Menu

Topic-icon several wishes

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 year 6 months ago #4632 by flaemingwerbung
several wishes was created by flaemingwerbung
As announced in the other forum part here are some feasture requests we have.

5.
There should be an option to download the latest hash database on demand and I should also be able to see when the last update occurred.

9.
the green and red message/alert about translations and the necessary pro version on remote websites go not away *permanently*. But they should once I clicked them away.

10.
Manage Websites list shows time of last contact and last backup, but not date of last integrity and permissions check. These are only in details, I should be able to view these in the overview. What does the time of last contact help me if I don't know when the checks actually ran? Could be months ago. I know there are restraints in showing all of that in the table, but if I look at the table there's enough space for improvements in width, so that you can show more details for single tasks.

11.
I should be able to view *all* new firewall entries in a single list in pro center. e.g. list all new entries for *all* sites in one table. And once checked have a single button have them deleted remotely, all of them on all sites. Basically, I should be able to view all relevant security information with one single login, otherwise the "pro center" doesn't help very much to manage sites. An option to mail me this information after contact would also be helpful. There's already an option on each single installation, but it's only a confirmation that the checks ran. (There's an option that informs me of each single firewall event. That's too much! Maybe an aggregated email for all sites once a day or once a week would be nice.)

12.
Extending 11:
I enabled the url checking. At first it was informative, but most requests in this category are for wp-login.php and only for wp-login.php (e.g. there is no following request for joomla vulnerabilities). And they are a lot. I could remove that word from the list of words to check for, but in a central list I would rather want to have it excluded from logging or aggregated in logging, e.g. "17 log entries for wp-login.php". Might be too complex to implement this, though.

15.
remote akeeba backup (once it works for me): I miss an option to specify a backup profile.
16.
as the cron option of security pro seems to work fine I would like to use it for other scheduling as well. For instance for akeebaa scheduling (akkeba's schedule by wget url doesn't work for us at all.). This is actually a request for Pro not for the control center.

Thanks!

Please Log in or Create an account to join the conversation.

More
1 year 6 months ago #4637 by Jose
Replied by Jose on topic several wishes
Hi again Martin! :)

5.
There should be an option to download the latest hash database on demand and I should also be able to see when the last update occurred.

Do you really need this? You can see when the last integrity was launched from File integrity screen -> Integrity check summary:

Attachment not found

9.
the green and red message/alert about translations and the necessary pro version on remote websites go not away *permanently*. But they should once I clicked them away.

Yes, you're right. I added the "close" button but only during the session. i will check how to solve this.

10.
Manage Websites list shows time of last contact and last backup, but not date of last integrity and permissions check. These are only in details, I should be able to view these in the overview. What does the time of last contact help me if I don't know when the checks actually ran? Could be months ago. I know there are restraints in showing all of that in the table, but if I look at the table there's enough space for improvements in width, so that you can show more details for single tasks.

Yes, I designed the main page as a resume. I will try to show that info too.

11.
I should be able to view *all* new firewall entries in a single list in pro center. e.g. list all new entries for *all* sites in one table. And once checked have a single button have them deleted remotely, all of them on all sites.

I haven't found a secure way to do this yet; I'm still investigating how to add this feature.

Basically, I should be able to view all relevant security information with one single login, otherwise the "pro center" doesn't help very much to manage sites. An option to mail me this information after contact would also be helpful. There's already an option on each single installation, but it's only a confirmation that the checks ran. (There's an option that informs me of each single firewall event. That's too much! Maybe an aggregated email for all sites once a day or once a week would be nice.)

Well, alerts are not designed only to notify you about an attack. When you receive an attack the offensive IP is added to dynamic blacklist; this is, is blocked during a certain period of time. So you should add it to blacklist. Some customers of mine have 1000 log entries and don't pay attention to mails/alerts. I told them: "Ey, you should check your logs at least once per day".
Anyway I will check if I can add an email resuming the alerts.

12.
Extending 11:
I enabled the url checking. At first it was informative, but most requests in this category are for wp-login.php and only for wp-login.php (e.g. there is no following request for joomla vulnerabilities). And they are a lot. I could remove that word from the list of words to check for, but in a central list I would rather want to have it excluded from logging or aggregated in logging, e.g. "17 log entries for wp-login.php". Might be too complex to implement this, though.

Yes, there are many entries (I got 100 entries in two days after enabling it). And what does this mean? That bots are launching automated scans (or hacking attemtps) against wordpress resources. This is why all IPs must be add to blacklist. In a future maybe they could launch attacks against a Joomla vulnerability. This is a measure to prevent future attacks. If you have many log entries just select the option to not add logs (Url inspector -> Write to log -> No).

5.
remote akeeba backup (once it works for me): I miss an option to specify a backup profile.

I'm not sure if this is possible in remote backups. I will check it.

16.
as the cron option of security pro seems to work fine I would like to use it for other scheduling as well. For instance for akeebaa scheduling (akkeba's schedule by wget url doesn't work for us at all.). This is actually a request for Pro not for the control center.

Yes, this is in my TO-DO list, but for Control Center.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.094 seconds
Powered by Kunena Forum

Login or Sign In