About OSE Anti-Hacker™for Joomla!
OSE Anti-Hacker™ for Joomla! (full name: Open Source Excellence Anti-Hacker™ component for Joomla!) aims to help you reduce the risk of your Joomal website being hacked, secure you private data, and protect your system files from malicious codes and attacks. It can be installed as a component on your Joomla! website or on the platform of our OSE Security Suite. It supports Joomla 1.5, 1.6, 1.7, 2.5 and the future 3.0.
It’s suitable for all kinds of websites, including online stores, small business, personal websites, public institutes, etc developed with the Joomla! system. It’s easy to use and has very friendly interface for you to customize for your own demands.
The application is competent to perform an advanced protection for your Joomla system. Further, it can also protect ALL OTHER PHP systems (for instance VirtueMart, Magento, Drupal and WordPress, etc) on the same server. In addition, we will instantly respond to your queries to give supports and keep improving our products. We also provide a series of optional related services to further enhance the security of your websites.
It's suitable for all kinds of websites that are written in PHP. This includes online stores, small business websites, personal websites, and public institutes, etc. It's easy to use and has a very friendly interface for you to customize for your own demands. The application is competent to perform an advanced protection for ALL PHP systems (for instance Joomla, VirtueMart, Magento, Drupal, PHPBB, Coppermine, and WordPress, etc).
Major technical features
1. A firewall system with double layers of protection
Our anti-hacking solution utilizes two layers to protect your PHP websites. Layer 1 is a signature-based detection system, where it detects the most common hacking behaviors through a surface scanning in the URL. Once a hacking behavior is found in the targetted URL that matches one of the hacking signature defined in the layer 1 rulesets, the activity and the corresponding IP will be banned immediately.
If the Surface scanning in Layer 1 does not detect anything, the system will start analyzing the User Agent and all request methods and values (e.g. COOKIES, POST values from any forms, GET values from the URL) through the Layer 2 detection system. Layer 2 is a pattern-based Instruction Detection Systems, where it scans all request variables against a set of hacking patterns. If it finds a matching pattern, a counter will start accumulating the risk score until the scanning is completed. The attack will be banned or sanitized if the total risk score exceed the pre-configured risk threshold.
2. File upload scanning, a must have for anti-hacking solutions
Hackers usually utilize the file upload vulnerabilities to upload malicious codes, as an anti-hacking solution, file upload scanning is a must-have. With OSE Security Suite, all files uploaded will be examined for two things:
a) Does the file extension match the real extension of the file?
b) Is the file a malicious file?
With OSE Security Suite, all uploaded files will be scanned with OSE Anti-Virus. If your server has installed ClamAV (an open source anti virus software) and the socket access is open to your website, those uploaded files will be scanned by ClamAV as well to ensure no malicious codes are embeded in the files.
Apart from the above, OSE Security Suite also provides a malicious file type detection function. This checks whether the type of files uploaded by the user is consistent with the real type of the file. If the file is found to be a faked file, e.g. a shell code which pretends to be an image, the system will block the action and the user's IP immediately.
The system has an anti-flooding function which stops users from too frequent visits to your server by throwing a 503 Error page or block the user's IP. Flooding is one of the main method used by hackers to stop the service of your http and mysql servers so anti-flodding is including in the security suite.
4. Three modes of scanning and blocking reaction
There are three modes of scanning and blocking reactions, each of which can help you reduce hacking attempts while maintaining your SEO ranking:
- 'Ban IP and show ban page to stop an attack' with the custom SEO ban page: this mode blocks IP immediately when a hacking attempt is found.
- 'Show a 403 error page and stop the attack': this mode stops the hacking by throwing a 403 error page
- 'Silently filter hacking values': this mode removes the hacking attempts from all hacked variables silently while allowing the attacker's IP active until it reaches the maximum allowed attempts. Once it reaches the maximum attempts, the attacker's IP will be blocked permently.
5. Detailed reporting and blocking reactions
Whenever a hacking attempt is found, OSE Security Suite will create a detailed report explaining what rules the hacking is violating and the attacking value being found. Meanwhile, an alert email will be sent out immediately to keep the adminsitrators informed. There are two actions the anti-hacker will take to these hacking alerts:
- Block the IP and send email alerts: If the hacking triggers any rules in layer 1 and layer 2 protection, and the total risk score exceeds the pre-configured risk threshold, the IP will be blocked and the alert email will be sent to inform the administrators.
- Monitor the IP and send email alerts: If the total risk score of the suspicious behaviour is lower than the pre-configured risk threshold, the IP will be logged for monitoring purpose. Though this is logged as monitored, it is important to inform the administrators as well so alert emails will also be sent to the administrators in this case.
6. 300+ signatures and 70+ security patterns
OSE has more than 300 signatures for Layer 1 rulesets and more than 70 patterns for Layer 2 rulesets. The rule sets will be updated regularly in order to effectively block hacking attempts.
8. Flexible configuration
Not all security rules will apply to your web application, to allow more flexibilities in protecting your web application, OSE Security Suite has built a user-friendly configuration panel to turn on and off different security rules. Also, if false alerts are reported, different signatures and patterns can be set to ignored to avoid future false alerts.
9. Search Engine Friendy
This is a new feature in version 5, OSE provides the option for users to turn on or off the scanning of Search Engine bots. While ignoring the hacking scanning of Search engine bots avoids blocking search engine bots falsely, the risk of the hackers who intend to hack a website by spoofing as a search engine bot will increase. OSE Security has thought about this carefully and develop a method to allow search engine bots to scan your websites while monitoring it closely in case it is a real attack and take actions correspondingly.