Dean Marshall Consulting announce the release of 'Hacker Beware' a low cost Joomla intrusion detection system that hardens the security of a Joomla powered site in three ways:

1. Improved Anti-Hacking Handling

Building on the increased security built into the .htaccess file of recent Joomla releases 'Hacker Beware' increases the security of Joomla in three respects:

a) Increased awareness:

By default Joomla doesn't implement the security features. recently implemented. The user either enables them manually - or gets the security by 'accident' when they enable Search Engine Friendly urls and rename 'htaccess.txt' to '.htaccess'. As a minimum I hope that my raising of this matter will highlight the need to rename the htaccess.txt file to .htaccess even where Search engine friendly urls are not used - for increased security.

b) One strike and you're out:

With Hacker Beware! installed - as soon as a hacking attempt is detected that IP address is banned from the site FULL STOP. That user / hacker / prober can no longer access ANY page from the site.  The hacker has to be 'successful' on the first attempt or move along.

This contrasts with the default behaviour of Joomla (once the standard security measure is in place) is to only block a recognised hack attempt - the hacker is still allowed to request more pages from the site. This means the hacker can continue to probe until he finds a way in.

Joomla's security detects hacking attempts by known methods and where detected that request is denied - technically it is Forbidden. The hacker - or automated hacking script - then repeatedly tries another method probing for weaknesses. The fact that one hack attempt has been received does NOT prevent the hacker from continuing to probe the site.

c) Administrator notification:

Additionally, the script notifies the site administrator each time a potential exploiter is added to the list of banned IP Addresses. An e-mail is despatched with details of the reason the IP address was banned. This has the obvious benefit of letting the administrator know about the incident and reducing (although by no means eliminating) the need to scan through server log files.

2. Blocking Site Rippers

In addition to these Joomla hack attempts the 'Hacker Beware!' script also offers two other forms of protection for the website.
The script also detects, and blocks, site rippers - automated scripts which attempt to download your entire site.

3. Introducing Robots.txt Abuse Detection

'Hacker Beware!' will also watch out for suspicious behaviour such as attempts to access folders specifically excluded in the robots.txt file. Some malicious users and scripts look at the robots.txt file for folders that they *should* stay out of and then make a beeline straight to those folders. Hacker Beware will catch this behaviour and ban the IP address of the offender.