Features

* GNU/GPL license. Purchase and install in unlimited domains. * , and  compatible. * A new AJAX interface to manage entire extension quickly and easily. * Web Firewall         - Blacklist (ip range allowed).         - Whitelist (ip range allowed).         - Dynamic blacklist.         - Events recording, which can be viewed by admins from backend.         - Alert or strict mode.         - Redirection to a default page or drop connection if an attack is detected.         - Second level protection to find suspect words (with editable list of suspect words).         - Base64 check.         - Email notification.         - Filter exception, mode and priority selection for greater flexibility.         - User session protection.         - Session hickjacking protection.         - Export logs in csv format. * File Manager     You can check file/folder permissions and easily view misconfigured configurations. Any problem? Click 'Repair' button and permissions will be corrected. * File Integrity     Thousands of files in our Joomla website, how to know if one of them is modified?With File Integrity you will be alerted when a change occurs in any file. * Cron Plugin     Get files status without afecting QoS. Launch File Manager or File Integrity tasks when your server has less workload. * .Htaccess protection                                                                                                                                                Lot of traffic from bots?     Block malicious user-agents and increase overall security esily with this feature. * Module Info     Check your Joomla security status at a glance. * Vulnerabilities checking     Performs a check of the versions of all the components, plugins and modules of your joomla installation, comparing them with its database to show what products are updated and what not. target individually test of every extension to avoid vulnerabilities: we do the work for you. * Vulnerabilities database     Securitycheck Pro incorporates a database where you can see all the vulnerabilities known to our version of Joomla. This database is constantly updated to include the latest vulnerabilities. * Akeeba Live Update integration     We have included this feature to easily manage and update new releases. * Translations Only in Pro version

Comparation

Changelogs

25-Apr-2013: Released version 2.4.1

• Database update until 26-04-2013 (1 new vulnerability and 7 new Joomla! Core vulnerabilities added) (both versions).
  
• Improvements in source code to work fine in different environments  (both versions)
      Securitycheck and Securitycheck Pro have been tested in the following environments:
          - WAMP server, LAMP server, LEMP server (Linux, Nginx, Mysql and PHP) and  MAMP server.
• Changed 'storage' table structure to avoid problems when restoring a backup (thank you BJ) (both versions).

07-Apr-2013: Released version 2.4.0

• Database update until 06-04-2013 (1 vulnerability updated and 1 new vulnerability added) (both versions).
  
• 'Check vulnerabilities' option modified (both versions).
      This option shows now even Joomla core components (and modules and plugins in Pro version) installed.
• Improvements in Hexadecimal validation and 'Escape strings' filter of Web Firewall Plugin to avoid false positives in certain cases (both versions).
• New .htaccess option: Backend Protection (both versions).
      Now you can hide your backend url adding a secret key. This will prevent dictionary and brute force attacks against your administration page.
• Improvements in install script to check when database tables are created and if php and Joomla! versions requirements are met (both versions).
  

17-Mar-2013: Released version 2.3.1

• Added Brazilian Portuguese (pt-BR) (thank you to Carlos Rodrigues de Souza) and Catalan (ca-ES) (thank you to José Luis Hernández) languages (Only in Securitycheck).
  
• Fixed bug in '.htaccess protection' (Only in Pro versions).
      'Banned user-agents' are not applied when 'default banned list' is applied.
  
• Added 'System Info' option (both versions).
      This option give us info about our Joomla, PHP and Mysql configurations, useful if we have some kind of problem.
• Added verification over database operations (both versions).
      When mysql directive "max_allowed_packet" is too low, no data is stored in the database. Now the code checks if this happens and shows a warning.
      IN SOME JOOMLA 2.5 INSTALLATIONS THE CHECK NEVER ENDS BECAUSE EXCEPTIONS ARE NOT CAUGHT. THIS DOES NOT HAPPEN IN 3.X BRANCH. I THINK THIS IS A JOOMLA ISSUE.
• Fixed bug in 'Check vulnerabilities' option (Only in 3.x Pro versions).
      This option wasn't showing all extensions installed.

01-Mar-2013: Released version 2.3.0

• Redesign of the source code for 'File Manager'(both versions) and 'File Integrity' options (Only in Pro versions).
  'File Manager' and 'File Integrity' analysis should take significantly less time than before. Now we also see a progress bar to get an idea of how log it will take the task.
• Added CSRF protection (both versions).

04-Feb-2013: Released version 2.2.1

• Database update until 04-02-2013 (3 new Joomla core vulnerabilities added) (both versions).

28-Jan-2013: Released version 2.2.0

• Added French (fr-FR) translation (thanks Soufiane!) (both versions).
  
• Added a new option: .htaccess protection. Now you can block malicious user-agents and increase overall security with this new feature (Only in Pro versions).
• Database update until 25-01-2013 (4 new vulnerabilities added) (both versions).

07-Jan-2013: Released version 2.1.3

• Improvements in Web Firewall plugin to avoid errors when certain server values are not set (both versions).
  
