% reject further attempts. At the sight of CAPTCHA and after input errors, many visitors leave the resource. Thus, CAPTCHA helps to protect the resource both from bots and visitors. CAPTCHA is not a panacea from spam. Doubts Concerning the Need for CAPTCHA? Additional features - Online, daily and weekly anti-spam reports traffic VS spam. - Apps for iPhone, Android to control anti-spam service, comments, signups, contacts. With traffic and spam statistics for last 7 days. - Anti-spam apps for most popular CMS on cleantalk.org.
p
n3t Seznam Captcha

n3t Seznam Captcha

Free | Site Security | Pavel Poles
3
Score:
92
8 reviews
Simple text CAPTCHA with optional audio form, spelled in Czech language. Additional protection by checking online spam databases. This plugin wraps the seznam.cz Captcha API. Additional protection by checking online spam databases and blacklists could be activated in the configuration. Currently StopForumSpam, BotScout, SpamHaus, Sorbs, SpamCop and project HoneyPot are supported. There is also possibility to manually enter IP blacklist and/or whitelist. Since version 1.2.0, there is option to disable visual CAPTCHA control, and use just additional protection.
p
Spam Protect Factory

Spam Protect Factory

Free | Site Security | thePHPfactory
3
Score:
91
2 reviews
It reads the login form before it is submitted to Joomla! and takes appropriate action based on its configuration, so it can reject a registration altogether, allowing the user to register but blocking his account immediately, or it can allow the user to register normally. Key Features StopForumSpam integration (biggest internet spammer database currently available) Manual filters for registration form (IP, domain, keyword, country) Multiple actions against spammers (block, allow, reject) Redirects rejected users to a custom URL User groups permissions Standards Multi-language support, UTF-8 support, comes default with English INI language files SEO/SEF friendly Easy transition to RTL Simple installation, configuration and updating process Main Settings Enable and set up StopForumSpam filtering (number of occurrences needed on the StopForumSpam (blacklist in order to flag a user) Set the action taken against a flagged user (block, allow, reject) Set the location to redirect the user upon being rejected Enable and add manual filters accordingly (IPs, domains, keywords, countries) Manage permission settings for user groups (configure access and administrator interface access) Backend Management Dashboard containing recent spammers and a configuration overview Logs containing various information regarding blocked and/or rejected users (IP, email, action, etc.) Requirements Joomla! 3.x MySQL (min. 5.1 + ) cURL, GD2 libraries enabled FURTHER DETAILED INFORMATION IS AVAILABLE ON THE PRODUCT HOMEPAGE!
c p
Centrora Security

Centrora Security

Free | Site Security | Centrora Security
3
Score:
90
24 reviews
**Centrora Security **is a new plugin that modified from OSE Firewall Security. A Joomla Firewall Security to protect your Joomla Sites from attacks and hacking. The built-in Malware and Security Scanner helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities. - New features in v6.0.0 - * Git Backup: Maximizing the power of Git version control system to backup your website so you keep track of any changes and roll back at any restore point - Freshly refurbished UI brings both new themes and better user experience. - New MD5 Hash Scanner, Core Directories Scanner and Modified Files Scanner are incorporated, resulting in enhanced processing capacity and efficiency. - Anti Malware is replaced by a new Dynamic Scanner, which embraces extended virus signature and is at least 50% faster. - New Vulnerability Scanner and File Permission Scanner are included to help identify system loopholes. - Backup now becomes more user-friendly, with easier procedures for up- and downloads. Previous Reviews: Please note this is a new version of OSE Anti-Hacker, for more reviews, please see this page: http://extensions.joomla.org/extension/ose-anti-hacker-for-joomla Customer Support: If you need help in using Centrora Security™ plugin, save time by starting your support request online and we'll connect you to a security analyst or even the senior security consultant. Click here for help. Security Firewall: AntiSpam: utilizing blacklisting IPs from Stop Forum Spam. AntiVirus: virus scanning that scans through your site for malware and variants that are known security threats, heuristics of backdoors, trojans, suspicious code and other security issues. IP Mangement: manage ip by allow, block and track IP that access to your site Security Check: malicious user agent blocks hundreds of bad bots while ensuring open-access for normal traffic. Security Check: detect directory traversal that consists in exploiting insufficient security validation/sanitization of user-supplied input file names. Security Check: javascript injection for any traffic including automated bots that constitutes security threats of injecting malicious javascript into your files. Security Check: direct file inclusion for any traffic including automated bots that constitutes security threats of including files on a server through the web browser. Security Check: remote file inclusion for any traffic including automated bots that constitutes security threats of exploiting "dynamic file include" mechanisms in web applications. Security Check: database SQL injection for any traffic traffic including automated bots that constitutes security threats of attacking data driven applications, in which malicious SQL statements are inserted into an entry field for execution. Security Check: DoS Attacks where automated bots constituting flooding attacks to your website. Report security threats to defined owner or security analysts System Requirements PHP 5.1.0 or above MySQL 5.0 or above PHP Data Objects enabled (it is activated by default as of PHP 5.1.0, please contact your hosting to enable it if it is disabled. Reference: http://www.php.net/manual/en/pdo.installation.php
c p
Two Factor Authentication

