Open Source Excellence Anti‐Hacker Joomla Component User Manual 

OSE Anti-Hacker Joomla Component

User Manual
Version: 2.0 Build 211209

Released Date: 21-Dec-2009

Manual Date: 21-Dec-2009

Author: OSE Security Team. security@opensource-excellence.co.uk

Copyright: Reproduction and redistribution of the document is disallowed without the

consent of the author.

Notes:

The OSE Security software series is an Open Source software series developed by Open
Source Excellence Team.

Licence: GPL V2, you can install it into UNLIMITED websites FOREVER! No License
Restrictions! No more IONCUBE!

After you buy the software, you can use it FOREVER (INDEFINITELY)

You can download all upgrades within 1 year.

You can receive our support within 1 year.

1
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

Table of Contents
1 Introduction ..................................................................................................................................... 3
1.1 What’s It? ................................................................................................................................ 3
1.2 Contents in the Package.......................................................................................................... 4
1.3 Software Download and Support ............................................................................................ 5
2 Installation....................................................................................................................................... 5
2.1 Upgrade from a Previous Version .......................................................................................... 5
2.2 Fresh Installation .................................................................................................................... 6
3 Configuration .................................................................................................................................. 7
3.1 Basic Parameters .................................................................................................................... 7
3.2 File and System Audit ............................................................................................................. 9
4 Activation and Test ....................................................................................................................... 11
5 Whitelisting Strings and Form Fields ........................................................................................... 13
5.1 How to Whitelist a Program? ............................................................................................... 13
5.2 How to Whitelist a Form Field? ........................................................................................... 15
6 Frequently Asked Questions ......................................................................................................... 16
6.1 Anti-Hacker FAQs: Which way is better to activate the Anti-Hacker? ................................ 16
6.2 Anti-Hacker FAQs: What if having difficulties in Activating Anti-Hacker? ......................... 16
6.3 Anti-Hacker FAQs: How to Whitelist a program? ............................................................... 17
6.4 Anti-Hacker FAQs: How to Whitelist a form field? .............................................................. 17
6.5 Anti-Hacker FAQs: How to customize the blocking message on the ban Page .................... 17
6.6 Anti-Hacker FAQs: How to Update the Signature? ............................................................. 18
6.7 Anti-Hacker FAQs: What if my user account is blocked? .................................................... 19
6.8 Anti-Hacker FAQs: What if my IP is banned? ...................................................................... 20
6.9 Anti-Hacker FAQs: How to set a password to protect a folder with .htaccess?................... 21
6.10 Anti-Hacker FAQs: How to disable insecure functions for PHP environment? ................... 23

2
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

1 Introduction

1.1 What’s It?

The Open Source Excellence Anti-Hacker Joomla Component is a Joomla extension

which provides an advanced protection for the Joomla websites, being able to secure you
private data, protect your system files from malicious codes and hacking attacks, and it clean
virus and infected files. It can be installed as a component on your Joomla website or on the
platform of our OSE Virus Scanner.

It’s suitable for all kinds of websites, including online stores, small business, personal
websites, public institutes, etc developed with the Joomla system. It’s easy to use and has
very friendly interface for you to customize for your own demands. The application is
competent to perform an advanced protection for your Joomla system. Further, it can also
protect ALL OTHER PHP systems (for instance Joomla, VirtueMart, Magento, Drupal and
WordPress, etc) on the same server.

The major technical features include:

¾ Double Firewall system providing Three Layers of protection:

Layer 1: Signature-based Detection System - detecting most common hacking behaviours.

a) Surface Scanning, once hacking behaviour is found, the activity and corresponding IP will
be banned immediately.

Layer 2: Pattern-based Instruction Detection Systems - blocking all inbound malicious codes
and hacking activities, including network-, application-, and operating system-level attacks.

b) Scans and monitors all URL, Form Fields, Cookies values.

c) If hacking is found and the Risk Score exceed the secure level, the IP will be banned
immediately.

d) If Suspicious Hacking behaviour is found for Form Fields and Cookies hacking, the
hacking strings in the Form / Cookies value will be stripped and sanitized.

Layer 3: HTTP BlackList System - dynamically linking to a HTTP blacklist database and
blocking access based on network masks or IP addresses.

3
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

e) Scans users' IPs, once the IP address is located in the HTTP blacklist, the access will be
blocked immediately.

