RSFirewall! v3.0.6
کامپوننت RSFirewall بدون نیاز به کد فعال سازی – دریافت و دانلود آپدیت رایگان
افزونه امنیتی جوملا آر اس فایروال RSFirewall را به جرات می توان حرفه ای ترین افزونه امنیتی جوملا دانست. این افزونه سایت های جوملایی را از نظر امنیتی به صورت همه جانبه تحت پوشش قرار می دهد و امکانات بی نظیری در اختیار مدیران سایت ها قرار می دهد.
قدرت و اهمیت افزونه آر اس فایروال (RSFirewall) به حدی است که نصب آن تقریبا امری ضروری در تمامی سایت های طراحی شده توسط جوملا می باشد. این افزونه تمامی افزونه ها, دیتابیس ها ,فایلها و مسیر های نا امن سایت شما را بررسی می کند. و شما را از نقاط قوت و ضعف سایتتان باخبر می سازد. همچنین از خصوصیات خوب این افزونه هشدار دهی هنگام حمله به سایت شما از طریق ایمیل. پنل مدیریت و پیامک است.
ویژگی ها :
- کاملا کد باز و بدون محدویت نصب
- سازگاری کامل و قابلیت نصب بر روی جوملا نسخه: 3.9, 2.5
- بررسی لحظه ای آپدیت بودن نسخه جوملای سایت و گزارش لحظه ای در صورت انتشار نسخه جدید جوملا.
- بررسی لحظه ای آپدیت بودن نسخه RSFirewall و گزارش لحظه ای در صورت انتشار نسخه جدید کامپوننت.
- بررسی سراسری تمام موارد امنیتی سایت
- محاسبه درجه امنیتی سایت.
- جلوگیری از انواع حملات اینترنتی و هک
- نمایش توضیحات تکمیلی تمام گزینه ها با قرارگیری موس برروی آن
- مسدودسازی خودکار آیپی های مهاجم
- مسدود سازی خودکار دسترسی از کشورهای انتخاب شده
- بررسی فایل های هسته جوملا برای وجود هرگونه ویرایش و تغییر مشکوک در این فایل ها
- بررسی تنظیمات بخش های مختلف جوملا برای عدم وجود تنظیمات غیر ایمن و امنیت بیشتر جوملا، توضیح و پیشنهاد تغییرات مورد نیاز.
- بررسی تنظیمات پیاچپی سرور برای عدم وجود تنظیمات ناایمن و امنیت بیشتر سرور، توضیح و پیشنهاد تغییرات مورد نیاز.
- ایجاد فایل php.ini جهت تنظیمات ایمن در سرویس php
- بررسی سطح دسترسی همه پوشه های سایت، اعلام و ویرایش سطوح دسترسی بالای ۷۵۵
- بررسی سطح دسترسی همه فایل های سایت، اعلام و ویرایش سطوح دسترسی بالای ۶۴۴
- اصلاح و تنظیم سطوح دسترسی ناایمن با یک کلیک
- بررسی صحت و سلامت فایل configuration.php
- بررسی و تخلیه پوشه های گزارشات و نصب موقت (log & tmp)
- بررسی امنیتی مکان فایل configuration.php و پوشه های log و tmp و پیشنهاد انتقال به خارج از پوشه اصلی سایت برای داشتن امنیت بیشتر
- بررسی و حذف اطلاعات ftp ذخیره شده در تنظیمات جوملا
- نگهداری و مراقبت از سایت در برابر انواع حملات تزریق کد از قبیل: php و mysql
- حفاظت در مقابل حملات DoS
- جلوگیری از بارگذاری فایل هایی با پسوند های معین و چندگانه
- بررسی دایم فایل های بارگذاری شده به منظور یافتن موارد ناایمن
- بررسی و بهینه سازی ساختار بانک اطلاعاتی
- امکان فعال کردن قفل امنیتی سیستم (system lockdown) جهت جلوگیری از هرگونه تغییر/افزودن/حذف مدیران و افزونه ها در مواقع لزوم
- امکان تنظیمات قفل امنیتی برای فایل ها و پوشه های مد نظر
- ایجاد رمزعبور اضافه برای امنیت بیشتر بخش مدیریت سایت
- امکان تنظیم گذرواژه سراسری برای ورود به محیط افزونه
- امکان ایجاد محدودیت جهت دسترسی مدیران به کامپوننت RSFirewall
- امکان نمایش اخرین اخبار امنیتی جوملا از طریق بارگذاری و نمایش خوراک RSS
- فیلتر وقایع بر اساس میزان اهمیت به سه دسته: کم اهمیت، معمولی و بحرانی
- ارسال ایمیل اطلاع رسانی به مدیران و آدرس های تعریف شده
- درج کد امنیتی (captcha) برای ورود به پنل مدیریت جوملا
- امکان تنظیم نمایش کد امنیتی پس از تعداد معینی ورود ناموفق
- نگهداری گزارشات سیستم تا زمان معین
- امکان اسکن دیتابیس و فایل ها
- امکان محدود کردن دسترسی یک آی پی خاص به سایت شما
- امکان بلاک کشور های بازدیدکننده
شرکت سازنده کامپوننت امنیتی جوملا : www.rsjoomla.com
RSFirewall! Changelog
Version 3.0.6
- Added – Can download and import Blocklist/Safelist entries.
