RSFirewall! Changelog

03 Sep 2024

Version 3.1.3

Updated - Improved CIDR matches for IPv6.
Updated - Firewall Configuration tab position is now remembered.
Fixed - PHP 8.3 improvements.
Fixed - Removed unused assets (CSS and images).

18 Apr 2024

Version 3.1.2

Fixed - In some cases the generated php.ini contents would overflow the page during the System Check scan.
Fixed - Joomla! 5.1 Dark Mode fixes.
Fixed - In Joomla! 5.1 a class naming collision resulted in Exceptions not being able to be saved showing a message about valid Regex.
Fixed - When using Country Blocking, in some cases the IP's country was cached until a new session was started.

15 Jan 2024

Version 3.1.1

Fixed - 'Files that have been modified' table was missing a table-responsive class.
Fixed - Emptying the temporary folder would throw an 500 error.

09 Jan 2024

Version 3.1.0

Added - Joomla! 5 native compatibility - no longer needs the 'Behaviour - Backward Compatibility' plugin.
Added - Joomla! 3 elts hashes support.
Updated - RSFirewall! Control Panel module options: 'Show Grade', 'Show Version Check', 'Show Map', 'Show System Logs'.
Updated - When specifying an exception with 'Use regular exceptions' set to 'Yes', the regular exception is validated before being saved to avoid errors being thrown.
Updated - Grade score computing has been reworked to substract more points if malware is found or Joomla! core files have been modified.
Updated - 'Convert email addresses from plain text to images' has been removed as today's AI can easily read images.
Updated - 'Attempt to fix PHP Configuration' has been removed as this is a job for the server admin.
Updated - System Check now checks if the PHP version is end-of-life.
Fixed - Accepting changes on modified files would accept changes for all files, regardless of selection.

23 Oct 2023

Version 3.0.14

Updated - Dark Mode in Joomla! 5 was unreadable.
Updated - Some Joomla! 5 code improvements.
Updated - Removed some old CSS code.

13 Sep 2023

Version 3.0.13

Updated - Double extension PHP files are now marked as suspicious in the System Check.

07 Jun 2023

Version 3.0.12

Added - Can now perform scans through the RSFirewall! CLI Plugin (Joomla! 4 only).
Fixed - In some cases the 'Protect the following users from any changes' feature could throw an SQL error.

17 Feb 2023

Version 3.0.11

Updated - API requests are now scanned in Joomla! 4 to prevent the < 4.2.8 vulnerability.
Updated - Malware database updated.
Updated - IP address now takes into account the 'Behind Load Balancer' setting from Global Configuration.
Updated - Bumped minimum requirements to use Joomla! 3.9.0+
Fixed - Captcha rendering on PHP 8.1+ could throw some deprecated notices.
Fixed - Country Blocking on PHP 8.1+ could throw some deprecated notices.

09 Nov 2022

Version 3.0.10

Fixed - Some PHP 8.1 compatibility issues have been resolved.
Fixed - If the component tables are missing the System Plugin no longer throws an error.

25 May 2022

Version 3.0.9

Fixed - Backend Captcha was throwing an error due to changes in Joomla! 4.1.4.

12 May 2022

Version 3.0.8

Fixed - Joomla! 4 CLI was throwing an error when the RSFirewall! System Plugin was published.

21 Jan 2022

Version 3.0.7

Fixed - No longer requiring the Backend Password in the Configuration area after enabling it.
Fixed - 'Backend Password' was inheriting the Password Options from the Users component.

25 Aug 2021

Version 3.0.6

Added - Can download and import Blocklist/Safelist entries.
Added - Can download and import Exceptions entries.
Updated - Can filter by Country Code in the System Logs area.
Updated - Session Handler check has been removed from the System Check.
Updated - 'autocomplete=off' on the Captcha and Backend Password inputs.
Updated - A few common files have been added to the 'Ignored Hidden Files' by default.
Updated - SQL injection protection adjustments.
Updated - Various Javascript code improvements.
Fixed - Some checkboxes were not showing up correctly.
Fixed - PHP 8 could show a warning message when downloading the GeoIP database.
Fixed - 'Search Tools' was not staying open when filtering.