Two Factor Authentication

Free | Site Security | Ready Bytes
3
Score:
90
14 reviews
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App. Installing this app adds an extra layer of security in addition to the Joomla’s login system (front-end as well as back-end). If anybody gains your admin or site member's login credentials and try to attempt login then another module of Two factor Authentication will pop up instantly and it will ask for a unique Time-based One-Time Password (TOTP) which will be generated only on your Cellphone via Google's Authenticator App. So, this new layer will add up to the strength of the security at your end. Two Factor Authenticator secures the signing in process using 2 constants- + Something you know i.e. your site’s backend password. + Something you have i.e. your mobile phone (to generate the one time code). Know more >> http://www.readybytes.net/blog/item/two-factor-authentication-for-joomla.html Main Key Features are:- 1. Two Step Authentication Setup with Google Authenticator. 2. Verify with a Barcode. 3. Verify with a Account Name and Secret-Key. 4. Backup Codes Available 5. Logging in with Two Step Authentication. New Features (in version 2.0):- Available for backend as well as frontend login. End User Configurable: The admin can enable the plugin for all his users and now the users will be able to choose whether to use the security feature or not.
p
Saxum IPLogger

Saxum IPLogger

Free | Site Security | Laszlo Szabo
3
Score:
89
12 reviews
This is a simple extension which helps to log the IP-addresses of the registered user when they log in into the site. The purpose of the component is to help to detect unauthorized access. The log can be seen on a report. The component makes statistics about the location of users (country and city) estimated from their IP-addresses. To this the extension uses GeoLite data created by MaxMind, available from www.maxmind.com. You should inform your visitors in the terms of service of your site about the collection of data. Changelog: v4.0 -overwritten for Joomla! 3 v3.1 - block IP addresses - list of IP addresses not to log - sending email about unauthorized use of usernames - data export to csv - opportunity to upload datafile manually - refresh or reidentify false geolocation - fixed ACL related bug - fixed pagination and sorting bug on Statistics screen v3.0 -compatibility with 1.6+ -more filter options on Report screen v2.0 - new plugin to log every unique pageviews - compatibility with PHP safe mode (thanks to Chris Coleman - espacenetworks.com) - statistics with different grouping: by user and IP-address - modified date format (can be set at parameters) - 'check for new version' option
c p
DMC Firewall

DMC Firewall

Free | Site Security | Dean Marshall Consultancy Ltd
3
Score:
87
7 reviews
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Core also includes a number of 'Bad Bots' that get banned from accessing your website, preventing your website from being taken down. You can also: * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
Password Control

Password Control

Free | Site Security | G S Chapman
3
Score:
86
3 reviews
The Password Control system plugin enforces password changes upon registered site users. The change can be enforced for the initial (first) connection only, and/or for periodic changing. Optionally the users can be redirected back to the home page when a password change is enforced. There is the ability to define 'exempt' users, i.e. users for whom the administrator does not want to enforce password changing. The password entered by the user is checked against the previous user passwords (number is site defined) to ensure that it is changed and that the user is not reusing a password again, or just pressing the submit button without providing a new password. One can also specify the password criteria, and incorporates an optional password generator to create passwords meeting the specified criteria. New options also allow the forcing of a user to change their initial email address on initial login. This is suitable for use on e-commerce (Virtuemart) sites where a preassigned email address has been allocated to a user and it is desirable that they change it.
p