- Added – Can download and import Exceptions entries.
- Updated – Can filter by Country Code in the System Logs area.
- Updated – Session Handler check has been removed from the System Check.
- Updated – ‘autocomplete=off’ on the Captcha and Backend Password inputs.
- Updated – A few common files have been added to the ‘Ignored Hidden Files’ by default.
- Updated – SQL injection protection adjustments.
- Updated – Various Javascript code improvements.
- Fixed – Some checkboxes were not showing up correctly.
- Fixed – PHP 8 could show a warning message when downloading the GeoIP database.
- Fixed – ‘Search Tools’ was not staying open when filtering.
Version 3.0.5
- Fixed – In some cases protected users where not reverted to their original user groups.
Version 3.0.4
- Updated – Replaced Google Visualization JS library with Chart.js.
- Updated – ‘Referer’ has been replaced with ‘Description’ in the System Overview’s last 5 messages table.
- Updated – Removed Bootstrap 4 CDN from the ‘Backend Password’ and ‘Forbidden’ pages in favor of inline styling.
- Updated – When emptying the log a confirmation is now required.
Version 3.0.3
- Updated – PHP 8 compatibility.
- Updated – Bumped minimum requirements to use PHP 5.4
- Fixed – ‘Pause between retries’ was not working correctly.
Version 3.0.2
- Updated – Replaced references to lists as ‘Blocklist’ and ‘Safelist’.
- Updated – The System Check can now be run with Xdebug enabled by adjusting the xdebug.max_nesting_level directive.
- Fixed – Removed some ‘Ignored Hidden Files’ because some hosting providers block requests containing those names; these have been instead hardcoded in the System Check process.
Version 3.0.1
- Added – Can specify the CAPTCHA Font Size.
- Updated – SQL injection will now trigger when attacks are attempted targeting the ‘information_schema’ table.
- Fixed – Disabling the RSFirewall! System Plugin would throw an error in the Control Ppanel Module.
- Fixed – A warning that you are editing a protected user would incorrectly show up on all admins.
Version 3.0.0
- Added – Joomla! 4.0 compatibility
- Added – Option to configure the public blacklists for the ‘Protect forms from abusive IPs’ check.
- Added – ‘Optional Core Folders’ can be configured in the ‘Firewall Configuration’ – ‘System Check’ tab.
- Added – ‘Ignored Hidden Files’ can be configured in the ‘Firewall Configuration’ – ‘System Check’ tab.
- Updated – Bumped minimum requirements to use Joomla! 3.7.0
- Updated – Code improvements and deprecated functions removed.
- Updated – Google Charts API updated.
- Updated – A warning message is now shown when trying to edit a protected user.
- Updated – The ‘Additional Backend Password’ login and the ‘Blocked’ error screens now use Bootstrap 4.0
- Updated – Permissions have been moved from the ‘Firewall Configuration’ to the ‘Global Configuration’ area.
- Updated – ‘Checking if any admin users have weak passwords’ has been removed since Joomla! now uses strong hashing algorithms that can’t be easily brute forced.
- Updated – ‘Updates’ section has been removed since RSFirewall! can be updated through the Joomla! Update Manager for quite some time.
- Updated – ‘RSS Feeds’ has been removed since RSFirewall! is not a feed reader and there are plenty of dedicated tools for that.
- Updated – Filtering results is now updated to use Joomla!’s ‘Search Tools’ for a more consistent UX.
- Updated – Reworked some parts of the interface to be consistent across both Joomla! versions.
- Updated – Removed some old CSS and icons.
- Updated – Removed support for Microsoft Azure SQL databases.
- Updated – CAPTCHA now appears at all times (unless IP is whitelisted) if ‘Enable CAPTCHA’ is set to ‘Yes’.
