Open Source Excellence Anti‐Hacker Joomla Component User Manual OSE Anti-Hacker Joomla Component User ManualVersion: 2.0 Build 211209 Released Date: 21-Dec-2009 Manual Date: 21-Dec-2009 Author: OSE Security Team. [email protected]Copyright: Reproduction and redistribution of the document is disallowed without the consent of the author. Notes: The OSE Security software series is an Open Source software series developed by Open Source Excellence Team. Licence: GPL V2, you can install it into UNLIMITED websites FOREVER! No License Restrictions! No more IONCUBE! After you buy the software, you can use it FOREVER (INDEFINITELY) You can download all upgrades within 1 year. You can receive our support within 1 year. 1
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Open Source Excellence Anti‐Hacker Joomla Component User Manual
Anti-Hacker reports that this IP tries to hack your site using the "file=" command.
However, you are sure that this is an error. Now you can add the following link to the
Whitelist Strings in the Anti-Hakcer by clicking "New" button on the Anti-Hacker -> White
List String menu:
task=playaudiofile
playaudiofile
After this, the anti-hacker will recognize the string as a whitelist string and will not
report the error to you any longer.
Example 3
For Virtuemart users, this is the Whitelis. Please enter each line to the White List String
ONE BY ONE. For example, you should create a new whitelist string, enter
"pshop_mode=admin" into the form and save. Then Create a new whitelist string
14
Open Source Excellence Anti‐Hacker Joomla Component User Manual
"/themes/default" and save, then move to the next one. After you finish adding the following
whitelist strings, you should have 5 new whitelist strings in the White List String list.
pshop_mode=admin
/themes/default
filename=resized
wz_tooltip.js
product_attributes.js
5.2 How to Whitelist a Form Field?
In order to maximize the protection, the Anti-Hacker will scan and filter content of all
form fields for suspicious hacking behaviours. Therefore, if you would like to NOT scan or
filter some form fields, you need to add the corresponding name of the form field in the
White List Form Fields list.
You may simply need to add the name of the form field into the Whitelist Form Field
List in order to ignore scanning the content of this form field. For example, the name of the
filed text in the contact form is called "text", and then you could add "text" in one form field
as follows:
Then save the record, the anti-hacker will NOT filter the content of this form field to see
whether that there is suspicious hacking behaviour. Please note that when sometimes the
scanner reports FALSE POSITIVES alerts, this function allows you to have more flexibility
in Anti-hacker filter rules to fit your Joomla system.
15
Open Source Excellence Anti‐Hacker Joomla Component User Manual
6 Frequently Asked Questions
6.1 Anti-Hacker FAQs: Which way is better to activate the Anti-Hacker?
There are three ways that you can activate the Anti-Hacker: 1. Index.php; 2. .htaccess;
and 3. php.ini. Which one is better?
We recommend php.ini and .htaccess, because this will protect all PHP programs on
your website. There are usually two modes for a server that runs PHP programs, a) fast-cig
and b) as an Apache module.
For websites running PHP as the apache module, you can use .htaccess to activate the
Anti-Hacker. However, sometimes your hosting company runs it as the fast-cgi mode, and
then if you activate it as .htaccess, you will find the 500 Internal Server Error. In this case,
you have to use the php.ini to activate the anti-hacker.
One more situation is that, your hosting company is running both php4 and php5 in fast-
cgi mode, and in this case, usually you will need to use php5.ini to activate the anti-hacker.
These are all related to how the hosting company setup their server and PHP programs,
and we try to provide both methods to all our clients in order to help you activate it. Read
more in Section 6.2 if you have trouble in activating the Anti-Hacker.
6.2 Anti-Hacker FAQs: What if having difficulties in Activating Anti-Hacker?
If you have trouble in activating the Anti-Hacker using all the ways, please try the
follows.
1. Check the PHP version of your hosting account. The Anti-Hacker is only supported by
PHP5. So please make sure your system is running PHP5.
2. Check if the Anti-Hacker Function program is working by directly opening the url
yourwebsite/administrator/scan.php?%20union (please change yourwensite to the proper
installation path). If you get the blocking message, which means the installation is proper and
the program is running, and the problem is only related to activation.