¾ Two Types of reactions:

a) Ban + Email Alert: If the hacking triggers Layer 1 protection or exceed the Risk Score in
Layer 2 protection, the IP will be blocked, and the alert email will be sent to the administrator.

b) Log + Email Alert: If the Risk Score of the suspicious behaviour is lower than the global
setting, the IP will be blocked for monitoring purpose, and the alert email will be sent to the
administrator.

¾ Embedded OSE Virus Scanner application providing on-demand scanning of your source
codes for malicious codes injections, cleaning of the malicious codes from the infected
files, and generating complete scanning reports.
¾ Form Field Filtering Enabled - allowing users to filter the content of the form fields in
order to prevent XSS attacks.
¾ Whitelist Setting Enabled – Unlike other security software which only provides IP
whitelist function, OSE PHP Anti-Hacker also provides the whitelist function for your
programs and form fields, so that it gives you the flexibility to user a wide range of
software while maintaining a high level of protections.
¾ Supports for Search Engine Optimized Websites – providing protection while
maintaining your page ranking.
¾ Instant emails alerts to administrators once suspicious hacking behavior is logged.

1.2 Contents in the Package

The package includes the following components and files:

¾ Anti-Hacker component – managing blacklist and whitelist IPs, whitelist strings and form
fields list.
¾ OSE Update Manager – A component which helps you update the latest signature for the
Anti-Hacker. It does not only work with the Anti-Hacker, but it also supports the update
for all OSE series products.
¾ System Guard – A set of tools to help you change your system setting. It also includes a
file audit system to audit files in the system of the OSE Anti-Hacker Joomla Component
platform.
¾ Anti-Hacker Signiture.
4
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

1.3 Software Download and Support

Please find the OSE Anti-Hacker Joomla Component on our OSE

website: http://www.opensource-
excellence.co.uk/index.php?page=shop.product_details&flypage=flypage_new.tpl&product_i
d=9&category_id=6&option=com_virtuemart&Itemid=157.

After you purchase the product, you can check and download the latest upgrade on our
OSE website in your “Download Area” after login at: http://www.opensource-
excellence.co.uk/index.php?option=com_osemsc&view=member&Itemid=145.

If you have questions regarding installation, configuration, or usage, please go to our

ticket system to raise a question: http://www.opensource-excellence.co.uk/tickets.

2 Installation

If you have a previous version of the OSE Anti-Hacker Joomla Component installed and
you intend to upgrade it to the latest version, please only read section 2.1 and then use the
Anti-Hacker Joomla Component as before. If you are a new user and going to make a fresh
installation, please read all the contents from section 2.2.

2.1 Upgrade from a Previous Version

1. Uninstalling previous components and plug-ins from the backend

Login to your Joomla website Back-end, and uninstall the Anti-Hacker component.

2. Installing new components and plug-ins

Go to the Joomla website Back-end, and install the new version of the Anti-Hacker. You
might get more details about the installation in Section 2.2 if the latest release is changed a bit
from previous versions.

3. Testing

After finishing all above, please test if the update is successful by entering the following
link: www.yoursite.com/index.php?%20union.

5
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

2.2 Fresh Installation

For Installing the Joomla Component Version of the Open Source PHP Anti-Hacker, what
you need to do are the following two steps:

Note:

If you have installed Redirect Failed Login

(http://extensions.joomla.org/extensions/6495/details)

AND/OR

If you have installed jSecure Authentication

(http://extensions.joomla.org/extensions/5809/details)

Please uninstall these plugins before you install the Anti-Hacker plugin.

Let's start now:

1. Install the component "com_anti_hackerX_build (X may vary for different versions)",

“OSE Updater Manager” and “System Guard”, separately.

Notes:

¾ com_anti_hacker manages the Blacklist and Whitelist IPs, Whitelist Strings, and Form
Fields that required to be filtered.
¾ Please ensure the proper folders are writable before the installation. The folder is
“Joomla Root/administrator/”.

2. After installing all the three components listed above, please update the latest signature via
the OSE Update Manager.

6
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

Select the “Signature” file in the package to install under the Update Manager Panel. After
installing it, you will find it in the installation list under the operation section at the bottom of
the screen. Click “install”.

Then tick the Signature to install. That’s it.

After installing the Anti-Hacker, please read the following Section Configuration.

3 Configuration

After installation, you need properly configure the OSE Anti-Hacker Joomla Component
before activating it to work.

