- Site Security

OSE Anti-Hacker™ for Joomla!

OSE Anti-Hacker™ for Joomla!

Paid download | Site Security | Open Source Excellence
3
Score:
93
41 reviews
OSE Anti-Hacker for Joomla has now been upgrade to Centrora Security Anti-hacker and integrated into the Centrora Security component. The major technical features include: * Double Firewall system providing Three Layers of protection: * o Layer 1: Signature-based Detection System - detecting most common hacking behaviours. + a) Surface Scanning, once hacking behaviour is found, the activity and corresponding IP will be banned immediately. o Layer 2: Pattern-based Instruction Detection Systems - blocking all inbound malicious codes and hacking activities, including network-, application-, and operating system-level attacks. + b) Scans and monitors all URL, Form Fields, Cookies values. + c) If hacking is found and the Risk Score exceed the secure level, the IP will be banned immediately. + d) If Suspicious Hacking behaviour is found for Form Fields and Cookies hacking, the
c p
Captcha by Ideal

Captcha by Ideal

Paid download | Site Security | Ideal Extensions
3
Score:
93
7 reviews
Important: This plugin ONLY works with Contact Enhanced [1], Ajax Recommend [2] Ajax Contact [3] and iRecommend [4]. Multiple CAPTCHA Engine is a system plugin to produce and verify captcha images. With this new version, you will get 4 different captcha systems (libraries): SecurImage PHP library (requires GD image Library), ReCAPTCHA (requires an API key from recaptcha.net); MathGuard, simple but effective. VouchSafe, a New Spam prevention approach. (only compatible with Contact Enhanced and iRecommend) [1] - http://ideal.fok.com.br/joomla-extensions/component-contact-enhanced.html [2] - http://ideal.fok.com.br/joomla-extensions/module-ajax-recommend.html [3] - http://ideal.fok.com.br/joomla-extensions/module-ajax-contact.html [4] - http://ideal.fok.com.br/joomla-extensions/component-irecommend.html
p e
yKhoon Advanced Lock Account

yKhoon Advanced Lock Account

Paid download | Site Security | YK Lim
3
Score:
93
1 review
yKhoon Lock Account Advanced Edition (previously known as yKhoon Advanced Lock Account) is an extension that lock your visitor user account when there is multiple log in using the same account. When your visitor user account is locked, the extension will send the visitor a notification email based on the email address provided during registration. The notification email which contain all essential information will enable the visitor to reactivate his/her user account successfully. In case of something unpredictable happen, the administrator can manually reactivate the locked user account. yKhoon Lock Account Advanced Edition provides a method that will easily unlock the user account with a few clicks of button. A log file will be created when a user account is locked and when the administrator manually reactivate a locked user account. Information such as date, time, and the user account involved will be stored at the log file. This will enable the administrator to take further action if needed Changes: Compatible with PHP 7. Main Features: Lock an user account when multiple login is detected. The extension will not allow locked user account to log in until the locked user account is unlocked. Notify the user about his/her locked account and activation link via email. Added a method which allow the user to unlock his/her account. The reactivation link send to the user will have one time access only. The extension will automatically log out all user which use the same user account to login to the web site when the account is reactivated. Joomla! Administration (back-end) is immune to the functionality of this extension. Super Administration or Super Users is immune to the functionality of this extension. Tested compatible with Community Builder. Using AJAX to validate the input data. (Advanced Edition only) Added a feature for manually reactivate locked user account from back-end. (Advanced Edition only) Less setting is needed to setup the extension. (Advanced Edition only) Able to change the notification email content, sender email address, sender name, and email subject. (Advanced Edition only) Able to change the error messages that will shown when a user account is locked and when the locked user account want to access the web site. (Advanced Edition only) Able to prevent user from using old password as new password when reactivate the user account. (Advanced Edition only) Added Carbon Copy and Blind Carbon Copy on notification email. (Advanced Edition only)
c p
JHacker Watch

