We have just released the new version of our Joomla security plugin jHackGuard! This is the piece of software we have created several years ago and which makes all the Joomlas installed by SiteGround much safer. The new jHackGuard version introduces several brand new security filters as well as few improvements in the existing functionality.
New security functions added:
- User-agent variable filter – this feature will check the visitor’s User agent varialbe for malicious code. Every time you open a website, information regarding your browser and OS is sent to the server through the so called user agent variable. Attackers may use this variable to send PHP or HTML code. With jHackGuard you are now fully protected agains such interventions.
- Next, we have added a filter that sanitizes the input keys and removes unwanted (and possibly malicious) characters. Previously, we used to filter only the values but not the keys themselves. This filter aims at preventing attacks that try to exploit badly written PHP code.
- Last but not least, we have disabled by default the file upload for guest users. Usually standard Joomla visitors cannot upload files unless your website has such a functionality. However, even if you do not need and support such functionality, hackers can still upload unwanted content if the upload-by-guest-users is enabled. To minimize the chance of this happening we have added this new protection. It should not affect your registered users and administrators. They will be fully able to upload files as usual.
Multiple functionality improvements based on your feedback
- First, we have completely rewritten our SQL Injection rules. Our plugin now detects whether an SQL command is used as a query and not as a regular word in your article. This means that using the word “union” for example in your articles will not trigger jHackGuard anymore.
- We have taken into consideration the latest attacks against Joomla sites, we have investigated and we changed our filters that look for a hacking attempt that uses the eval() and base64decode() functions. Now, they will detect attacks even better.
You can find the full change log and download the new jHackGuard version for Joomla 2.5 from this page.
If you are experiencing any issues with your website after installing the new version, please report them in our support forum.
Please note that as Joomla 1.5 will soon reach its end-of-life (in September 2012, according to Joomla.org) and will no longer be supported by Joomla.org, we have not released the new version of jHackGuard for this Joomla version. SiteGround highly recommends switching to Joomla 2.5, because otherwise we believe that no good website security can be maintained.
Product Development – Technical