3.1 Basic Parameters

Go to the component and the plug-in manager to configure the Anti-Hacker function
before the first time use.

1. Configuring Security Level of the Anti-hacker.

7
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

The Anti-Hacker Component introduces a 3-Layer protection system and a risk score policy.

A. Layer 1 Protection

The Layer 1 protection is on by default and any activity violating the Layer 1 rules will
be 100% blocked.

B. Layer 2 Protection

Under the Layer 2 protection, all violations will be scored from 1 to 100 according the
potential harm level, based on which the Anti-hacker decides whether block them. The
violation with a higher risk score is more likely to be a real hacking attack and that with a
very low risk score has a high possibility to be a FALSE POSITIVE.

The Anti-Hacker function sets layer 2 protection off by default and it allows you to
switch it on and configure the appropriate security level which is suitable to your websites by
doing the following:

Please access the "Dash Board" of Anti-Hacker component (by going to the Joomla
Backend --> Components --> Anti-Hacker), open the Parameters on your top right corner,
adjust the Security Level.

The security level of Layer 2 protection is optional from Level 1 to Level 10. A higher
security level indicates a stricter protection level. For Level n, the software will block all
violations with risk scores above (100-10*n). For instance, if you set the security level as 8, it
will block violations with scores larger than 20 and those under 20 will be only logged and
altered by emails, but won't be blocked. Your websites can get a full protection by setting the
security level to Level 10, at which all suspicions blocked.

8
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

We recommend you to set the Lay 2 protection to Level 7, which can protect your
websites very well and at the same time reduces the possibility of FALSE POSITIVE to a
quite low level. However, you can set the security level to any value to match your needs.
You may inspect the alert list over a period and find out the optimal level for your websites.

C. Layer 3 Protection

As shown in the above picture, you can configure the Lay 3 (HTTP BL) protection via
the same "Parameter" button. You can opt to turn on the Layer 3 protection by ticking "Yes"
and go to http://www.projecthoneypot.org/create_account.php to apply a HTTP: black list
key.

2. Next, we need to know how to whitelist a program and whitelist a form field, and then
whitelist proper strings and form fields to make the Anti-Hacker compatible with your
websites. This is one important feature of our Anti-Hacker, which allows you to have the
flexibility to use the Anti-Hacker function on any PHP platform. Please read section 5
Whitelisting programs and form fields on the following topics:

a) How to Whitelist a Program?

b) How to Whitelist a Form Field?

3.2 File and System Audit

This section introduces how to do the file and system audit using the System Guard
provided with the Anti-Hacker Joomla Component. This includes:

¾ Files permissions audit;

¾ System Configuration audit:
• Ensuring you are using a non-default administrator username,
• Set passwords to protect your administrator folder,
• Ensuring the configuration.php file is not writable.

In order to achieve this, we borrow functions from a popular Joomla component -

GuardXT (this can be downloaded for free from: http://www.joomlaxt.com/).

Step 1. Audit your files permissions

The System Guard (a modified version of GuardXT) has been installed, and the files of
the Joomla system have been audited by default. However, ALL of your other websites if

9
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

based on a Joomla system are RECOMMENDED to INSTALL this tool to audit your files as
well.

Step 2. System Configuration Audit

After completing the file permissions checks, we can go to Joomla Component Æ

“System Guard” to load it and now we need to do the following steps:

Step 2.1: Ensuring you are using a non-default administrator username

Change the default administrator's username if the super administrator's user name
"admin" is still being used by clicking the Change Now link in System Guard in the Default
admin user active row.

Step 2.2: Set a password to protect the administrator

You can follow the instruction in FAQs to setup a password, Anti-Hacker FAQs: How
do I set a new password to protect a folder with .htaccess?

Or go to your WEB HOSTING account control panel, check with your web hosting
company to see how you can SET A PASSWORD TO PROTECGT A DIRECTORY, then
set a password to protect the whole Joomla Administrator folder. For example, if your Joomla
is installed in the folder called "home/XXXX/htdocs/JoomlaWebsite", please set a password
to protect this folder.

Step 2.3: Change the permission of the configuration file

Simply click the "Change Now" in the "Joomla Server Configuration Check" Section in
System Guard, and it will help you to change the permission of the configuration.php to be
un-writable.

Please note: If you use the recommended php.ini in System Guard, please note one thing
that you may not be able to install further plug-ins if you enable the "open_basedir" in php.ini.
If you would like to install further plug-ins, please temporarily remove that line in the php.ini,
and once you finish installing new plug-ins, add that line back to the php.ini.