JHacker Watch

Free | Site Security | Innato BV
3
Score:
93
1 review
A plug-in that continuously monitors your Joomla! install and analyses whether critical user account details have been changed or directories and files have either been modified, added or are not part of a standard Joomla! install. It therefore provides an additional line of defense against website hacking attempts. The plug-in slows down repeated back-end log-in attempts to make brute force attacks frustratingly ineffective. Includes an optional Remote Monitoring service. The plug-in does NOT prevent hacking attempts and cannot guarantee that your website will never be hacked, but it counteracts certain unusual activities and - most importantly - notifies the site administrator(s) of these activities, thus making sure that hack attempts will not go unnoticed and providing more specific information for the website administrator(s) to remediate these. A non-expiring free trial edition is available, but if you want the 'real thing', you should get yourself the Standard or Business edition, which provide better protection and have more options. These editions include, for example, an extended option to autoremove files that are not part of a standard Joomla! install. Compatible with PHP 7. The download link also provides access to the J2.5 version.
p
DMC Firewall Professional

DMC Firewall Professional

Paid download | Site Security | Dean Marshall Consultancy Ltd
3
Score:
93
1 review
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Pro increases your websites protection by blocking 'Bat Bot' attempts - preventing your website from being taken down. You can also: * Change your database's table prefix * Change your Super Administrator ID * Password protect your 'administrator' folder * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time Along with the main DMC Firewall component, we also install an 'authentication' plugin that adds additional protection for all login modules (admin area and front end). This module prevents brute force login attempts by 'banning' any attempt before they get the chance to perform multiple login attempts. 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
EXP PassField

EXP PassField

Free | Site Security | Grusha
3
Score:
93
1 review
EXP PassField is a javascript that simplifies creation of sophisticated password fields. *** Version 1.2 *** Add warning tells you all of the rules
p
JR SecurImage

JR SecurImage

Paid download | Site Security | JoomlaRoad
3
Score:
93
1 review
Features HTML5 audio Customizable code length, character sets, and Unicode support TTF font support Easily add background images Several security features such as image distortion, random lines, and noise Flash button to stream audible codes in WAV format Ability to use a word list Case sensitive option for added security Display alphanumeric captchas, mathematical captchas, or a multi word captcha Highly customizable!
p
n3t Seznam Captcha

n3t Seznam Captcha

Free | Site Security | Pavel Poles
3
Score:
91
8 reviews
Simple text CAPTCHA with optional audio form, spelled in Czech language. Additional protection by checking online spam databases. This plugin wraps the seznam.cz Captcha API. Additional protection by checking online spam databases and blacklists could be activated in the configuration. Currently StopForumSpam, BotScout, SpamHaus, Sorbs, SpamCop and project HoneyPot are supported. There is also possibility to manually enter IP blacklist and/or whitelist.
p
AskMyAdmin

AskMyAdmin

Free | Site Security | Denis Mokhin
3
Score:
91
5 reviews
AskMyAdmin prevent login to back-end of site till entering correct key=value pair. This is an extended version of plg_backendtoken plugin. Main idea of this plug-in - to prevent login to administrator's panel by using standard URL. It will hide your admin part of site.
p
Spam Protect Factory

Spam Protect Factory

Free | Site Security | thePHPfactory
3
Score:
91
2 reviews
It reads the login form before it is submitted to Joomla! and takes appropriate action based on its configuration, so it can reject a registration altogether, allowing the user to register but blocking his account immediately, or it can allow the user to register normally. Key Features StopForumSpam integration (biggest internet spammer database currently available) Manual filters for registration form (IP, domain, keyword, country) Multiple actions against spammers (block, allow, reject) Redirects rejected users to a custom URL User groups permissions Standards Multi-language support, UTF-8 support, comes default with English INI language files SEO/SEF friendly Easy transition to RTL Simple installation, configuration and updating process Main Settings Enable and set up StopForumSpam filtering (number of occurrences needed on the StopForumSpam (blacklist in order to flag a user) Set the action taken against a flagged user (block, allow, reject) Set the location to redirect the user upon being rejected Enable and add manual filters accordingly (IPs, domains, keywords, countries) Manage permission settings for user groups (configure access and administrator interface access) Backend Management Dashboard containing recent spammers and a configuration overview Logs containing various information regarding blocked and/or rejected users (IP, email, action, etc.) Requirements Joomla! 3.x MySQL (min. 5.1 + ) cURL, GD2 libraries enabled FURTHER DETAILED INFORMATION IS AVAILABLE ON THE PRODUCT HOMEPAGE!
c p
DataSafe PRO

