We recently installed the Sitesassure Security Suite on one of our service companies websites. This joomla website has been secured by RSFIREWALL for years, a software firewall which we recommended and have installed on every joomla site worked on. It has been extremely effective over the years in preventing attacks and intrusions from success compromising websites.
This week we installed the Sitesassure Security Suite and found out what is really going on with this website. We found malicious activity against our website that RSFIREWALL had never detected or reported. It looks like our site was surviving on barrowed time.
The report identified the attackers IP and immediate blocked the ip on the firewall. Other firewalls may identify the IP of the attacker, but you have to manually add the IP to the blacklist. This step was all completed automatically.
But look at the email notification from the firewall
Attack Type: Cross-site scripting,Cross-site request forgery,Directory Traversal,Layer 2 Intrusion,Local File Inclusion,Remote File Inclusion,SQL Injection
Violation: POST.");_?>set_time_limit(0); $ip_ changed from '220.127.116.11' " to '18.104.22.168' "
This is not just some drive-by automated attack. Tis was not a simple injection. This attack violated many rules and the firewall not only prevented the attack from being successful, but blocked it and reported the attack in detail AND IN REAL TIME. We did not get a report from RSFIREWALL or from SITELOCK on this attack. Neither of these popular services detected or reported a single incident related to this attack.
How long has this been going on? When under the watch of SLITELOCK and RSFIREWALL services did anything ever get through undetected? We dont know. We are running the integrated clam-AV antivirus program which will find and report if it finds anything. Not only that but it will tell us what fies are infected and give us the option to backup the infected files so we can clean, quarantine and/or deleted the infected file withour breaking the website.
Thanks to Siteassure, we can enjoy our New Years celebration with no worries, and we are assured of our websites integrity.