As a follow up to the RSFirewall! released last week, we released 2.9.4 version. Website security won't be an issue during the Holiday Season thanks to the new and the enhanced RSFirewall! security features.
New Features
- Session Handler
By default, all new Joomla! installations have the Session Handler set as 'Database'. The session consists of non-persistent cookies that hold information about the visitor (for example, if he's logged in or not). However, in light of the remote code execution vulnerability discovered in all versions of Joomla! prior to 3.4.6, we recommend setting the Session Handler to 'None' and let PHP handle it. You and your visitors will not see any difference, nor is there any long term benefit of keeping the session inside your database.
When a System Check is performed, RSFirewall! will verify your Session Handler and if it is set to Database, then an error will be issued within the “Joomla! Configuration” section.
- Grab IP from Proxy servers
Some servers are behind a firewall or a proxy and will not provide the correct IP. The new version of RSFirewall! will help you grab the real IP by checking the headers configured in the “Grab IP from Proxy servers” and block it using the Blacklist/Whitelist feature.
We have also released a few touch ups and fixes to keep our extension in ship shape as always.
Various improvements and fixes
- Session injection protection did not automatically blacklist IPs.
- Language strings in the mod_rsfirewall module were not loaded if the System Plugin was disabled.
- In some cases, the System Check would write a log even if the option was disabled.
- Converting email addresses to images did not work with new (long) domain extensions.
- Converting email addresses to images displayed a PHP Notice in some cases.
Earlier this week another important Joomla! announcement was made, releasing a security patch for hardening the reset user password system, that works efficiently for all versions of Joomla! and PHP variations. To learn more about this, read the Important Security Announcement - Patch Available Soon.
Our advice is to keep your Joomla! CMS and RSFirewall! security extension up to date.
Keep your sites updated! Stay safe!
Christmas discount: You can purchase RSFirewall! or any of our extensions/templates with 20% discount.