DataSafe PRO

Free | Site Security | Barnaby Dixon
3
Score:
90
22 reviews
DataSafe Pro is professional database backup. It generates a snapshot of your full Joomla database, which allows you to quickly revert your content, whenever you want. It's ideal for creating a quick backup before you start any changes to your website. And to restore your Joomla database from a backup it's easy. Either select a DataSafe backup stored online, or upload a backup stored on your local computer using the DataSafe Pro interface. A DataSafe Pro backup contains all your database information, so if your system goes down, you make a mistake in configuration, or you want to roll back your system to an earlier time, just select a backup and restore it using the DataSafe Pro interface. If you can't access your Joomla administrator panel, you can also restore your DataSafe backup using PHPMyAdmin (or similar) which is installed on every server. Just use a DataSafe Pro backup stored on your local computer, or if your administrator area is unavailable, use FTP to download a backup stored online. Each DataSafe Pro backup is compressed using gzip; your database is automatically repaired and optimized during backup to maintain perfect performance, and every backup is instantly emailed to you so you have an offline copy. Each backup is also stored securely online, ready for you to restore whenever you like. And if you'd like to automate the process to create a backup every hour, day or week - it's easy, with the purchase of an optional license that allows you to automate backups across all your Joomla systems for one single low price. Try DataSafe Pro backup for yourself today, and get database backups you can depend on.
c p
DMC Firewall

DMC Firewall

Free | Site Security | Dean Marshall Consultancy Ltd
3
Score:
90
8 reviews
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Core also includes a number of 'Bad Bots' that get banned from accessing your website, preventing your website from being taken down. You can also: * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
Centrora Security