We also recommend you to disable insecure functions for PHP environment. Please view
how to do it in the FAQs: How to disable insecure functions for PHP environment?

10
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

4 Activation and Test

There are three methods to activate the Anti-Hacker function. Before you perform one of
the activation methods, please notice: replace "/absolute_path_to_antihacker/" with the
absolute path of the Anti-Hacker Joomla Component in the following text of this section. The
path should be the admin folder under the root folder of your Joomla website, e.g.
"/public_html/JoomlaWebsite/administrator/".

Please go to Components --> System Guard --> Version Checks, it lists the lines for you
to add to activate the Anti-Hacker. You can directly add the codes to the corresponding file to
activate the Anti-Hacker.

Please use one of the following methods and we would suggest you to choose to use php.ini
or .htaccess to activate the anti-hacker in order to have a server-wide protection.

A. Via the php.ini file

Activate the Anti-Hacker through php.ini: you can add the following line to the php.ini
file, and copy the php.ini file to the folder or system that you would like to protect:

auto_prepend_file=/absolute_path_to_antihacker/administrator/scan.php

B. Via the .htaccess file

If you are using Apache 1 and you want to use .htaccess to run anti-hacker, you can add
the following line to the .htaccess file, and copy the .htaccess file to the folder or system that
you would like to protect:

php_value auto_prepend_file "/absolute_path_to_antihacker/administrator/scan.php"

If you could not activate it through the above methods (even after reading the FAQs,
Anti-Hacker FAQs: What if having difficulties in Activating Anti-Hacker?), please consult
your hosting company with regard to how to enable the auto_prepend function to activate it
through .htaccess or php.ini, because this will maximize the protection on your websites.

11
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

While you are waiting for the hosting company to sort out the above problem, you can
use the following method to activate the anti hacker temporarily:

C. Via the index.php file

In the Root folder of the system that you would like to protect, open the index.php, enter the
following code in the first line:

<?php require_once("absolute_path_to_antihacker/administrator/scan.php");

After doing one of these activations, we can go to test the Anti-Hacker function. You can
test it using the url:

www.yoursite.com/index.php?%20union

Then you will be blocked. The screenshot of what your clients will see is as below. You
can customize the blocking message by the "Custom BanPage" function of the Anti-Hacker.

However, when you successfully login to the backend, sometimes you will find that
there is no IP being locked! Why???

That is because our plug-in may change the IP status from "hacking IP" to "suspicious
IP" if you can successfully enter into the back end. Then when you successfully enter the
Administrator login information, your IP would be removed from the blacklist automatically.
Therefore, in that case, you cannot find any blacklist IPs in the backend.

If you would like to know the changes of the IP status, you can log into the phpmyadmin
and see how it changes, and also after you login to the backend successfully.

If the Anti-Hacker doesn't return the expected result meaning the activation is not
successful, please real the FAQs, Anti-Hacker FAQs: What if having difficulties in
Activating Anti-Hacker?

12
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

5 Whitelisting Strings and Form Fields

Since the OSE Anti-Hacker Joomla Component is only set to allow some basic Joomla
components and programs by default, it only has a basic list of whitelist programs. You may
need to define more to make it compatible with your specific systems, websites, and
programs. This section introduces how to add more allowed-to-access strings and form fields.

5.1 How to Whitelist a Program?

Although we have a long list of backlist strings in the signature data file, sometimes it
would be possible for the anti-hacker to report false positives. So what shall we do? Here is
the instruction to help you add a program to the whitelist.

WHITELISTING Request Fields and Cookies

We bring in a stronger protection which blocks all Request values and cookies between
your browser and the Anti-Hacker.

Example 1

When you encounter false positives like the following:

REQUEST.RokMiniNews={\"0\":{\"active\":5,\"element\":\"section-5\"},\"1\"}

where the violation is

Rule:
[(?:([ws]+([ws]+)[ws]+))|(?:(?<!(?:mozilla/d.ds))([^)[]+[[^]]+][^)]*))|(?:[^s!][{([][^({[]+[{([][^}])]+[}])][
s+",d]*[}])])|(?:")?]W*[)|(?:=s*[^s:;]+s*[{([][^}])]+[}])];)] [Detects self-executing JavaScript functions].

