I've been checking out the RSfirewall demo on the site, and I have a few questions:

-- The active scanner will check for sql injections, xxs, directory traversals, etc., but what happens when it finds something like that? I gather that the admin gets sent a notification email, but what does RSfirewall do-- I'm assuming it blocks the attempt, but does it ban the IP, blacklist the IP, or anything similar? Is there anything that happens proactively other than blocking the attempt and emailing a notification?

-- Is there a way to set the number of backend login attempts, and/or the time interval between login attempts? And if so, would the IP address be banned or blacklisted? (I just discovered a feature request for this, so I'm assuming that this is in the works for a future version)

-- Also, and perhaps most importantly, I'd be interested in hearing from current RSfirewall users why they chose this product over others, for example, over OSE Php Anti-hacker. I need to justify my choice to my bosses, so I need some ammunition, one way or the other.

Thanks,

-Tashe-

Hello,

- Upon detecting a threat a message is displayed, blocking the page from being loaded, entry in the logs and of course a message to the configured administrator is sent.

- An additional password can be configured along with a white list (the password will not be enabled for those ip addresses). You can also set a number of maximum log in attempts. If after x atempts the log in fails a captcha image is being added to the log in form.

Hi Alex,

Thanks for your reply. I have another question that I forgot to ask: when RSfirewall does a file integrity check does it compare the Joomla core files against a known set of good files, or does it take your current system state as the baseline and use that baseline to compare against for any future changes? The reason I'm asking is that I have a couple of core files that I've modified for various reasons: for example, I've changed the default login message to a more detailed version and I've removed the 'forgot your password/reset your password', etc texts and links (because we only have one user name and password to log into a subscriber area, and if people need that combination again I've put a contact email on the login page for them to request it).

If RSfirewall does flag core files when I've changed them, is there a way to whitelist the files that I've changed?

Thanks again-- glad to see your forum is back up-- no more ">" problems.

--Tashe--

Hello,

It basically compares your files with the calculated hashes of the standard Joomla files. If you have modified some files intentionally you can set RSfirewall! to accept the change so this will not affect your security grade.

Hi Alex,

That's just what I was hoping you'd say.