Centrora Security

Free | Site Security | Centrora Security
3
Score:
89
25 reviews
**Centrora Security **is a new plugin that modified from OSE Firewall Security. A Joomla Firewall Security to protect your Joomla Sites from attacks and hacking. The built-in Malware and Security Scanner helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities. Improvements and New Features in Version 7 There have been some massive improvements in new version 7.0.0. The software now will be utilising high speed dedicated servers for the virus scanning and Backup. The classic backup will be discontinued from this version and is completely replaced by a more efficient and faster method - Git Backup. This tool performs about 2 times faster than the previous version and also provides an added benefit of 10 GB of cloud space to store your backups. The efficiency of scanners like MD5 Hash scanner, Core Directory scanner , Vulnerability scanner and Dynamic Virus scanner have been improved as well and they come with a revamped Used interface(UI). Additional details about the changes in the version are as follows: 1. Firewall Scanner Version 7 A new and advance firewall is released in this version. The goal of this firewall is to provide the faster scanning for requests and at the same time reducing down the database usage. The firewall version 7 includes features such as: better firewall performance; firewall logs statistics (shown in the form of graphs); Improved email alerts about attacks as well as daily/weekly firewall status report; easy to use start-up wizard; automatic background update of the firewall signature/rules [for premium users only]. 2. Improved GitBackup The gitBackup Function now uses mysql command line services to utilise the high speed database backup and rollback. The stability and speed of the backup and the rollback have been increased enormously (as compared to the previous version). It also supports large databases backups. Incorporated GitLab to allow users to enjoy more Cloud Backup space (from 2GB provided by BitBucket in the old version to 10 GB provided by GitLab). 3. Improved Firewall patterns and Virus Signature Update APIs to update patterns and signature have been improved to make it more efficient and more fault-tolerant, so that users can always have an updated version of firewall patterns and virus signatures. 4. MD5 Hash Scanner , Core Directory Scanner , Vulnerability Scanner and File Permission Scanner The scanners have been improved to be more efficient. Bugs and UI issues reported by clients have been fixed and included in this version. In addition, the UI has been re-built to have the better presentation of results. 5. Dynamic Virus Scanner Bug fixes for both the manual virus scanning and scheduled virus scanning are included. 6. Firewall Scanner Version 6 The old Firewall Version 6 is still retained to offer a smooth transition for existing users. Bugs have been fixed. 7. Removal of classic Backup The classic backup method will be discontinued from this versions and will be replaced by GitBackup. - New features in v6.0.0 - * Git Backup: Maximizing the power of Git version control system to backup your website so you keep track of any changes and roll back at any restore point - Freshly refurbished UI brings both new themes and better user experience. - New MD5 Hash Scanner, Core Directories Scanner and Modified Files Scanner are incorporated, resulting in enhanced processing capacity and efficiency. - Anti Malware is replaced by a new Dynamic Scanner, which embraces extended virus signature and is at least 50% faster. - New Vulnerability Scanner and File Permission Scanner are included to help identify system loopholes. - Backup now becomes more user-friendly, with easier procedures for up- and downloads. Previous Reviews: Please note this is a new version of OSE Anti-Hacker, for more reviews, please see this page: http://extensions.joomla.org/extension/ose-anti-hacker-for-joomla Customer Support: If you need help in using Centrora Security™ plugin, save time by starting your support request online and we'll connect you to a security analyst or even the senior security consultant. Click here for help. Security Firewall: AntiSpam: utilizing blacklisting IPs from Stop Forum Spam. AntiVirus: virus scanning that scans through your site for malware and variants that are known security threats, heuristics of backdoors, trojans, suspicious code and other security issues. IP Mangement: manage ip by allow, block and track IP that access to your site Security Check: malicious user agent blocks hundreds of bad bots while ensuring open-access for normal traffic. Security Check: detect directory traversal that consists in exploiting insufficient security validation/sanitization of user-supplied input file names. Security Check: javascript injection for any traffic including automated bots that constitutes security threats of injecting malicious javascript into your files. Security Check: direct file inclusion for any traffic including automated bots that constitutes security threats of including files on a server through the web browser. Security Check: remote file inclusion for any traffic including automated bots that constitutes security threats of exploiting "dynamic file include" mechanisms in web applications. Security Check: database SQL injection for any traffic traffic including automated bots that constitutes security threats of attacking data driven applications, in which malicious SQL statements are inserted into an entry field for execution. Security Check: DoS Attacks where automated bots constituting flooding attacks to your website. Report security threats to defined owner or security analysts System Requirements PHP 5.1.0 or above MySQL 5.0 or above PHP Data Objects enabled (it is activated by default as of PHP 5.1.0, please contact your hosting to enable it if it is disabled. Reference: http://www.php.net/manual/en/pdo.installation.php
c p
Login Notifier

Login Notifier

Free | Site Security | Yusuf Uygun
3
Score:
87
4 reviews
Login Notifier will send a mail whenever someone logs in to the Joomla Backend and/or Frontend. There is actually nothing more to say.
p
Password Control

Password Control

Free | Site Security | G S Chapman
3
Score:
86
3 reviews
The Password Control system plugin enforces password changes upon registered site users. The change can be enforced for the initial (first) connection only, and/or for periodic changing. Optionally the users can be redirected back to the home page when a password change is enforced. There is the ability to define 'exempt' users, i.e. users for whom the administrator does not want to enforce password changing. The password entered by the user is checked against the previous user passwords (number is site defined) to ensure that it is changed and that the user is not reusing a password again, or just pressing the submit button without providing a new password. One can also specify the password criteria, and incorporates an optional password generator to create passwords meeting the specified criteria. New options also allow the forcing of a user to change their initial email address on initial login. This is suitable for use on e-commerce (Virtuemart) sites where a preassigned email address has been allocated to a user and it is desirable that they change it.
p
FPC - Force Password Complexity

