26 Jun

2012

New jHackGuard version available for download!

jHackGuard v.1.3.2We have just released the new version of our Joomla security plugin jHackGuard! This is the piece of software we have created several years ago and which makes all the Joomlas installed by SiteGround much safer. The new jHackGuard version introduces several brand new security filters as well as few improvements in the existing functionality.

New security functions added:

  • User-agent variable filter – this feature will check the visitor’s User agent varialbe for malicious code. Every time you open a website, information regarding your browser and OS is sent to the server through the so called user agent variable. Attackers may use this variable to send PHP or HTML code. With jHackGuard you are now fully protected agains such interventions.
  • Strict XSS Mode – due to the increased number of XSS-based attacks we have added this new option to jHackGuard. When enabled, it will filter most of the JavaScript code from all input fields of your site based on multiple rules. This will make your website safer but there is a slight chance it can interfere with other 3rd party extensions. Therefore, if you notice any issues after installing jHackGuard, first you can try disabling the Strict XSS Mode. If this doesn’t help we will gladly assist you through our Joomla Extensions support forum.
  • Next, we have added a filter that sanitizes the input keys and removes unwanted (and possibly malicious) characters. Previously, we used to filter only the values but not the keys themselves. This filter aims at preventing attacks that try to exploit badly written PHP code.
  • Last but not least, we have disabled by default the file upload for guest users. Usually standard Joomla visitors cannot upload files unless your website has such a functionality. However, even if you do not need and support such functionality, hackers can still upload unwanted content if the upload-by-guest-users is enabled. To minimize the chance of this happening we have added this new protection. It should not affect your registered users and administrators. They will be fully able to upload files as usual.

Multiple functionality improvements based on your feedback

  • First, we have completely rewritten our SQL Injection rules. Our plugin now detects whether an SQL command is used as a query and not as a regular word in your article. This means that using the word “union” for example in your articles will not trigger jHackGuard anymore.
  • We have taken into consideration the latest attacks against Joomla sites, we have investigated and we changed our filters that look for a hacking attempt that uses the eval() and base64decode() functions. Now, they will detect attacks even better.

You can find the full change log and download the new jHackGuard version for Joomla 2.5 from this page.

If you are experiencing any issues with your website after installing the new version, please report them in our support forum.

Please note that as Joomla 1.5 will soon reach its end-of-life (in September 2012, according to Joomla.org) and will no longer be supported by Joomla.org, we have not released the new version of jHackGuard for this Joomla version. SiteGround highly recommends switching to Joomla 2.5, because otherwise we believe that no good website security can be maintained.

Best,

Hristo
Product Development – Technical

Author: Hristo Pandjarov

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about Joomla and WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments (1):

  1. Peter says:

    Thanks for your continous support and improvement, more grace for the servic

Favorite Tweets

Facebook

Archive