RSFirewall! Changelog

03 Sep 2024
Version 3.1.3
  • Updated - Improved CIDR matches for IPv6.
  • Updated - Firewall Configuration tab position is now remembered.
  • Fixed - PHP 8.3 improvements.
  • Fixed - Removed unused assets (CSS and images).
18 Apr 2024
Version 3.1.2
  • Fixed - In some cases the generated php.ini contents would overflow the page during the System Check scan.
  • Fixed - Joomla! 5.1 Dark Mode fixes.
  • Fixed - In Joomla! 5.1 a class naming collision resulted in Exceptions not being able to be saved showing a message about valid Regex.
  • Fixed - When using Country Blocking, in some cases the IP's country was cached until a new session was started.
15 Jan 2024
Version 3.1.1
  • Fixed - 'Files that have been modified' table was missing a table-responsive class.
  • Fixed - Emptying the temporary folder would throw an 500 error.
09 Jan 2024
Version 3.1.0
  • Added - Joomla! 5 native compatibility - no longer needs the 'Behaviour - Backward Compatibility' plugin.
  • Added - Joomla! 3 elts hashes support.
  • Updated - RSFirewall! Control Panel module options: 'Show Grade', 'Show Version Check', 'Show Map', 'Show System Logs'.
  • Updated - When specifying an exception with 'Use regular exceptions' set to 'Yes', the regular exception is validated before being saved to avoid errors being thrown.
  • Updated - Grade score computing has been reworked to substract more points if malware is found or Joomla! core files have been modified.
  • Updated - 'Convert email addresses from plain text to images' has been removed as today's AI can easily read images.
  • Updated - 'Attempt to fix PHP Configuration' has been removed as this is a job for the server admin.
  • Updated - System Check now checks if the PHP version is end-of-life.
  • Fixed - Accepting changes on modified files would accept changes for all files, regardless of selection.
23 Oct 2023
Version 3.0.14
  • Updated - Dark Mode in Joomla! 5 was unreadable.
  • Updated - Some Joomla! 5 code improvements.
  • Updated - Removed some old CSS code.
13 Sep 2023
Version 3.0.13
  • Updated - Double extension PHP files are now marked as suspicious in the System Check.
07 Jun 2023
Version 3.0.12
  • Added - Can now perform scans through the RSFirewall! CLI Plugin (Joomla! 4 only).
  • Fixed - In some cases the 'Protect the following users from any changes' feature could throw an SQL error.
17 Feb 2023
Version 3.0.11
  • Updated - API requests are now scanned in Joomla! 4 to prevent the < 4.2.8 vulnerability.
  • Updated - Malware database updated.
  • Updated - IP address now takes into account the 'Behind Load Balancer' setting from Global Configuration.
  • Updated - Bumped minimum requirements to use Joomla! 3.9.0+
  • Fixed - Captcha rendering on PHP 8.1+ could throw some deprecated notices.
  • Fixed - Country Blocking on PHP 8.1+ could throw some deprecated notices.
09 Nov 2022
Version 3.0.10
  • Fixed - Some PHP 8.1 compatibility issues have been resolved.
  • Fixed - If the component tables are missing the System Plugin no longer throws an error.
25 May 2022
Version 3.0.9
  • Fixed - Backend Captcha was throwing an error due to changes in Joomla! 4.1.4.
12 May 2022
Version 3.0.8
  • Fixed - Joomla! 4 CLI was throwing an error when the RSFirewall! System Plugin was published.
21 Jan 2022
Version 3.0.7
  • Fixed - No longer requiring the Backend Password in the Configuration area after enabling it.
  • Fixed - 'Backend Password' was inheriting the Password Options from the Users component.
25 Aug 2021
Version 3.0.6
  • Added - Can download and import Blocklist/Safelist entries.
  • Added - Can download and import Exceptions entries.
  • Updated - Can filter by Country Code in the System Logs area.
  • Updated - Session Handler check has been removed from the System Check.
  • Updated - 'autocomplete=off' on the Captcha and Backend Password inputs.
  • Updated - A few common files have been added to the 'Ignored Hidden Files' by default.
  • Updated - SQL injection protection adjustments.
  • Updated - Various Javascript code improvements.
  • Fixed - Some checkboxes were not showing up correctly.
  • Fixed - PHP 8 could show a warning message when downloading the GeoIP database.
  • Fixed - 'Search Tools' was not staying open when filtering.
27 May 2021
Version 3.0.5
  • Fixed - In some cases protected users where not reverted to their original user groups.
15 Apr 2021
Version 3.0.4
  • Updated - Replaced Google Visualization JS library with Chart.js.
  • Updated - 'Referer' has been replaced with 'Description' in the System Overview's last 5 messages table.
  • Updated - Removed Bootstrap 4 CDN from the 'Backend Password' and 'Forbidden' pages in favor of inline styling.
  • Updated - When emptying the log a confirmation is now required.
12 Apr 2021
Version 3.0.3
  • Updated - PHP 8 compatibility.
  • Updated - Bumped minimum requirements to use PHP 5.4
  • Fixed - 'Pause between retries' was not working correctly.
12 Aug 2020
Version 3.0.2
  • Updated - Replaced references to lists as 'Blocklist' and 'Safelist'.
  • Updated - The System Check can now be run with Xdebug enabled by adjusting the xdebug.max_nesting_level directive.