FPC - Force Password Complexity

Free | Site Security | Viktor Vogel
3
Score:
82
4 reviews
With Force Password Complexity strong passwords are enforced based on individual rules! The system plugin checks the user passwords using defined security patterns and rejects weak passwords. In this way FPC ensures stronger security of the whole system. The execution of the plugin and the checks of the passwords can be set completely customized to ensure an own standard of security. Features Force secure, good passwords with individual rules Set precise execution rules: Execution in front- and / or backend Restrict to specific user groups Restriction with warning notice for unselected groups possible Check the type of users - only new, existing or all users Individual checks for secure passwords: Minimum length of passwords Minimum size of the entropy of passwords Forbid parts of the name and the e-mail address Maximum number same and same consecutive characters Force character types: uppercase / lowercase letters, numbers and special characters Plugin is small and fast, doesn't need a big framework Fast, clean code Languages: English and German Download Joomla! 3.x - http://joomla-extensions.kubik-rubik.de/downloads/fpc-force-password-complexity/joomla-3 Support The extension is completely free, but you need a subscription for support: http://joomla-extensions.kubik-rubik.de/subscription
p
Antivirus Website Protection

Antivirus Website Protection

Free | Site Security | SafetyBis Ltd.
3
Score:
80
18 reviews
Antivirus Website Protection is the security plugin to prevent/detect and remove malicious viruses and suspicious codes. It detects: backdoors, rootkits, trojan horses, worms, fraudtools, adware, spyware and etc. Antivirus Website Protection scans not only template files, it scans and analyzes all the files of your website (even if it's not a part of Joomla core files) Antivirus Website Protection will be especially useful for everybody who downloads templates and extensions from torrents and websites with free stuff instead of purchase the original copies from the developers. You will be shocked, how many free gifts they have inside :) *** Main features: *** - Deep scan of every file on your website. - Daily update of the virus database. - Heuristic Logic feature. - Alerts and Notifications in admin area and by email. - Daily cron feature. - Scanner can detect a wide list of malware types. - View Security reports online. *** The list of malware types what our scanner can detect: *** - MySQL and JavaScript injections (There is a lot of different attacks on your website but the most popular type and the easiest is probably MySQL injection. Our scanner will help you detect all possible issues with JavaScript and MySQL) - Website Defacements (When hackers break in to your website they can change the appearance of your website or a webpage. We have set up a feature that can help you prevent any changes on your website) - Hidden iFrames (If hacker gets an access to your website Ftp they usually set up a hidden iFrame. That way they can use your website to get the viruses on your visitors computers) - PHP Mailers (Sometimes hackers use your website to send a SPAM emails from your web server. Our smart scanning module was made to detect all possible PHP mailing scripts on your website and prevent your website from sending SPAM) - Social Engineering Attacks (There are a lot of social engineering methods to get an access to your website. Our scanning software will help you to protect your website) - Phishing Page Detection (Hackers can install a phishing page on your website without you knowing it. Sometimes they can use your website) - Redirects - Website Backdoors (Allow to get full control on website and server) - Website Anomalies - Drive-by-Downloads - Cross Site Scripting (XSS) - .htaccess (Hack Detection) - Rootkits and variants of this type of malware - Trojan horses - Internet worms - Fraudtools - Adware and spyware scrips and much more... Protect your website before the problems come. Monitor your website and minimize incident time with our automated scans. Please note: Plugin sends and receives the data to SiteGuarding.com API.
c
OSpam-a-not

OSpam-a-not

Free | Site Security | Joomlashack
3
Score:
78
4 reviews
OSpam-a-not is the easiest way to protect your site from spam. OSpam-a-not uses two unobtrusive techniques to protect your forms from a flood of spam. First, OSpam-a-not uses a Time Gate. This is a hidden timestamp that records how long it took to fill in a form. If the form was submitted more quickly than humanly possible, we can block the submission. Second, OSpam-a-not uses a Honey Pot. A text field is added to the form and hidden by adding a style tag at the end of the document head tag. It isn't visible to a human user, but a spambot doesn't see that and fills in the field anyway. If we find anything at all in that field when the form is submitted, we've caught a spambot in the honey pot! And the form is blocked.
p
// JED - Ads Joomla // JED - Ads Joomla