RSJoomla! Blog - RSFirewall!

We keep RSFirewall! inline with the evolving attacking methods, thus we’re releasing this new revision - 18, with improved XSS (Cross-site scripting ) and LFI (local file inclusion) detection methods.

Updated XSS detection

In the new revision, RSFirewall! relies on an increased range of XSS filtering and uses extra triggered actions to block XSS attacks. The attacks are automatically blocked.

Why is important to protect your Joomla! website by XSS attacks?

XSS attacks affect the end user, not the website itself because of the improperly variable validation in web applications, thus allowing to run arbitrary code (JavaScript, HTML, Flash, etc) on the user computer.

Starting with RSFirewall! rev. 15, we have introduced a new Active Scanner option :
user-agents check for common malware user agents.

Basically, when the Active Scan runs (is enabled from the RSFirewall! configuration), it will look for automated scripts meant to scan websites for vulnerabilities. These will be detected with the help of user agents and will be blocked and reported into the log.

The option is active by default, but if you don't want to perform this task you can disable it from Firewall! Configuration:
Components - > RSFirewall! -> Firewall Configuration -> RSFirewall! Active Scanner.

Check user agents for common malware:

As we assumed, the Joomla! Day Netherlands, 2010 turned out to be a great event. Thanks to the organizers that invited us to speak at the event and to the friendly Dutch community that we have met during the event.

In case you didn't have the chance to watch it live on Joomla! Day Netherlands, we have made the presentation available for download in a .pdf format.

Today we've released RSFirewall! Revision 9, which contains a new feature: it cleans the backdoored versions of Jumi from your website. You can read the changelog here.

Jumi is a very popular Joomla! component, some of our customers being already affected by this backdoor - so we added this security measure as an extra protection layer to keep our customers' websites safe.

As usual, we advise you to run the System Check and follow the on-screen instructions to obtain a better security rating on your website, keep passwords safe and always be up to date with the latest software versions and the latest threats.

Hackers, take overs, denials of service.. what a mess!

We launched RSFirewall! to secure Joomla! websites and it is doing a great job. We received a lot of feedbacks from happy customers that no longer have intrusion problems which makes us happy.

However, to those who got their Joomla! hacked, here's a small guide on what to do next:

How to repair a hacked Joomla! website:

• Get RSFirewall!

• Scan the website with the RSFirewall! security scanner for Joomla!. If the website was hacked, it will look for missing or modified Joomla! files, known Joomla! malware scripts, SQL injections and other vulnerabilities.