  • Fixed - Removed some 'Ignored Hidden Files' because some hosting providers block requests containing those names; these have been instead hardcoded in the System Check process.
03 Jul 2020
Version 3.0.1
  • Added - Can specify the CAPTCHA Font Size.
  • Updated - SQL injection will now trigger when attacks are attempted targeting the 'information_schema' table.
  • Fixed - Disabling the RSFirewall! System Plugin would throw an error in the Control Ppanel Module.
  • Fixed - A warning that you are editing a protected user would incorrectly show up on all admins.
29 Jun 2020
Version 3.0.0
  • Added - Joomla! 4.0 compatibility
  • Added - Option to configure the public blacklists for the 'Protect forms from abusive IPs' check.
  • Added - 'Optional Core Folders' can be configured in the 'Firewall Configuration' - 'System Check' tab.
  • Added - 'Ignored Hidden Files' can be configured in the 'Firewall Configuration' - 'System Check' tab.
  • Updated - Bumped minimum requirements to use Joomla! 3.7.0
  • Updated - Code improvements and deprecated functions removed.
  • Updated - Google Charts API updated.
  • Updated - A warning message is now shown when trying to edit a protected user.
  • Updated - The 'Additional Backend Password' login and the 'Blocked' error screens now use Bootstrap 4.0
  • Updated - Permissions have been moved from the 'Firewall Configuration' to the 'Global Configuration' area.
  • Updated - 'Checking if any admin users have weak passwords' has been removed since Joomla! now uses strong hashing algorithms that can't be easily brute forced.
  • Updated - 'Updates' section has been removed since RSFirewall! can be updated through the Joomla! Update Manager for quite some time.
  • Updated - 'RSS Feeds' has been removed since RSFirewall! is not a feed reader and there are plenty of dedicated tools for that.
  • Updated - Filtering results is now updated to use Joomla!'s 'Search Tools' for a more consistent UX.
  • Updated - Reworked some parts of the interface to be consistent across both Joomla! versions.
  • Updated - Removed some old CSS and icons.
  • Updated - Removed support for Microsoft Azure SQL databases.
  • Updated - CAPTCHA now appears at all times (unless IP is whitelisted) if 'Enable CAPTCHA' is set to 'Yes'.
  • Fixed - 'Last run' message was incorrectly showing up after starting the System Check.
  • Fixed - 'Whois' URL was showing up even when not configured.
  • Fixed - In the 'Country Blocking' configuration, the checkboxes from 'Continents' were not consistent with the 'Check All' selections.
  • Fixed - In some cases where translations were missing and the 'System - Language Filter' Plugin was enabled, email alerts were showing as language keys instead of their English fallbacks.
  • Fixed - In some cases uploaded files were not properly scanned for malware.
27 Feb 2020
Version 2.12.5
  • Fixed - The * wildcard can now be used in IPv6 lists.
07 Jan 2020
Version 2.12.4
  • Updated - License key support for downloading the GeoIP Database from MaxMind.
06 Jan 2020
Version 2.12.3
  • Fixed - When the System Plugin was disabled a Fatal Error would occur when trying to empty the log.
09 Dec 2019
Version 2.12.2
  • Updated - SQLI protections improved.
  • Fixed - In some cases false positives were triggered for the RFI protections.
30 Sep 2019
Version 2.12.1
  • Updated - Choose which Google APIs to use during the System Check.
27 Sep 2019
Version 2.12.0
  • Added - Google Web Risk API added as an alternative to the Google Safe Browsing API.
  • Added - Backend Password can now be used as a parameter.
04 Jun 2019
Version 2.11.27
  • Fixed - After disabling the RSFirewall! System Plugin the component was no longer accessible.
21 May 2019
Version 2.11.26
  • Added - Password strength check can now be toggled off from Firewall Configuration - Active Scanner.
  • Updated - Password strength now takes into account the parameters set in Users - Options - Password Options.
  • Updated - Adjusted some checks to not trigger false positives on some files.
  • Updated - System Check now checks if the Backend Password has been enabled.
  • Updated - Removed old Joomla! 2.5 code.
  • Fixed - Additional Backend Password attempts will now lead to an autoban.
23 Jan 2019
Version 2.11.25
  • Fixed - 'Convert email addresses from plain text to images' now only replaces emails from the HTML body.
09 Jan 2019
Version 2.11.24
  • Fixed - In some cases the GeoLite2 Country Database could not be uploaded.
  • Fixed - Some bug fixes to the GeoLite2 library.
07 Jan 2019
Version 2.11.23
  • Fixed - The "System Check" was throwing a false positive for a file from the GeoLite2 library.
07 Jan 2019
Version 2.11.22
  • Updated - Country blocking is now using the GeoLite2 database.
13 Nov 2018
Version 2.11.21
  • Updated - IP address is now included in the subject of the email alerts.
  • Fixed - Table Views are no longer checked in the Database Check because they will halt the check.
  • Fixed - In some cases disable_functions was not returning the correct count.
10 Oct 2018
Version 2.11.20
  • Updated - Email addresses converted to images now have a transparent background.
  • Updated - Email image text color can now be set in Firewall Configuration - Active Scanner.
08 Oct 2018
Version 2.11.19
  • Fixed - A Deprecated Warning would appear on PHP 7.2 due to an outdated library.
  • Fixed - Some files would show up as modified even if you clicked on 'Accept Changes'.
