Orange Hat Studios

Providing Joomla! and WordPress CMS extensions

OHSecurity

Created By Orange Hat Studios
Released 2018-05-09
Latest Release 2018-09-21 00:00:00
Includes Component, Module, Plugin
Viewed 1,473
Type Both Versions Offered
License GPLv3+
Uses Updater Yes
Platforms Joomla! 3.x, WordPress
Downloaded 347

Please note that OHSecurity is a fork of DMC Firewall by Dean Marshall Consultancy Limited. If you have DMC Firewall installed and install OHSecurity along-side - we will copy any settings and records from DMC Firewall and will unpublish DMC Firewall and all related plugins and modules. Additionally, if you have an active subscription for DMC Firewall, we will honour that subscription - simply get in touch with us and provide us with the invoice that you received from Dean Marshall Consultancy relating to your subscription.

What is OHSecurity?

OHSecurity is a Joomla! and WordPress Security extension that blocks hackers and bad bots from penetrating your website.

What does OHSecurity do?

OHSecurity provides additional protection to your Joomla! powered website. By default when a 'hacker' attempts to compromise your website, Joomla! produces a '403 Forbidden' message but allows the hacker to keep trying.

With OHSecurity, we block the attempt and all access to your website - preventing the hacker from trying multiple times. OHSecurity works on a '1 strike and your out' rule.

OHSecurity is built up on a number of plugins, modules and a component. Below we will outline the tasks of each so you can gain a better understanding of how OHSecurity works.

OHSecurity Explained

Component - OHSecurity

The component provides you with a friendly user interface where you can manage the OHSecurity settings. You also have a number of security 'tasks' that you can perform from within the component such as changing the database table prefix, changing weak Super Administrator passwords, configuring which 'bad bots' to ban, turning OHSecurity into 'test mode', view the statistics of hack attempts - SQL Injection attempts and the number of 'bad bots' which tried to access your website. You can also see a number of issues that need attention - such as Super Administrators using 'weak passwords', if you are using the default Super Administrator account, if you are using a 'weak' table prefix.

Plugin - System - OHSecurity

This plugin does all the 'heavy lifting'. The system plugin checks all page requests that are sent to Joomla! - making sure they are safe. The plugin checks for 'bad bots, hack attempts and SQL Injection attempts' and only blocks the bad requests meaning that legitimate visitors are allowed to view your website. This plugin also handles the requests to the centralised blacklist where all bad activity is stored (this is stored on our servers).

Plugin - System - OHSecurity Content Sniffer

This 'system' plugin 'sniffs' your websites output just before it is rendered to the end user. It looks for any 'bad content' that shouldn't be there. If any of the content contains these 'bad words', an email is sent to the 'webmaster' informing them that their website may have been compromised. Some websites may contain these 'bad words', just like our website does in some of our blog articles. For this reason we didn't want an email being sent to us every time the 'bad words' were found in the page so we added a Threshold limit. 'Bad words' can be found on your website but as soon as the threshold limit has been reached, the email will be sent. By default the Threshold limit is set to 5.

Plugin - Authentication - OHS Login

This plugin replaces Joomla!'s authentication plugin and allows us to manage logins within your website. We created this plugin and the corresponding extensions parameters so that we can block hackers from trying to login to your website. Hackers try hundreds if not thousands of different usernames and password to try and find one that works, as standard Joomla! lets them keep trying. This plugin blocks their access when they have trued X amount of attempts - the value is configurable via the Global Configuration tab within OHSecurity. This plugin is only available within the Professional release of OHSecurity.

Administrator Module - OHSecurity Statistics

This module displays a number of statistics within the Joomla! administrator area, along with a couple of 'quick links' that will take you to certain aspects of OHSecurity.

WordPress

OHSecurity - 0.6.0

  • Initial implementation of the Configuration screen
  • 'DomainCrawler' bot added to Bad Bots
  • 'MegaIndex' bot added to Bad Bots
  • Fixed the email sending when an IP address is blocked
  • Revamped the settings page - making sure that the settings will now save correctly
  • Updated the links that display when OHSecurity is in Test Mode
  • Changes to the underlying code

OHSecurity - 0.5.0

  • Initial release of OHSecurity for WordPress

Joomla! 3.x

OHSecurity - 1.1.0

  • PRO - 'Nimbostratus-Bot' bot added to Bad Bots
  • PRO - [EMPTY] user agent added to Bad Bots
  • PRO - 'SEMrushBot' bot added to Bad Bots
  • PRO - 'Python-urllib' bot added to Bad Bots
  • PRO - 'Qwantify' bot added to Bad Bots
  • CORE and PRO - 'DomainCrawler' bot added to Bad Bots
  • CORE and PRO - 'MegaIndex' bot added to Bad Bots
  • Additional weak passwords added to the 'Weak Password Checker'
  • Corrected the update server for OHSecurity CORE
  • Database Table Prefix Changer and Password Protect Administrator Folder icons no longer show for Core version
  • Changed a number of URLs within OHSecurity to point to the correct page on https://www.orangehatstuidos.com/
  • Re-ordered the Bad Bots section within Global Configuration so the CORE bots are at the top rather than ordered alphabetically

OHSecurity - 1.0.1

  • SQL Injection attempts weren't being recorded as blocked

OHSecurity - 1.0.0

  • Initial release of OHSecurity 1.0.0 - FORKED from DMC Firewall 1.4.0

OHSecurity - 1.1.0

  • PRO - 'Nimbostratus-Bot' bot added to Bad Bots
  • PRO - [EMPTY] user agent added to Bad Bots
  • PRO - 'SEMrushBot' bot added to Bad Bots
  • PRO - 'Python-urllib' bot added to Bad Bots
  • PRO - 'Qwantify' bot added to Bad Bots
  • CORE and PRO - 'DomainCrawler' bot added to Bad Bots
  • CORE and PRO - 'MegaIndex' bot added to Bad Bots
  • Additional weak passwords added to the 'Weak Password Checker'
  • Corrected the update server for OHSecurity CORE
  • Database Table Prefix Changer and Password Protect Administrator Folder icons no longer show for Core version
  • Changed a number of URLs within OHSecurity to point to the correct page on https://www.orangehatstuidos.com/
  • Re-ordered the Bad Bots section within Global Configuration so the CORE bots are at the top rather than ordered alphabetically

OHSecurity - 1.0.1

  • SQL Injection attempts weren't being recorded as blocked

OHSecurity - 1.0.0

  • Initial release of OHSecurity 1.0.0 - FORKED from DMC Firewall 1.4.0