3. Create a php5.ini file under the root folder, and please add the following codes in:
;;;;;;;;;;;;;;;;;;;;;;; ; PREPEND ANTI HACKER ; ;;;;;;;;;;;;;;;;;;;;;;; register_globals = off
16
Open Source Excellence Anti‐Hacker Joomla Component User Manual
safe_mode = off allow_url_fopen = off display_errors = off; disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source; ;; The following needs to be changed according to the server setting (please check the System Guard to achieve them); open_basedir = yoursite/public_html:yoursite/public_html/tmp:yoursite/public_html/logs:/tmp auto_prepend_file = yoursite/public_html/administrator/scan.php ;;;;;;;;;;;;;;;;;;;;;;;
4. Also copy a php5.ini file to the administrator folder, and only change the line
"auto_preappend_file=******/scan.php" to " "auto_preappend_file=" (so that there is no
files pre appending in all php files in the administrator folder).
5. If the above way doesn't work, try the other two ways, .htaccess and index.php as in
Section 4, again.
6. If the Anti-Hacker still cannot be activated, please confirm to your hosting service that the
auto_preappend function is enabled.
7. Please contact use via our support desk if the problem persists with trying all the ways.
6.3 Anti-Hacker FAQs: How to Whitelist a program?
Please read Section 5.1.
6.4 Anti-Hacker FAQs: How to Whitelist a form field?
Please read Section 5.2.
6.5 Anti-Hacker FAQs: How to customize the blocking message on the ban Page
You are allowed to customize the blocking message on the Ban Page which your clients
will see when they are suspected to make suspicious activities. You can edit the message via
the "Custom BanPage" button in the main menu of Anti-Hacker.
17
Open Source Excellence Anti‐Hacker Joomla Component User Manual
6.6 Anti-Hacker FAQs: How to Update the Signature?
The signature can be updated via our UpdateMan component. Please go to our website
My Downloads Menu to download the latest signature file.
First, install the UpdateMan component in the SignatureUpdate Package/Update
Manager package at Extensions Install/Uninstall. Then go to the UpdateManager
component at Components/OSE UPMan. Upload the Signature file in the package.
After this, you can find the signature package will be listed out at the bottom of the page.
Select it to install and follow the screen tips to finish the update.
Finally, you can go to System Guard to check the current Signature version of the system.
18
Open Source Excellence Anti‐Hacker Joomla Component User Manual
6.7 Anti-Hacker FAQs: What if my user account is blocked?
If you or someone try to login with your admin account with more than the number of
attempts that you set in the Open Source Excellence Authentication plugin, your admin
account will be blocked. You will see the following screen the first time of the failed login
(assuming that you set the maximum attempts to be 3):
When you have tried more than 3 times, your account will be blocked and you will see
the following:
If you would like to unlock your account, you need to go to your database management
tool, for example, phpmyadmin, to unlock your account. Go to the jos_users table, and
change the value of "block" of that account FROM 1 TO 0 as presented in the following
screenshot:
19
Open Source Excellence Anti‐Hacker Joomla Component User Manual
6.8 Anti-Hacker FAQs: What if my IP is banned?
If you are an administrator of the website, but you are banned, what should you do?
1. Temporarily remove the following lines in the corresponding files depending on which
way you used to activate the Anti-Hacker function:
A) require_once ('/absolute_path_to_antihacker/scan.php'); from the index.php
B) auto_prepend_file=/absolute_path_to_antihacker/scan.php from php.ini
C) php_value auto_prepend_file "/absolute_path_to_antihacker/scan.php" from .htaccess
20
Open Source Excellence Anti‐Hacker Joomla Component User Manual
Then login the Joomla back-end to remove your IP from the blacklist of Anti-Hacker or
whitelist it.
OR
2. If you have PHPMyadmin or any database management tools, you can find the table
"jos_anti_hacker_iptable", and remove your IP from the table. That will help you gain the
access back to the backend.
6.9 Anti-Hacker FAQs: How to set a password to protect a folder with .htaccess?
You could easily create it using the System guard.
Please go to System Guard (originally the GuardXT component), and click the Start
wizard in the Joomla Server Configuration Check Section:
21
Open Source Excellence Anti‐Hacker Joomla Component User Manual
In the wizard, please enter the username, password, and the path you would like to store
your .htpasswd file. For instance, you may set them as follows:
username: testinguser password: testinguser
path to store .htpasswd: /home/youraccount/.htpasswd/admin/
22
Open Source Excellence Anti‐Hacker Joomla Component User Manual
After you click the Create button, you will see the following page. Please note that after
clicking the Create button, the password has been create, therefore, you don't need to copy
codes to .htaccess and .htpasswd files (shown under "Your Password has been created").
The password will be created and you will be asking for the user name or password you
just setup.
6.10 Anti-Hacker FAQs: How to disable insecure functions for PHP environment?
In order to enhance the security of your Joomla website, we recommend you to disable
some insecure functions for the PHP environment.
Please disable these functions using any of below methods by adding the following