26 Jun 2018
Version 2.11.18
  • Fixed - In some rare cases, a MySQL warning would show up in the logs if BINLOG_FORMAT was set to STATEMENT.
  • Fixed - SimplePie User Agent was incorrectly triggering the Dangerous User Agent protection.
07 May 2018
Version 2.11.17
  • Fixed - An error would occur in the Blacklist/Whitelist area when adding a range or a CIDR IP in the lists.
03 May 2018
Version 2.11.16
  • Added - Can specify new System Check options: Max retries, Pause between retries, toggle MD5 Signatures DB off.
  • Fixed - In some cases the Control Panel Module would timeout due to request parallelization.
19 Apr 2018
Version 2.11.15
  • Fixed - In some cases country flags were not showing up correctly next to IPs.
  • Fixed - IPv6 lookups could lead to malformed URLs due to an incorrect encoding.
22 Mar 2018
Version 2.11.14
  • Fixed - Changing a protected user could generate a Fatal Error if information was stored incorrectly in the database.
16 Mar 2018
Version 2.11.13
  • Fixed - In some cases, emails that were converted to images were disrupting the HTML markup.
19 Feb 2018
Version 2.11.12
  • Added - Joomla! 3.8.5 hashes.
  • Fixed - Update Code was incorrectly reset when uploading a new configuration.
11 Jan 2018
Version 2.11.11
  • Added - Joomla! 3.8.3 hashes.
  • Fixed - In some cases the File Manager could not list folders and files.
  • Fixed - Some filenames with UTF-8 characters were incorrectly seen as threats.
03 Oct 2017
Version 2.11.10
  • Updated - Malware database updated.
  • Updated - Can now grab IP from Cloudflare and Incapsula supplied headers.
  • Updated - Non-core extensions no longer show up as missing when running the System Check.
20 Sep 2017
Version 2.11.9
  • Added - Joomla! 3.8.0 hashes.
  • Updated - Malware database updated with ~10.000 hashes.
  • Fixed - Uninstalling did not remove the Installer Plugin.
  • Fixed - signatures.data.sql files are now deleted because they were causing some hosting provider virus scanners to go off.
18 May 2017
Version 2.11.8
  • Updated - No longer recommending disable_functions to include phpinfo and show_source.
  • Updated - System Check now recommends expose_php to be Off.
  • Updated - Some more explanations in the 'Server Configuration' area.
  • Fixed - 'Log all blocked events' would not take the 'Mozilla' User Agent into account.
  • Fixed - The #__rsfirewall_offenders table was not being pruned causing this table to reach a large size.
04 Apr 2017
Version 2.11.7
  • Updated - Can now remove Mozilla from 'Deny access to the following User Agents' section.
  • Updated - System Check will now display the file modification time for core modified files and malware.
  • Updated - Lockdown options have been moved to a separate tab for better visibility in the Configuration area.
  • Updated - System Check now identifies dot files as suspicious (except .htaccess, .htpasswd, .htusers, .htgroups)
  • Fixed - Google API key errors no longer intrerrupt the System Check.
13 Feb 2017
Version 2.11.6
  • Updated - Malware database updated.
  • Fixed - Saving the configuration.php file was not changing permissions back to 0444.
  • Fixed - mod_rsfirewall will no longer trigger the AJAX requests in parallel.
  • Fixed - Cyprus was erroneously set in Asia.
  • Fixed - Various language improvements.
29 Nov 2016
Version 2.11.5
  • Fixed - Scanning for malware AJAX response could be scrambled by an incorrect encoding of a malware pattern.
31 Oct 2016
Version 2.11.4
  • Updated - Malware database was updated.
  • Updated - More thorough check for Joomla! < 3.6.4 vulnerability.
  • Fixed - In some cases, GeoIPv6 functions might throw an error.
06 Oct 2016
Version 2.11.3
  • Fixed - Checking for the GeoIP v6 file was not working correctly.
28 Sep 2016
Version 2.11.2
  • Fixed - In some cases when using reverse proxies, the REMOTE_ADDR variable contained multiple IPs and threw an error.
  • Fixed - GeoIP was incorrectly initialized when not enabled.
  • Fixed - Google Safe Browsing error messages are now displayed to provide more details.
07 Sep 2016
Version 2.11.1
  • Updated - IPv6 GeoIP database support.
  • Updated - Improved Country Blocking interface initial setup.
  • Updated - Google Safe Browsing API updated to v4.
  • Updated - Malware database updated.
  • Fixed - Permissions were not being saved correctly due to Joomla! changes since 3.6.0.
  • Fixed - Denied referers were not recorded in the System Logs even with 'Log all blocked attempts' set to 'Yes'.
05 Aug 2016
Version 2.11.0
  • Added - Map of blocked attacks in the System Overview area.
  • Updated - Malware database updated.
  • Updated - Replacing email addresses with images has been re-worked to reduce page load.
  • Updated - More information shown when a protected user change has been attempted.
  • Fixed - No longer allows you to delete files from your Temporary Folder if it's incorrectly set and contains your website's folder.
  • Fixed - System Logs was becoming slow due to missing indexes on tables.
09 May 2016
Version 2.10.2
  • Updated - A log entry will be created when a change is attempted on a protected user.
  • Updated - A log entry will be created when the creation of a new administrator is blocked.
  • Updated - Malware database updated.
  • Fixed - Old log entries were not deleted according to the settings.
