Security Scanner And Various Things - Question | JoomShaper

Security Scanner And Various Things

A

alleja

SP Page Builder 6 days ago

the security scanner downloadable by github is outdated from the recent variations of the attacks on sppagebuilder and doesn't reconize various new paths/files that are uploaded via the attack.

the old versions of pagebuilder on J3 are subject to the same attack even if not via the customicon exploit (this function doesn't exists on old installations), this means that the attacker find another way throught the old versions of SPpagebuilders.

0
14 Answers
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 6 days ago #228107

Hi Alleja,

hola hola, this is addcional tool, not typical firewall scanner. We update script every single day, but we didn't start years ago like RsFirewall or Akeeba Tools ! So your assessment is very unfair.


About SPPB 3.8.10 - I will repeat that again, most hack attacts uses two request to upload Custom Icon or Custom Fonts (from what I see in logs everyday), and those features doesn't exist in SPPB 3.x. Besides as you know, SPPB 3.8x is NOT supported anymore, this is closed chapter. Simple question: Would you pay extra for security path for SPPB 3.x? I need honest answer, not ping-pong.


How do you know how hackers gets into your old Joomla? Maybe by CMS core holes. Nobody update J3 since 2023, it was only extra paid updates for one year after. But they closed this service.

There always will be crack in every software, that's why your OS and browsers gets regular updates, also if we talk about security.


0
PH
Pascal - HTProtect.org
Accepted Answer
6 days ago #228135

No security scanner detects every malware variation - not even mysites.guru - especially when an attacker modifies the malware to evade detection.

That's why I implemented a community-driven intelligence feature in my free malware scanner. Anyone can report false negatives and false positives, allowing the detection signatures to be continuously improved for everyone's benefit.

Since no scanner catches everything, a default-deny .htaccess policy for *.php files provides an important additional layer of protection.

HTProtect's malware signatures are updated multiple times a day, and the community has already submitted around 60 false-negative and false-positive reports. If you notice that it also missed something, please submit a report.

0
A
alleja
Accepted Answer
6 days ago #228137

thank you very much, I just found out your scanner and will surely give it a try not yet i can breath in this mess.

In the while we have put on host - side this: <DirectoryMatch "/(media|images|uploads|tmp|cache|assets|icons|fonts)(/|$)"> AllowOverride None <FilesMatch "(?i).(php|phtml|phar|php[0-9]?|php..*|shtml)$"> Require all denied </FilesMatch> </DirectoryMatch>

and I hope it helps a bit

0
PH
Pascal - HTProtect.org
Accepted Answer
6 days ago #228139

It also includes a mini WAF that blocks attacks a .htaccess file alone cannot. Its rules are automatically updated from a feed every six hours, without requiring an extension update - just like the malware scanner definitions.

0
A
alleja
Accepted Answer
5 days ago #228179

i downloaded yesterday the version 2.4.6, now i see that if i click download it is update to 2.4.8? in the website it still says 2.4.6

0
PH
Pascal - HTProtect.org
Accepted Answer
5 days ago #228229

On Joomla 5.4+ you can enable automatic updates from the Overview page (or from the "Backups & Updates" page).

I'm currently dealing with a recurring issue with ImunifyAV, which keeps deleting the file containing the scanner logic, again the next day after I fixed this. I hope this game of cat and mouse will come to an end soon.

That's the main reason for the frequent releases over such a short period of time. I’m working with the Imunify support team to get it resolved.

0
A
alleja
Accepted Answer
5 days ago #228230

Thank you for the answer. Actually i am only using your protection, good to know about the releases.

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 5 days ago #228231

@Pascal - HTProtect.org

  1. Does that extension works on Joomla 3.10 sites as well? sorry, but I couldn't find any clear info on website on which Joomla version it can be installed.

  1. Can it work next to RSFirewall or Akeeba Tools Pro, and if somebody has it already, your extension is not needed? I need honest answer.
0
A
alleja
Accepted Answer
5 days ago #228233

it works on J 2.5 -> 6 it is wrote in the main page of the component.

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 5 days ago #228236

Indeed, I saw message after component installation.


But I need answer to (2) as well.

0
PH
Pascal - HTProtect.org
Accepted Answer
5 days ago #228240

Yes, it can coexist with any other Joomla (security) extension. I'm continuously implementing improvements to make it as universal and robust as possible.

There are currently some recurring false-positive issues involving Imunify360, but I'm confident they'll be resolved as well.

The new Balbooa Forms vulnerability has been included in the definitions feed since yesterday.

HTProtect's self-updates and automatic extension updates require Joomla 5.4 or later because they rely on the Joomla Task Scheduler. All other features work on Joomla 3 as well, with compatibility ranging from Joomla 2.5 to 6.x and PHP 5.6 to 8.5 (PHP 7.4+ recommended).

If you prefer to use the .htaccess Maker from Admin Tools Pro, there's also an option for that under the Protection Shield's Extended Settings.

See:

Since HTProtect is already running on more than 5,000 websites, it will continue to evolve, and I'll keep doing everything I can to provide the best possible free protection for both current and older Joomla websites for years to come.

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 5 days ago #228242

Thanks for answers, I am happy user as well ;) testing both RS and yours on single site.

You can link your tool under our today article > https://www.joomshaper.com/blog/joomshaper-drops-joomla-3-support before angry people will eat us alive ;p

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 5 days ago #228264

@Pascal - HTProtect.org

Smart Idea for your extension, check project called "8G Firewall" it's a firewall based only on htaccess rules. I use it on my Joomla and Wordpress sites for last 6 years. https://perishablepress.com/8g-firewall/

Maybe part of it you can use inside HTProejct, hmm

I know CEO of 8G, a very nice guy. He will agree.

0
PH
Pascal - HTProtect.org
Accepted Answer
5 days ago #228282

Thank you - I'll look into that. In general, I try to keep the Joomla-specific .htaccess as simple as possible and only as complex as necessary, to also minimize potential side effects.

0