If you believe this is a FALSE POSITIVE (false alarm), please add the following strings
in the Whitelist Strings ONE BY ONE (generally the string before the “=” mark):

REQUEST.RokMiniNews

GET.RokMiniNews

POST.RokMiniNews

COOKIE.RokMiniNews

This will help you whitelist this program, so that the Anti-Hacker scanner will ignore
these strings in the future.

Example 2

13
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

For example, if you use sermon manager software, you might receive the following
errors:

Query String: option=com_sermon&task=playaudiofile&file=http://s3.aaa.com/v_81_20090315%20-%20hp

co .mp3&sermonid=67

Violation: Injection - [file=]

Anti-Hacker reports that this IP tries to hack your site using the "file=" command.
However, you are sure that this is an error. Now you can add the following link to the
Whitelist Strings in the Anti-Hakcer by clicking "New" button on the Anti-Hacker -> White
List String menu:

task=playaudiofile

playaudiofile

After this, the anti-hacker will recognize the string as a whitelist string and will not
report the error to you any longer.

Example 3

For Virtuemart users, this is the Whitelis. Please enter each line to the White List String
ONE BY ONE. For example, you should create a new whitelist string, enter
"pshop_mode=admin" into the form and save. Then Create a new whitelist string

14
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

"/themes/default" and save, then move to the next one. After you finish adding the following
whitelist strings, you should have 5 new whitelist strings in the White List String list.

pshop_mode=admin

/themes/default

filename=resized

wz_tooltip.js

product_attributes.js

5.2 How to Whitelist a Form Field?

In order to maximize the protection, the Anti-Hacker will scan and filter content of all
form fields for suspicious hacking behaviours. Therefore, if you would like to NOT scan or
filter some form fields, you need to add the corresponding name of the form field in the
White List Form Fields list.

You may simply need to add the name of the form field into the Whitelist Form Field
List in order to ignore scanning the content of this form field. For example, the name of the
filed text in the contact form is called "text", and then you could add "text" in one form field
as follows:

Then save the record, the anti-hacker will NOT filter the content of this form field to see
whether that there is suspicious hacking behaviour. Please note that when sometimes the
scanner reports FALSE POSITIVES alerts, this function allows you to have more flexibility
in Anti-hacker filter rules to fit your Joomla system.

15
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

6 Frequently Asked Questions

6.1 Anti-Hacker FAQs: Which way is better to activate the Anti-Hacker?

There are three ways that you can activate the Anti-Hacker: 1. Index.php; 2. .htaccess;
and 3. php.ini. Which one is better?

We recommend php.ini and .htaccess, because this will protect all PHP programs on
your website. There are usually two modes for a server that runs PHP programs, a) fast-cig
and b) as an Apache module.

For websites running PHP as the apache module, you can use .htaccess to activate the
Anti-Hacker. However, sometimes your hosting company runs it as the fast-cgi mode, and
then if you activate it as .htaccess, you will find the 500 Internal Server Error. In this case,
you have to use the php.ini to activate the anti-hacker.

One more situation is that, your hosting company is running both php4 and php5 in fast-
cgi mode, and in this case, usually you will need to use php5.ini to activate the anti-hacker.

These are all related to how the hosting company setup their server and PHP programs,
and we try to provide both methods to all our clients in order to help you activate it. Read
more in Section 6.2 if you have trouble in activating the Anti-Hacker.

6.2 Anti-Hacker FAQs: What if having difficulties in Activating Anti-Hacker?

If you have trouble in activating the Anti-Hacker using all the ways, please try the
follows.

1. Check the PHP version of your hosting account. The Anti-Hacker is only supported by
PHP5. So please make sure your system is running PHP5.

2. Check if the Anti-Hacker Function program is working by directly opening the url
yourwebsite/administrator/scan.php?%20union (please change yourwensite to the proper
installation path). If you get the blocking message, which means the installation is proper and
the program is running, and the problem is only related to activation.

3. Create a php5.ini file under the root folder, and please add the following codes in:
;;;;;;;;;;;;;;;;;;;;;;;
; PREPEND ANTI HACKER ;
;;;;;;;;;;;;;;;;;;;;;;;
register_globals = off

16
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

safe_mode = off
allow_url_fopen = off
display_errors = off;
disable_functions
=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source;

;; The following needs to be changed according to the server setting (please check the System Guard to achieve
them);
open_basedir = yoursite/public_html:yoursite/public_html/tmp:yoursite/public_html/logs:/tmp
auto_prepend_file = yoursite/public_html/administrator/scan.php
;;;;;;;;;;;;;;;;;;;;;;;

4. Also copy a php5.ini file to the administrator folder, and only change the line
"auto_preappend_file=******/scan.php" to " "auto_preappend_file=" (so that there is no
files pre appending in all php files in the administrator folder).