01 Apr 2016
Version 2.10.1
  • Added - Check your website's status in Google Safe Browsing lists.
  • Added - View and remove files that have been ignored during the System Check through "Accept changes".
  • Updated - Malware database updated.
19 Feb 2016
Version 2.10.0
  • Added - Built-in exceptions for com_plugins, com_templates, com_modules
  • Updated - Show number of files (hashes) modified or missing from your Joomla! installation.
  • Updated - Can overwrite modified files or add missing files straight from the Joomla! repository.
  • Updated - Malware database updated.
  • Fixed - If no signatures are present an error messages is shown during the System Check scan.
  • Fixed - 'Error! is not a valid folder' message rewritten to make more sense.
  • Fixed - Creating php.ini: open_basedir value could have contained empty paths in some cases.
  • Fixed - Creating php.ini: open_basedir did not return the correct session.save_path.
  • Fixed - Checking temporary files might not have listed files in some cases.
25 Jan 2016
Version 2.9.7
  • Added - View contents of files tagged as malware directly from the System Check area.
  • Updated - Malware database updated.
  • Fixed - Invalid data could be stored when activating 'Protect the following users from any changes'
21 Jan 2016
Version 2.9.6
  • Updated - Notification emails now contain the 'Debug information' as well.
  • Updated - System Check now ignores folders it cannot access rather than stopping.
  • Fixed - System Check could not be completed when encountering a symbolic link pointing back to the Joomla! root.
22 Dec 2015
Version 2.9.5
  • Fixed - Reverted some functions so that Joomla! 2.5 is still supported.
22 Dec 2015
Version 2.9.4
  • Updated - File paths in the Ignore files and Monitor files section are now stored with relative paths when backing up.
  • Updated - Can choose if you want to keep the Update Code from the configuration.json.
  • Fixed - Converting email addresses to images displayed a PHP Notice in some cases.
21 Dec 2015
Version 2.9.3
  • Added - System Check now checks if the Session Handler is set to 'Database' and issues a warning.
  • Added - Select which headers to check for the real IP if server behind proxy (wasn't configurable until now).
  • Updated - Can now filter based on Blocked status in the System Logs area.
  • Updated - Debug information in System Logs hidden by default - a 'Show' button has been added to display it.
  • Fixed - Session injection protection did not automatically blacklist IPs.
  • Fixed - Language strings in the mod_rsfirewall module were not loaded if the System Plugin was disabled.
  • Fixed - In some cases, the System Check would write a log even if the option was disabled.
  • Fixed - Converting email addresses to images did not work with new (long) domain extensions.
16 Dec 2015
Version 2.9.2
  • Updated - Further improvements to session injection vulnerability prevention.
15 Dec 2015
Version 2.9.1
  • Updated - User Agent Blacklist updated to prevent Joomla! session vulnerability.
  • Updated - Malware database updated.
11 Dec 2015
Version 2.9.0
  • Added - Can now view differences in modified core Joomla! files.
  • Added - Ability to deny referers by specifying the domain name.
  • Added - Export & import configuration data.
  • Added - Download System Logs in CSV format.
  • Updated - Country Flags are now displayed on the Blackist/Whitelist page.
  • Updated - Visually improved Backend Login and Forbidden views.
  • Updated - Backend Login and Forbidden views can be overrided through the template now.
  • Updated - No longer checking 'register_globals' and 'safe_mode' on PHP 5.4 and newer.
  • Updated - System Check last run time is now recorded.
  • Updated - Small interface improvements.
  • Updated - New malware signatures added to the database.
  • Fixed - Updating the component did not run the necessary queries when using MySQL (PDO).
22 Sep 2015
Version 2.8.14
  • Fixed - Add to Blacklist and Add to Whitelist buttons from the System Logs area were not working correctly.
30 Jul 2015
Version 2.8.13
  • Fixed - Backend login CAPTCHA no longer appeared due to a HTML change in the mod_login layout.
03 Jul 2015
Version 2.8.12
  • Added - Hashes for Joomla! 3.4.3
01 Jul 2015
Version 2.8.11
  • Added - Hashes for Joomla! 3.4.2
29 Jun 2015
Version 2.8.10
  • Added - Joomla! updates integration.
  • Fixed - Clicking on countries in the Country Block area did not work on Google Chrome and Internet Explorer.
25 May 2015
Version 2.8.9
  • Fixed - Blacklisting no longer worked if a wrongfully added IP range was present in the database.
21 May 2015
Version 2.8.8
  • Added - Ability to select a continent to block.
  • Updated - Malware signature database.
15 May 2015
Version 2.8.7
  • Updated - 'Automatic blacklisting for /administrator login' is now independent of the 'Automatic blacklisting' option.
  • Updated - 'Enable CAPTCHA' is now independent of the 'Automatic blacklisting for /administrator login' option.
  • Fixed - Dashboard message that a file has been modified persisted even after replacing the file with the correct version.
  • Fixed - Logging in successfully now resets the number of login attempts to 0.
  • Fixed - 'Monitor the following files for changes' was not being loaded correctly from the Configuration.
  • Fixed - When using a PDO MySQL database an error was thrown.
  • Fixed - Longer texts in the System Logs areas were showing outside of their bounding area.
04 Mar 2015
Version 2.8.6
  • Added - Hashes for 3.4.0
  • Added - Hashes for 2.5.28
  • Fixed - Due to this Joomla! 3.4.0 issue uploading the GeoIP.dat.gz file did not work anymore.