- Fixed – ‘Last run’ message was incorrectly showing up after starting the System Check.
- Fixed – ‘Whois’ URL was showing up even when not configured.
- Fixed – In the ‘Country Blocking’ configuration, the checkboxes from ‘Continents’ were not consistent with the ‘Check All’ selections.
- Fixed – In some cases where translations were missing and the ‘System – Language Filter’ Plugin was enabled, email alerts were showing as language keys instead of their English fallbacks.
- Fixed – In some cases uploaded files were not properly scanned for malware.
Version 2.12.5
- Fixed – The * wildcard can now be used in IPv6 lists.
Version 2.12.4
- Updated – License key support for downloading the GeoIP Database from MaxMind.
Version 2.12.3
- Fixed – When the System Plugin was disabled a Fatal Error would occur when trying to empty the log.
Version 2.12.2
- Updated – SQLI protections improved.
- Fixed – In some cases false positives were triggered for the RFI protections.
Version 2.12.1
- Updated – Choose which Google APIs to use during the System Check.
Version 2.12.0
- Added – Google Web Risk API added as an alternative to the Google Safe Browsing API.
- Added – Backend Password can now be used as a parameter.
Version 2.11.27
- Fixed – After disabling the RSFirewall! System Plugin the component was no longer accessible.
Version 2.11.26
- Added – Password strength check can now be toggled off from Firewall Configuration – Active Scanner.
- Updated – Password strength now takes into account the parameters set in Users – Options – Password Options.
- Updated – Adjusted some checks to not trigger false positives on some files.
- Updated – System Check now checks if the Backend Password has been enabled.
- Updated – Removed old Joomla! 2.5 code.
- Fixed – Additional Backend Password attempts will now lead to an autoban.
Version 2.11.25
- Fixed – ‘Convert email addresses from plain text to images’ now only replaces emails from the HTML body.
Version 2.11.24
- Fixed – In some cases the GeoLite2 Country Database could not be uploaded.
- Fixed – Some bug fixes to the GeoLite2 library.
Version 2.11.23
- Fixed – The “System Check” was throwing a false positive for a file from the GeoLite2 library.
Version 2.11.22
- Updated – Country blocking is now using the GeoLite2 database.
Version 2.11.21
- Updated – IP address is now included in the subject of the email alerts.
- Fixed – Table Views are no longer checked in the Database Check because they will halt the check.
- Fixed – In some cases disable_functions was not returning the correct count.
Version 2.11.20
- Updated – Email addresses converted to images now have a transparent background.
- Updated – Email image text color can now be set in Firewall Configuration – Active Scanner.
Version 2.11.19
- Fixed – A Deprecated Warning would appear on PHP 7.2 due to an outdated library.
- Fixed – Some files would show up as modified even if you clicked on ‘Accept Changes’.
Version 2.11.18
- Fixed – In some rare cases, a MySQL warning would show up in the logs if BINLOG_FORMAT was set to STATEMENT.
- Fixed – SimplePie User Agent was incorrectly triggering the Dangerous User Agent protection.
Version 2.11.17
- Fixed – An error would occur in the Blacklist/Whitelist area when adding a range or a CIDR IP in the lists.
Version 2.11.16
- Added – Can specify new System Check options: Max retries, Pause between retries, toggle MD5 Signatures DB off.
- Fixed – In some cases the Control Panel Module would timeout due to request parallelization.
Version 2.11.15
- Fixed – In some cases country flags were not showing up correctly next to IPs.
- Fixed – IPv6 lookups could lead to malformed URLs due to an incorrect encoding.
Version 2.11.14
- Fixed – Changing a protected user could generate a Fatal Error if information was stored incorrectly in the database.
Version 2.11.13
- Fixed – In some cases, emails that were converted to images were disrupting the HTML markup.
Version 2.11.12
- Added – Joomla! 3.8.5 hashes.
- Fixed – Update Code was incorrectly reset when uploading a new configuration.
Version 2.11.11
- Added – Joomla! 3.8.3 hashes.
- Fixed – In some cases the File Manager could not list folders and files.
- Fixed – Some filenames with UTF-8 characters were incorrectly seen as threats.
Version 2.11.10
- Updated – Malware database updated.
- Updated – Can now grab IP from Cloudflare and Incapsula supplied headers.
- Updated – Non-core extensions no longer show up as missing when running the System Check.
Version 2.11.9
- Added – Joomla! 3.8.0 hashes.
- Updated – Malware database updated with ~10.000 hashes.
