Hacker Beware - Joomla Security Script - ToDo and Future Development

Like all scripts 'Hacker Beware!' is to some extent a work in progress. Security related scripts have to be extra careful to ensure that the script intended to protect the Joomla site does not in fact introduce new vulnerabilities. Scripts that are security related (as this one is), and scripts that are made by interested amateurs (as this one is) need to be even more cautious.

With this in mind I have identified the need to have the code reviewed by someone who is more qualified than myself to judge the likelihood of my making a mistake and introducing vulnerabilities into someone's site. Whilst I am not altogether inexperienced in programming - I recognise that I am but an amateur and that it is wise to seek input from those better qualified to judge my work.

With that said - here is my list of issues for investigation and also ideas for future development:

Hacker Beware! To Do List

1. Get code checked over by a *real* programmer

check for possible security vulnerabilities
Obviously I would hate to be responsible for introducing the possibility of attacks into other people's systems. The idea appears valid and the implementation looks sound (to my untrained eye).

2. Check need to sanitise input.

Input is created / read in from a GET Query string introduced during the .htaccess redirect
A malicious user could directly pass a query string to the hacker_beware script.
What are the implications of this?
The query string is 'printed' to the standard output stream if $debug_this_script is set to 1 (on).

Hacker Beware! Future Development:

1. Investigate automatic host lookup / whois lookup

to obtain 'abuse@' e-mail address and send automatic e-mail to try and get the abuser's account removed/restricted - or at least have the unwitting webmaster of a hacked site alerted that they are being used as a launchpad for such attacks.

2. Investigate possible notification to a central server

Doing so would mean that other Joomla powered sites can block rogue IP addresses BEFORE they have even been probed by the hacker. In effect the hacker makes one attempt on one site and gets blocked from ALL signed up Joomla sites.

This would also allow for monitoring of trends and alert us to any rise in hacking activity.

Thoughts anyone? Does that sound do-able? useful?

Buy Hacker Beware Now

Hacker Beware! is now available for purchase and download through our online store

Buy Now!
Only £10.00

Dean Marshall Consultancy Limited