03 Mar 2015
Version 2.8.5
  • Fixed - The backend sidebar on Joomla! 3.4 was not showing correctly.
03 Feb 2015
Version 2.8.4
  • Added - Whois service for IPv4 can now be configured instead of the default 'http://whois.domaintools.com'.
  • Added - A separate Whois service for IPv6 can now be configured.
  • Added - Warning message shows up when 'Disable the creation of new Administrators' is active and you're editing a user in User Manager.
  • Updated - Logging more events (if it's enabled) when performing the System Check to aid during debugging.
  • Fixed - In some cases, the JSON result returned by the System Check couldn't be decoded.
  • Fixed - Country Flag did not appear in the System Overview page.
  • Fixed - Country Flag did not appear in the RSFirewall! Control Panel Module.
14 Jan 2015
Version 2.8.3
  • Fixed - 'System Overview' graph wasn't showing properly.
  • Fixed - 'Protect the following users' was creating duplicate users when the user didn't exist.
  • Fixed - 'Protect the following users' was throwing a 'JUser::_load unable to load user' error when the user didn't exist.
06 Dec 2014
Version 2.8.2
  • Updated - Malware database has been updated with new signatures.
  • Updated - Rewrote 'System Plugin is disabled' message and added suggestions to fix.
  • Updated - 'Ignore files and folders' and 'Monitor the following files for changes' width increased.
  • Fixed - Resolved a '500 View not found' error in frontend.
28 Nov 2014
Version 2.8.1
  • Fixed - Solved an incompatibility with PHP 5.2 when enabling 'Protect forms from abusive IPs'.
27 Nov 2014
Version 2.8.0
  • Added - Hashes can now be downloaded straight from our update server without installing a new version of RSFirewall!.
  • Fixed - Scanning the integrity of files no longer works on development releases (such as alpha versions of Joomla!).
  • Fixed - Scanning could not finish no longer shows up when you're missing hashes for your version.
  • Fixed - Detecting invalid inclusions (CryptoPHP) in PHP scripts (in the Checking for malware step) was too sensitive.
18 Nov 2014
Version 2.7.5
  • Updated - Database Check now only performs tasks on MyISAM tables.
  • Updated - Checking for malware now detects invalid file inclusions in PHP scripts.
  • Updated - A warning message pops up when attempting to navigate away when the System Check is still in progress.
07 Nov 2014
Version 2.7.4
  • Updated - System Overview graph has been optimized for use with large datasets.
30 Oct 2014
Version 2.7.3
  • Updated - Installation no longer sets MyISAM as the default storage engine for new tables.
  • Fixed - When incorrect IPs were present in the Blacklist new IPs could no longer be banned through the administration.
27 Oct 2014
Version 2.7.2
  • Updated - Small coding style improvements.
  • Updated - Checking if an IP is a search engine bot now uses the more reliable 'Net_DNS2' library.
  • Fixed - RSFirewall! Control Panel Module now loads jQuery from the Joomla! 3.x framework.
  • Fixed - System Check was not able to finish when files in the root were being ignored.
23 Oct 2014
Version 2.7.1
  • Updated - Servers that natively support GeoIP but don't have the database installed now display a message.
  • Updated - 'Check All' from 'Country Blocking' now behaves more intuitively.
  • Fixed - System Check was throwing an error when checking for weak passwords due to the assets table being corrupted.
  • Fixed - Admin users were not showing up in the 'Lockdown' section when the assets table was corrupted.
  • Fixed - In some cases, Google or MSN Bot verification would issue a warning.
15 Oct 2014
Version 2.7.0
  • Added - Added spam protection for forms (can be enabled in Firewall Configuration - Active Scanner).
  • Added - Added support for IPv6.
  • Added - Added support for CIDR notation and IP ranges.
  • Added - 'File Manager' (from Firewall Configuration > System Check) now displays file size and permissions.
  • Added - IPs can now be blocked easier straight from the 'System Logs' area.
  • Added - IPs can now be whitelisted from the 'System Logs' area.
  • Updated - False positive results in 'Malware check' can be instantly ignored by clicking a button.
  • Updated - If GeoIP is available, a country flag is shown next to each IP in the 'System Logs'.
  • Updated - 'Bing Bot' is now whitelisted by default.
  • Updated - 'Malware check' improved - checks for rogue files in the Joomla! root as well as other folders that shouldn't contain PHP files.
  • Updated - No longer recommending 'allow_url_fopen' to be disabled since it caused issues with the Joomla! auto-updater.
  • Updated - No longer recommending placing 'configuration.php' outside root since it proved to bring minimal benefits at the cost of modifying core files.
  • Updated - GeoIP.dat.gz can now be uploaded and will be decompressed automatically.
  • Updated - Hosting server's IP can no longer be blacklisted.
  • Fixed - Using a broken GeoIP database no longer renders website unusable.
  • Fixed - Worked around bug in Joomla! 3 that prevented the action dropdown (in item listing) from functioning correctly.
  • Fixed - Clicking 'Accept changes' for modified Joomla! core files wasn't disabling the checkboxes.
14 Oct 2014
Version 2.6.7
  • Fixed - jQuery is now loaded from the Joomla! 3 framework.