5. If the above way doesn't work, try the other two ways, .htaccess and index.php as in
Section 4, again.

6. If the Anti-Hacker still cannot be activated, please confirm to your hosting service that the
auto_preappend function is enabled.

7. Please contact use via our support desk if the problem persists with trying all the ways.

6.3 Anti-Hacker FAQs: How to Whitelist a program?

Please read Section 5.1.

6.4 Anti-Hacker FAQs: How to Whitelist a form field?

Please read Section 5.2.

6.5 Anti-Hacker FAQs: How to customize the blocking message on the ban Page

You are allowed to customize the blocking message on the Ban Page which your clients
will see when they are suspected to make suspicious activities. You can edit the message via
the "Custom BanPage" button in the main menu of Anti-Hacker.

17
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

6.6 Anti-Hacker FAQs: How to Update the Signature?

The signature can be updated via our UpdateMan component. Please go to our website
Æ My Downloads Menu to download the latest signature file.

First, install the UpdateMan component in the SignatureUpdate Package/Update

Manager package at ExtensionsÆInstall/Uninstall. Then go to the UpdateManager
component at Components/OSE UPMan. Upload the Signature file in the package.

After this, you can find the signature package will be listed out at the bottom of the page.
Select it to install and follow the screen tips to finish the update.

Finally, you can go to System Guard to check the current Signature version of the system.

18
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

6.7 Anti-Hacker FAQs: What if my user account is blocked?

If you or someone try to login with your admin account with more than the number of
attempts that you set in the Open Source Excellence Authentication plugin, your admin
account will be blocked. You will see the following screen the first time of the failed login
(assuming that you set the maximum attempts to be 3):

When you have tried more than 3 times, your account will be blocked and you will see
the following:

If you would like to unlock your account, you need to go to your database management
tool, for example, phpmyadmin, to unlock your account. Go to the jos_users table, and
change the value of "block" of that account FROM 1 TO 0 as presented in the following
screenshot:

19
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

6.8 Anti-Hacker FAQs: What if my IP is banned?

If you are an administrator of the website, but you are banned, what should you do?

1. Temporarily remove the following lines in the corresponding files depending on which
way you used to activate the Anti-Hacker function:

A) require_once ('/absolute_path_to_antihacker/scan.php'); from the index.php

B) auto_prepend_file=/absolute_path_to_antihacker/scan.php from php.ini

C) php_value auto_prepend_file "/absolute_path_to_antihacker/scan.php" from .htaccess

20
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

Then login the Joomla back-end to remove your IP from the blacklist of Anti-Hacker or
whitelist it.

OR

2. If you have PHPMyadmin or any database management tools, you can find the table
"jos_anti_hacker_iptable", and remove your IP from the table. That will help you gain the
access back to the backend.

6.9 Anti-Hacker FAQs: How to set a password to protect a folder with .htaccess?

You could easily create it using the System guard.

Please go to System Guard (originally the GuardXT component), and click the Start
wizard in the Joomla Server Configuration Check Section:

21
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

In the wizard, please enter the username, password, and the path you would like to store
your .htpasswd file. For instance, you may set them as follows:

username: testinguser password: testinguser

path to store .htpasswd: /home/youraccount/.htpasswd/admin/

22
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

After you click the Create button, you will see the following page. Please note that after
clicking the Create button, the password has been create, therefore, you don't need to copy
codes to .htaccess and .htpasswd files (shown under "Your Password has been created").

The password will be created and you will be asking for the user name or password you
just setup.

6.10 Anti-Hacker FAQs: How to disable insecure functions for PHP environment?

In order to enhance the security of your Joomla website, we recommend you to disable
some insecure functions for the PHP environment.

Please disable these functions using any of below methods by adding the following
codes into the corresponding file.

In the .htaccess:
php_value disable_functions"exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

Or in the php.ini:
disable_functions="exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source"

23
 
Open Source Excellence Anti‐Hacker Joomla Component User Manual 

Thank You!

Hope You Enjoy the Software.

24