Menu

Marco’s SQL Injection

March 26th, 2013

Marco's SQL InjectionThis plugin adds a simple but, in most cases, fondamental protection against SQL injection and LFI (local files inclusion) attacks. It checks data sent to Joomla and intercepts a lot of common exploits, saving your site from hackers.

* Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
* Notifies you by e-mail when a alert is generated.
* Protect also from unKnown 3rd Party extensions vulnerability.
* White list for safe components (at your risk πŸ˜‰ )
* automatic ip blocking on attack

Enable mail report and prepare yourself to be scared!

Anyway remember that security it is a ‘forma mentis’, not a plugin!

HISTORY

Version 1.2 Mar 26th, 2013:
* Joomla! 3.0 compatility & coding style
* try – catch table checking
* InnoDB table support
* it works fine, nothing else to do on J2.5 πŸ˜‰

Version 1.1 (Mar 10th, 2011)
* ip auto banning on attack (ip blocking)
* RegEx improvements to intercept more SQL attacks

Version 1.0 (Jan 7st, 2011)
* Joomla! v1.6 compatibility
* send mail also when error is raised
* minor code optimization

Version .98a (Jun 1st, 2010) Thanks to Jeff
* fixed backtics matching
* fixed union all matching
* fixed ….// exploit
* added more info to report mail

Version .98 (May 29th, 2010)
first release.

Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not “THE SOLUTION”.