01 Oct 2014
Version 2.6.6
  • Added - Added hashes for Joomla! 2.5.27, 3.2.7 and 3.3.6
01 Oct 2014
Version 2.6.5
  • Added - Added hashes for Joomla! 2.5.26, 3.2.6 and 3.3.5
24 Sep 2014
Version 2.6.4
  • Added - Added hashes for Joomla! 2.5.25, 3.2.5 and 3.3.4
12 Sep 2014
Version 2.6.3
  • Updated - During configuration.php integrity check, configuration.php location is based on where JConfig has been initialized.
  • Updated - jQuery (loaded in Joomla! 2.5) updated to v1.11.1
  • Fixed - Deprecated jQuery function calls have been replaced.
  • Fixed - System Check could not finish due to a redirect caused by MightySites - added workaround.
  • Fixed - Domain (host) added as built-in exception for JS inclusion in order to avoid false positives during Malware check.
02 Sep 2014
Version 2.6.2
  • Fixed - RSFirewall! still asked for the GeoIP.dat file to be uploaded even if the server had native GeoIP support.
28 Aug 2014
Version 2.6.1
  • Fixed - Typo in function name and proper escaping of 'Pause between requests' value.
27 Aug 2014
Version 2.6.0
  • Updated - Improved detection of base64 encoded strings during the System Check.
  • Updated - When XDebug is enabled in PHP, the System Check is no longer available.
  • Updated - Joomla! and RSFirewall! version checking now uses caching.
  • Added - A timeout can now be set between requests during the System Check.
  • Added - 'Google bot' is now whitelisted internally.
  • Fixed - IPs are now trimmed of extra spaces.
  • Fixed - Slightly improved error messages when the System Check failed.
  • Fixed - When the System Check fails, the grade is no longer calculated.
  • Fixed - System Check might have been flagged as a bruteforce attack by some server firewalls because it posted requests to 'index.php'.
25 Jul 2014
Version 2.5.12
  • Added - Hashes for Joomla! 2.5.24
  • Added - Hashes for Joomla! 3.3.3
25 Jul 2014
Version 2.5.11
  • Added - Hashes for Joomla! 2.5.23
  • Added - Hashes for Joomla! 3.3.2
23 Jul 2014
Version 2.5.10
  • Fixed - "# emails per hour" was not being used correctly.
16 Jun 2014
Version 2.5.9
  • Added - Ability to specify default file and folder permissions.
13 Jun 2014
Version 2.5.8
  • Added - Hashes for Joomla! 2.5.22
13 Jun 2014
Switched to new version mode.
12 Jun 2014
Rev 57
  • Added - Hashes for Joomla! 2.5.21
  • Added - Hashes for Joomla! 3.3.1
  • Added - Hashes for Joomla! 3.2.4
05 May 2014
Rev 56
  • Added - Hashes for Joomla! 2.5.20
  • Added - Hashes for Joomla! 3.3.0
  • Added - Option to log System Check to a file.
  • Added - Option to log all RSFirewall! blocked attempts.
  • Fixed - Large PHP files are now skipped from the Malware check.
06 Mar 2014
Rev 55
  • Added - Hashes for Joomla! 2.5.19
  • Added - Hashes for Joomla! 3.2.3
  • Fixed - Multiple IPs through proxy were not detected correctly.
07 Feb 2014
Version Rev 54
  • Added - Hashes for Joomla! 2.5.18
  • Added - Hashes for Joomla! 3.2.2
18 Dec 2013
Version Rev 53 - Joomla! 2.5/3.x only
  • Added - Hashes for Joomla! 2.5.17
  • Added - Hashes for Joomla! 3.2.1
  • Fixed - RSS Feeds handling has been rewritten.
  • Fixed - Limit for RSS Feeds items wasn't being used.
07 Nov 2013
Rev 52 - Joomla! 2.5/3.x only
  • Added - Hashes for Joomla! 2.5.15
  • Added - Hashes for Joomla! 2.5.16
  • Added - Hashes for Joomla! 3.1.6
  • Added - Hashes for Joomla! 3.2.0
  • Fixed - Checking for weak passwords during System Check did not work on 3.2.0.
  • Fixed - Added a few exceptions for some false positives during System Check.