• Improvements in Web Firewall plugin source code (both versions).
• Added new option to File Manager/File Integrity. Now we can choose whether to store or not exceptions in the database (Only in Pro versions).
  
• Improvements in Filemanager model to avoid execution timeouts in large sites (thank you Tony) (both versions).
  
• Improvements in Filemanager model to avoid errors when a path is not readable or it is not valid (Only in Pro versions).
  
• 'Ars Liveupdate' updated to the latest version (both versions).
  
• Database update until 07-01-2013 (3 new vulnerabilities added) (both versions).
  

13-Dec-2012: Released version 2.1.2

• Fixed bug in 'Second level filter' with Zoo yootheme (thanks Leonardo) (both versions).
  
• Added disclaimer to cPanel (both versions).
  
• Css was not applying correctly to 'Vulnerabilities info' screen (Only in 3.x Pro versions).
  
• Improvements in Hexadecimal check to avoid false positives when '%' char is present (thanks Tanjitsu) (both versions).
  
• Database update until until 13-12-2012 (2 new vulnerabilities added) (both versions).

28-Nov-2012: Released version 2.1.1

• Added option to entirely disable each filter in Web Firewall plugin (both versions).
  
• Database update until 26-11-2012 (1 new vulnerability added) (both versions).

20-Nov-2012: Released version 2.1.0

• Improvements in 'Using integers' filter to avoid false positives. (both versions).
  
• Database update until 19-11-2012 (1 new vulnerability added) (both versions).

09-Nov-2012: Released version 2.0.9

• Fixed bug in Web Firewall plugin with JCE and ImageManager (thank you again, Raffaele!) (both versions).
  
• Database update until 08-11-2012 (1 new Joomla core vulnerability added) (both versions).

01-Nov-2012: Released version 2.0.8

• Added 'Sessions garbage collector' to avoid false positives in session hijacking checking (Only in Pro versions).
• Improvements in Web Firewall plugin (both versions).
  
• Database update until 02-11-2012 (2 vulnerabilities updated and 1 new vulnerability added) (both versions).

22-Oct-2012: Released version 2.0.7

• Added Japanese (ja-JP) translation (thank you to Norito Yoshida)  (Only in Securitycheck).
• Database update until 11-10-2012 22-10-2012 (2 vulnerabilities updated and 3 new vulnerabilities added) (both versions).

11-Oct-2012: Released version 2.0.6

• Added Dutch (nl-NL) translation (thank you to Martijn Maandag)  (Only in Securitycheck).
• Improvements in language files to avoid parsing errors (thank you to Martijn Maandag again!) (both versions).
• Improvements in Web Firewall plugin  (both versions).
  
• Database update until 11-10-2012 (1 new Joomla core vulnerability added) (both versions).

06-Oct-2012: Released version 2.0.5

• Fixeb bug in 'Mark all unsafe files as safe' option. (Only in Pro versions).
• Added checking of deleted files (both versions).
• Database update until 06-10-2012 (1 new vulnerability added) (both versions).

14-Sep-2012: Released version 2.0.4

• Database update until 14-09-2012 (3 new vulnerabilities added and 1 vulnerability updated) (both versions).

05-Sep-2012: Released version 2.0.3

• Fixed bug in 'System File status' when doing a search or filter results. (both versions).
• Database update until 04-09-2012 (1 new vulnerability added) (both versions).

29-Aug-2012: Released version 2.0.2

• Improvements in Cron plugin to properly update database when a cron task has been launched. (Only in Pro versions).
• Database update until 29-08-2012 (1 new vulnerability added) (both versions).

23-Aug-2012: Released version 2.0.1

• Fixed a bug in 'Initialize Data' clearing last checking info (Only in Securitycheck).
• Italian (it-IT) translation added (thanks to Raffaele Silano) (Only in Securitycheck).
  
• Extension icon changed (both versions).
  
• Database update until 23-08-2012 (1 new vulnerability added) (both versions).

15-Aug-2012: Released version 2.0.0

• New AJAX interface to manage entire extension quickly and easily (both versions).
• File Manager to check and repair file/folder permissions (both versions).
  
• File Integrity to get your files under control (Only in Pro versions).
  
• Cron Plugin to launch tasks without affecting QoS (Only in Pro versions).
• Module Info to check your Joomla security status at a glance (Only in Pro versions).
• Akeeba Live Update integration to easily manage and update new releases  (both versions).
  
• Database update until 15-08-2012 (4 new vulnerabilities added) (both versions).

23-Jul-2012: Released version 1.3.7

• Modifications for upcoming 2.0.0 version (Only in Pro versions).

17-Jul-2012: Released version 1.3.6

• Improvements in component versions detection (both versions).
• Database update until 2012-15-07 (1 new vulnerability added) (both versions).

20-Jun-2012: Released version 1.3.5

• Database update until 2012-20-06 (2 new vulnerabilities included) (both versions).

