Akeeba Admin Tools Pro or OSE Security Suite?
-
-
- Franck
- Elite Rocketeer
- Posts: 1049
- Thanks: 0
-
Hello,
I'm seriously thinking to secure my sites with a good security component. I have a large site that was hacked so many times. I used two years ago a security component but I had too many problems with false positives, cities, states or countries blocked... it was a real nightmare and I decided to remove this component. Now I want to secure all my sites (new or migrated Joomla! 2.5 and 3) with a good component. What component do you recommend Akeeba Admin Tools Pro or OSE Security Suite? What are our experience?
Also, i saw another component that seems good: OSE anti-virus. However i don't know if it's good to use it in combination with Ose Security Suite or Admin Tool Pro.
Thx for your advices.
-
-
-
- Bill Justesen
- Rocketeer
- Posts: 69
- Thanks: 0
-
You made a wise decision. I've had a lot of good luck with Admin Tools Pro. The only tricky part is granting access to specific php files or folders to ensure everything works properly. :cheesy:
And if you run into problems using Admin Tools Pro with some of the RocketTheme Rok* products, check out this thread to disable the "Protect against common file injection attacks" option from the .htaccess file.
EDIT: I noticed that after creating my content I could restore the file injection attacks option and the front of the site works fine.
-
-
-
- Franck
- Elite Rocketeer
- Posts: 1049
- Thanks: 0
-
Hi Bill, thanks a lot to talk about this potential problem with Rockbox.
Do you have any advice about folder and php files access specificaly?
I think I will give a try to this free script that monitor files change, in adition of Admin Tools Pro
www.webchicklet.com/tools/monitorhackdfi...-fight-site-hackers/
-
-
-
- Bill Justesen
- Rocketeer
- Posts: 69
- Thanks: 0
-
I can think of a a couple of different plugins that need to be whitelisted if you use them. I haven't had too many problems yet with Admin Tools.
I bolded the lines you'll need to add to the section entitled "Allow direct access, including .php files, to these directories."
XCloner ( www.xcloner.com ) - simple backup solution
administrator/components/com_xcloner-backupandrestore
MyJoomla ( www.myjoomla.com ) - security audit of site
plugins/system/bfnetwork
I found that CAPTCHA systems need to allow access to only one file, usually. You'd put that in the "Allow direct access to these files" section.
And for other issues, you may want to review this document here:
www.akeebabackup.com/documentation/troub...ccessexceptions.html
-
-
-
- Franck
- Elite Rocketeer
- Posts: 1049
- Thanks: 0
-
Thx a lot Bill. These informations are very useful. I will see what I'm able to test on my dev server before applying on my live site.
About the script that I mentioned in the previous post, I use it since a long time on a wordpress installation and it works great. I receive an email every time a file is modified.
I going to test it with joomla installation in the next weeks.
-
-
-
- Bill Justesen
- Rocketeer
- Posts: 69
- Thanks: 0
-
Franck, that MonitorHackdFiles tool looks interesting. I've been playing around with it for a while today.
Make sure you add the three files, mhf-install.php, mhf.php, and monhf.php to the "Allow direct access to these files" exceptions list in htaccess maker. (Once you've finished installing the mhf-install.php program and deleted it from your Web host, remove it from the exceptions too.)
-
Time to create page: 0.070 seconds