02 Aug 2013
Rev 51 - Joomla! 2.5/3.x only
  • Added - Joomla! 2.5.14 hash files
  • Added - Joomla! 3.1.5 hash files
26 Jul 2013
Rev 50 - Joomla! 2.5/3.x only
  • Added - Joomla! 2.5.13 hash files
  • Added - Joomla! 3.1.4 hash files
  • Fixed - Worked around JView bug introduced in Joomla! 3.1.2 and upwards
29 Apr 2013
Rev 49 - Joomla! 2.5/3.x only
  • Added - Joomla! 2.5.11 hash files
  • Added - Joomla! 3.1.1 hash files
25 Apr 2013
Rev 48 - Joomla! 2.5/3.x only
  • Updated - Malware database
  • Added - Joomla! 2.5.10 hash files
  • Added - Joomla! 3.1.0 hash files
  • Added - Joomla! 3.0.4 hash files
  • Fixed - System Check was looping in some cases
05 Feb 2013
Rev 47 - Joomla! 2.5/3.x only
  • Added - Joomla! 2.5.9 hash files
  • Added - Joomla! 3.0.3 hash files
  • Added - PHP 5.2 compatibility (we still recommend 5.3)
  • Fixed - Getting an IP behind a proxy is now more reliable
09 Nov 2012
Rev 46 - Joomla! 2.5/3.x only
  • Added - Joomla! 2.5.8 hash files
  • Added - Joomla! 3.0.2 hash files
  • Fixed - Multiple issues found in R45
  • Fixed - Workaround for version checking on 2.5.x
  • Fixed - Accept changes for missing files
06 Nov 2012
Rev 45 - Joomla! 2.5/3.x only
  • Joomla! 3.0 compatibility (including responsive design & bootstrap compatibility)
  • Refactored code to use less resources
  • Completely rewritten the System Check, providing a smoother, less resource intensive experience
  • Database Check has been rewritten to work only on MySQL servers
  • System Logs are now showing more information
  • Firewall Configuration now provides more detailed options
  • The RSFirewall! Control Panel Module has been rewritten
  • Grade computing logic has been changed
  • System Overview now includes a visual graph of the latest attacks
  • Lockdown has now been split into three separate options
  • Ability to create exceptions with several filtering options available
  • Permissions check no longer runs on Windows servers
  • Password strength didn't work on Joomla! 2.5
  • Failed login attempts are now only being triggered on Joomla! logins only
14 Sep 2012
Rev 44
  • Added - Joomla! 2.5.7 hash files
28 Jun 2012
Rev 43
  • Updated - Missing language translations are now reverted to en-GB
  • Updated - Backend CAPTCHA is now disabled automatically if it cannot be shown (in 3rd Party Administrator Templates)
  • Updated - mod_rsfirewall now uses layout overrides
  • Added - Bulk adding to Blacklist/Whitelist
  • Added - Automatic blacklisting for failed /administrator login attempts
  • Added - Ability to disable backend CAPTCHA
  • Fixed - Auto blacklisting did not add the date when the ban was added
20 Jun 2012
Rev 42
  • Updated - Protections are no longer triggered for IPs in the Whitelist
  • Updated - Improvements when loading the RSFirewall! configuration
  • Added - Country blocking
  • Added - Blacklist/Whitelist management
  • Added - Ability to automatically add to blacklist repeat offenders
  • Added - Ability to limit the number of log emails to be sent within an hour
20 Jun 2012
Rev 41
  • Added - Joomla! 2.5.6 hash files
19 Jun 2012
Rev 40
  • Added - Joomla! 2.5.5 hash files
02 Apr 2012
Rev 39
  • Added - Joomla! 2.5.4 hash files
  • Fixed - Minor installation issue with Joomla! 2.5
  • Fixed - Joomla! 2.5 generator tag was not being removed
28 Mar 2012
Rev 38
  • Added - Joomla! 1.5.26 hash files
15 Mar 2012
Rev 37
  • Added - Joomla! 2.5.3 hash files
  • Added - Basic Joomla! 2.5 ACL support
06 Mar 2012
Rev 36
  • Added - Joomla! 2.5.2 hash files
  • Removed - Joomla! 1.6.x hash files
  • Fixed - Throwing false alerts from Google tracking links
  • Fixed - IP was not detected correctly when using proxies
03 Feb 2012
Rev 35
  • Added - Joomla! 2.5.1 hash files
25 Jan 2012
Rev 34
  • Added - Joomla! 2.5.0 hash files
14 Nov 2011
Rev 33
  • Added - Joomla! 1.7.3 hash files
  • Added - Joomla! 1.5.25 hash files
18 Oct 2011
Rev 32
  • Added - Joomla! 1.7.2 hash files
  • Added - Joomla! 1.5.24 hash files
  • Fixed - mod_rsfirewall was not displaying the correct image ratio
27 Sep 2011
Rev 31
  • Added - Joomla! 1.7.1 hash files
28 Jul 2011
Rev 30
  • Added - Joomla! 1.6.6 hash files
20 Jul 2011
Rev 29
  • Added - Joomla! 1.7.0 stable hash files
12 Jul 2011
Rev 28
  • Added - Joomla! 1.6.5 hash files
29 Jun 2011
Rev 27
  • Updated - Joomla! 1.7 compatbile
  • Added - Warnings when using 1.7 development version
  • Added - Joomla! 1.7.0 (beta1) hash files
  • Fixed - Tooltips in overview screen
  • Fixed - Looping error during System Check on 1.7
  • Fixed - Uninstall not removing the RSFirewall! System Plugin on 1.6
28 Jun 2011
Rev 26
  • Added - Joomla! 1.6.4 hash files
19 Apr 2011
Rev 25
  • Added - Joomla! 1.6.3 hash files
15 Apr 2011
Rev 24
  • Added - Joomla! 1.6.2 hash files
  • Updated - Skipping default Joomla! 1.6 templates (administrator and frontend)
05 Apr 2011
Rev 23
  • Added - Joomla! 1.5.23 hash files
08 Mar 2011
Rev 22
  • Added - Joomla! 1.6.1 hash files
  • Fixed - Some admin users were not being detected correctly
21 Dec 2010
Rev 21
  • Updated - Joomla! 1.6 compatible
  • Added - Joomla! 1.6.0RC1 hash files
  • Fixed - Improved SQL injection detection
  • Fixed - Improved Shell detection
  • Fixed - Improved LFI detection
  • Fixed - The check if the "admin" user is active now takes into account if the user is blocked
  • Fixed - Using native functions to check if the RSFirewall! plugin is enabled