18-Jun-2012: Released version 1.3.4

• Portuguese-Brasil (pt-BR) translation added and Italian translation completed (Only in Securitycheck) (thanks to Carlos Souza and Raffaele Silano).
• Database update until until 2012-18-06 (1 new vulnerability) (both versions)

12-Jun-2012: Released version 1.3.3

• Improvements in SQL Injection filter to avoid falses positives in JCE Image Manager (both versions) (thanks to Raffaele Silano).
• Database update until until 2012-12-06 (1 new vulnerability) (both versions).

21-May-2012: Released version 1.3.2

• Database update until until 2012-21-05 (1 new vulnerability included) (both versions).

17-May-2012: Released version 1.3.1

• Added a new option in blacklist (Only in Pro versions).
      Now we can choose if we want to receive an email when a blacklisted ip tries to access our website.
• Improvements in SQL Injection filter to avoid falses positives under certain circunstances (both versions).
• Database update until until 2012-15-05 (1 vulnerability updated and 1 new vulnerability) (both versions).

24-Apr-2012: Released version 1.3.0

• Added Info Module in Control Panel (Only in Pro versions).
      Now we can see Securitycheck Pro icons on our administrator back-end's Control Panel page with useful info (vulnerable components installed, logs not readed and updates available).
• Improvements in mail options (Only in Pro versions).
• Database update until until 2012-24-04 (3 new vulnerabilities included) (both versions).

11-Apr-2012: Released version 1.2.7

• Improvements in plugin filters (both versions).
• Improvements in component source code (both versions).
• Database update until until 2012-11-04 (1 vulnerability updated)  (Only in Pro versions).

07-Apr-2012: Released version 1.2.6

• Database update until 2012-07-04 (1 new vulnerability included).

04-Apr-2012: Released version 1.2.5

• Database update until 2012-04-04 (2 Joomla core new vulnerabilities included).

22-Mar-2012: released version 1.2.4

• Improvements in SQL filter (both versions).
• Improvements in logs management (both versions). Now we can choose multiple logs to be marked as read, unread or to be deleted.
• Fixed bug in update mechanism (both versions).
• Included emails' limit in email notifications option (Only in Pro versions).

15-Mar-2012: Released version 1.2.3

• Fixed bug to properly close backend user sessions (thanks to Ceri Shaw).

11-Mar-2012: Released version 1.2.2

• Database update until 2012-15-03 (2 Joomla core new vulnerabilities included).

07-Mar-2012: Released version 1.2.1

• Italian translation (Only in Securitycheck). Thanks to Danilo Petrozzi!!
• Fixed bug when you marked a log entry as readed (Only in Securitycheck). For 1.6 and 1.7 versions.
• Session protection (both versions). Concurrent user sessions are not allowed.
• Session hijacking protection (Only in Pro versions). Prevents session hijacking.
• Vulnerabilities database updated (both versions). To include vulnerabilities until 03/07/2012.

06-Feb-2012: Released version 1.1.0

• Autoupdate (Only in Pro versions). Securitycheck Pro will be updated automatically if there is a new version available.
• Export logs (Only in Pro versions). Now you can export recorded logs in a .csv file.
• Automatic deletion of old logs (both versions). Logs recorded a month ago will be automatically deleted.
• Avoid repeated records (both versions). Improvement to avoid the creation of multiples logs for the same attack.
• Improvements in XSS Filter and addition of 'HTTP Referer' check (both versions). To prevent certain type of attacks.
• Hexadecimal strings check (both versions). Checks strings in hexadecimal format to prevent certain type of attacks.
• Vulnerabilities database updated (both versions). To include vulnerabilities until 01/25/2012.

18-Nov-2011 : v1.0.0

-------------- Initial Changelog Creation -----------------

FAQs

It´s Securitycheck less secure than Securitcheck Pro?
No. Both use the same engine to detect attacks on our web site.

When is Securitycheck - Securitycheck Pro updated?
Our team checks the main websites reporting vulnerabilities, as well as other types of Web sites to keep abreast of the latest threats and incorporate them into the database and engine detection of our extensions.

Am I completely protected with Securitycheck - Securitycheck Pro?
No. We can never feel completely safe with a security product. From this premise, our detection engine has been tested with 90 different types of attack, with a detection rate close to 100%. Furthermore, we are alert against new types of attack to incorporate its patterns into our detection engine.

Why is it so important to know if we have vulnerable components?
Because many attacks against Joomla are conducted through components that are vulnerable. In many cases, these components were installed by some need and now are disabled or not updated, but they are a potential danger source that still remain in the system.

What benefits incorporates Securitycheck Pro on Securitycheck?
Comfort. Securitycheck Pro includes many extra features that make it a complete suite of protection.Please, click 'Comparation' tab to see the differences.

Requeriments

We need the same requeriments that Joomla 2.5.x and 3.x branch (See Joomla technical requeriments), and the extension has been tested in LAMP, LEMP (Linux, Nginx, Mysql and PHP), WAMP and MAPM servers.

Since 2.3.0 version, all extensions require, at least, PHP 5.3+.

In addition, Live Update use cURL PHP function or URL fopen() wrappers to check new versions. If both functions are not installed, components will work but will not be able to check if there are new updates.