- Fixed – Uninstalling did not remove the Installer Plugin.
- Fixed – signatures.data.sql files are now deleted because they were causing some hosting provider virus scanners to go off.
Version 2.11.8
- Updated – No longer recommending disable_functions to include phpinfo and show_source.
- Updated – System Check now recommends expose_php to be Off.
- Updated – Some more explanations in the ‘Server Configuration’ area.
- Fixed – ‘Log all blocked events’ would not take the ‘Mozilla’ User Agent into account.
- Fixed – The #__rsfirewall_offenders table was not being pruned causing this table to reach a large size.
Version 2.11.7
- Updated – Can now remove Mozilla from ‘Deny access to the following User Agents’ section.
- Updated – System Check will now display the file modification time for core modified files and malware.
- Updated – Lockdown options have been moved to a separate tab for better visibility in the Configuration area.
- Updated – System Check now identifies dot files as suspicious (except .htaccess, .htpasswd, .htusers, .htgroups)
- Fixed – Google API key errors no longer intrerrupt the System Check.
Version 2.11.6
- Updated – Malware database updated.
- Fixed – Saving the configuration.php file was not changing permissions back to 0444.
- Fixed – mod_rsfirewall will no longer trigger the AJAX requests in parallel.
- Fixed – Cyprus was erroneously set in Asia.
- Fixed – Various language improvements.
Version 2.11.5
- Fixed – Scanning for malware AJAX response could be scrambled by an incorrect encoding of a malware pattern.
Version 2.11.4
- Updated – Malware database was updated.
- Updated – More thorough check for Joomla! < 3.6.4 vulnerability.
- Fixed – In some cases, GeoIPv6 functions might throw an error.
Version 2.11.3
- Fixed – Checking for the GeoIP v6 file was not working correctly.
Version 2.11.2
- Fixed – In some cases when using reverse proxies, the REMOTE_ADDR variable contained multiple IPs and threw an error.
- Fixed – GeoIP was incorrectly initialized when not enabled.
- Fixed – Google Safe Browsing error messages are now displayed to provide more details.
Version 2.11.1
- Updated – IPv6 GeoIP database support.
- Updated – Improved Country Blocking interface initial setup.
- Updated – Google Safe Browsing API updated to v4.
- Updated – Malware database updated.
- Fixed – Permissions were not being saved correctly due to Joomla! changes since 3.6.0.
- Fixed – Denied referers were not recorded in the System Logs even with ‘Log all blocked attempts’ set to ‘Yes’.
Version 2.11.0
- Added – Map of blocked attacks in the System Overview area.
- Updated – Malware database updated.
- Updated – Replacing email addresses with images has been re-worked to reduce page load.
- Updated – More information shown when a protected user change has been attempted.
- Fixed – No longer allows you to delete files from your Temporary Folder if it’s incorrectly set and contains your website’s folder.
- Fixed – System Logs was becoming slow due to missing indexes on tables.
Version 2.10.2
- Updated – A log entry will be created when a change is attempted on a protected user.
- Updated – A log entry will be created when the creation of a new administrator is blocked.
- Updated – Malware database updated.
- Fixed – Old log entries were not deleted according to the settings.
Version 2.10.1
- Added – Check your website’s status in Google Safe Browsing lists.
- Added – View and remove files that have been ignored during the System Check through “Accept changes”.
- Updated – Malware database updated.
Version 2.10.0
- Added – Built-in exceptions for com_plugins, com_templates, com_modules
- Updated – Show number of files (hashes) modified or missing from your Joomla! installation.
- Updated – Can overwrite modified files or add missing files straight from the Joomla! repository.
- Updated – Malware database updated.
- Fixed – If no signatures are present an error messages is shown during the System Check scan.
- Fixed – ‘Error! is not a valid folder’ message rewritten to make more sense.
- Fixed – Creating php.ini: open_basedir value could have contained empty paths in some cases.
- Fixed – Creating php.ini: open_basedir did not return the correct session.save_path.
- Fixed – Checking temporary files might not have listed files in some cases.
Version 2.9.7
- Added – View contents of files tagged as malware directly from the System Check area.
- Updated – Malware database updated.
- Fixed – Invalid data could be stored when activating ‘Protect the following users from any changes’
Version 2.9.6
- Updated – Notification emails now contain the ‘Debug information’ as well.
- Updated – System Check now ignores folders it cannot access rather than stopping.
- Fixed – System Check could not be completed when encountering a symbolic link pointing back to the Joomla! root.