  • Fixed - W3C Validator is now able to connect to a RSFirewall! protected website
  • Fixed - Email cloaking not working correctly
05 Nov 2010
Rev 20
  • Added - Joomla! 1.5.22 hash files
11 Nov 2010
Rev 19
  • Updated - Additional backend password has been rewritten, works on all servers and provides a nicer layout
  • Updated - SEF support detects 3rd Party SEF components as well
  • Added - Joomla! 1.5.21 hash files
  • Added - Database Check
  • Added - During System Check, the current folder is shown
  • Added - Check for .htaccess in your Joomla! root
  • Added - Number of files/folders to check in the System Check
  • Added - Ability to ignore folders/files during System Check
  • Fixed - System Check no longer hangs, it skips to the next available step
  • Fixed - Directories with slashes were hanging the System Check
29 Jul 2010
Rev 18
  • Improved - XSS attacks filtering
  • Improved - LFI "controller" injection detection
19 Jul 2010
Rev 17
  • Added - Joomla! 1.5.20 hash files
16 Jul 2010
Rev 16
  • Added - Joomla! 1.5.19 hash files
16 Jun 2010
Rev 15
  • Added - Protection against common malware User-Agents
  • Added - A few more passwords for strength test
  • Fixed - The module now uses Ajax calls to connect to the server to avoid timing out in the Administrator area
31 May 2010
Rev 14
  • Added - Joomla! 1.5.18 hash files
11 May 2010
Rev 13
  • Added - SEF check
  • Added - Session Lifetime check
  • Added - FTP password check
  • Fixed - JavaScript bug when running the System Check a second time
  • Fixed - RSFirewall! Administrator module overlapping in IE8
  • Fixed - CSS issue with grade icon in IE
  • Fixed - No longer throwing a fatal error if the helper file is missing
  • Fixed - Rewrote installation procedure
28 Apr 2010
Rev 12
  • Added - Joomla! 1.5.17 hash files
26 Apr 2010
Rev 11
  • Added - Joomla! 1.5.16 hash files
  • Added - Extra message in PHP fix
  • Fixed - Moved malware signatures to database in order to prevent server antivirus software to identify RSFirewall! as a false positive
  • Fixed - CSS issue with missing background image
  • Fixed - PayPal no longer being blocked as DoS attack
05 Nov 2009
Rev 10
  • Added - Joomla! 1.5.15 hash files
03 Nov 2009
Rev 9
  • Added - Cleaning backdoored versions of Jumi
  • Fixed - Accept change bug
29 Sep 2009
Rev 8
  • Added - Warning message for old version of Internet Explorer users
  • Fixed - System Check Javascript to work with Internet Explorer 8
24 Sep 2009
Rev 7
  • Added - Ability to show CAPTCHA after a number of unsuccessful login attempts
  • Added - Ability to ignore modified/missing files during System Check
  • Added - Logging unsuccessful attempts to login into the backend
  • Added - Password strength tester in com_users
  • Fixed - Redone the System Check to use multiple ajax threads instead of a single one
  • Fixed - Various fixes when generating php.ini
  • Fixed - com_frontpage was not showing up in the list of allowed components
  • Fixed - Wrong md5 calculated in the System Overview when a modified Joomla! file was detected
  • Fixed - DoS protection and converting emails to images still ran even with Active Scanner disabled
  • Fixed - SQL protection was flagging a legitimate server query as an injection in a special situation
  • Fixed - If a component/module or default template has been uninstalled it should not be checked
  • Fixed - Wrong language loaded when sending emails
  • Fixed - The file and folder permissions grade was not correctly calculated
  • Fixed - Using $JSession->set() to store data instead of $mainframe->setUserState()
  • Fixed - No more stripping slashes on Windows servers
  • Fixed - Improved the System Check URL recorded in the System Log
03 Aug 2009
Rev 6
  • Fixed - Results are now truncated to save server memory
  • Fixed - Optimized the checking for file and folder permissions to use less memory
  • Fixed - Optimized the checking for malware patterns to use less memory
  • Fixed - Version compare now ignores "rebranded" Joomla! versions such as "1.5.14 DutchJoomla"
31 Jul 2009
Rev 5
  • Added - Joomla! 1.5.14 hash files
  • Fixed - If Backend Access Control is enabled and there are no users selected, by default all users are allowed so you don't lock yourself out
  • Fixed - No more stripping HTML from passwords
23 Jul 2009
Rev 4
  • Added - Joomla! 1.5.13 hash files
  • Fixed - Language file wasn't loaded correctly in a special situation
14 Jul 2009
Rev 3
  • Added - Ability to generate images instead of plain text email addresses
  • Fixed - Not showing modified files in the Overview
  • Fixed - The RSFirewall! Grade did not show up in the module correctly
  • Fixed - The RSFirewall! Grade would give very high scores when having a few files or folders with wrong permissions
  • Fixed - Throwing errors when $_REQUEST contained an object or resource
  • Fixed - addslashes() escaping quotes with quotes instead of backslashes
01 Jul 2009
Rev 2
  • Added - Joomla! 1.5.12 hash files
  • Added - Removal of the generator meta tag from your Joomla! template
  • Added - Website grading system (computing a security score based on your website's security)
  • Added - System Log entry when running the System Check
  • Fixed - Minor memory optimizations

22 persons found this article helpful.


Was this article helpful?

Yes No
Sorry about that