27 May 2021

Version 3.0.5

Fixed - In some cases protected users where not reverted to their original user groups.

15 Apr 2021

Version 3.0.4

Updated - Replaced Google Visualization JS library with Chart.js.
Updated - 'Referer' has been replaced with 'Description' in the System Overview's last 5 messages table.
Updated - Removed Bootstrap 4 CDN from the 'Backend Password' and 'Forbidden' pages in favor of inline styling.
Updated - When emptying the log a confirmation is now required.

12 Apr 2021

Version 3.0.3

Updated - PHP 8 compatibility.
Updated - Bumped minimum requirements to use PHP 5.4
Fixed - 'Pause between retries' was not working correctly.

12 Aug 2020

Version 3.0.2

Updated - Replaced references to lists as 'Blocklist' and 'Safelist'.
Updated - The System Check can now be run with Xdebug enabled by adjusting the xdebug.max_nesting_level directive.
Fixed - Removed some 'Ignored Hidden Files' because some hosting providers block requests containing those names; these have been instead hardcoded in the System Check process.

03 Jul 2020

Version 3.0.1

Added - Can specify the CAPTCHA Font Size.
Updated - SQL injection will now trigger when attacks are attempted targeting the 'information_schema' table.
Fixed - Disabling the RSFirewall! System Plugin would throw an error in the Control Ppanel Module.
Fixed - A warning that you are editing a protected user would incorrectly show up on all admins.

29 Jun 2020

Version 3.0.0

Added - Joomla! 4.0 compatibility
Added - Option to configure the public blacklists for the 'Protect forms from abusive IPs' check.
Added - 'Optional Core Folders' can be configured in the 'Firewall Configuration' - 'System Check' tab.
Added - 'Ignored Hidden Files' can be configured in the 'Firewall Configuration' - 'System Check' tab.
Updated - Bumped minimum requirements to use Joomla! 3.7.0
Updated - Code improvements and deprecated functions removed.
Updated - Google Charts API updated.
Updated - A warning message is now shown when trying to edit a protected user.
Updated - The 'Additional Backend Password' login and the 'Blocked' error screens now use Bootstrap 4.0
Updated - Permissions have been moved from the 'Firewall Configuration' to the 'Global Configuration' area.
Updated - 'Checking if any admin users have weak passwords' has been removed since Joomla! now uses strong hashing algorithms that can't be easily brute forced.
Updated - 'Updates' section has been removed since RSFirewall! can be updated through the Joomla! Update Manager for quite some time.
Updated - 'RSS Feeds' has been removed since RSFirewall! is not a feed reader and there are plenty of dedicated tools for that.
Updated - Filtering results is now updated to use Joomla!'s 'Search Tools' for a more consistent UX.
Updated - Reworked some parts of the interface to be consistent across both Joomla! versions.
Updated - Removed some old CSS and icons.
Updated - Removed support for Microsoft Azure SQL databases.
Updated - CAPTCHA now appears at all times (unless IP is whitelisted) if 'Enable CAPTCHA' is set to 'Yes'.
Fixed - 'Last run' message was incorrectly showing up after starting the System Check.
Fixed - 'Whois' URL was showing up even when not configured.
Fixed - In the 'Country Blocking' configuration, the checkboxes from 'Continents' were not consistent with the 'Check All' selections.
Fixed - In some cases where translations were missing and the 'System - Language Filter' Plugin was enabled, email alerts were showing as language keys instead of their English fallbacks.
Fixed - In some cases uploaded files were not properly scanned for malware.

27 Feb 2020

Version 2.12.5

Fixed - The * wildcard can now be used in IPv6 lists.

07 Jan 2020

Version 2.12.4

Updated - License key support for downloading the GeoIP Database from MaxMind.

06 Jan 2020

Version 2.12.3

Fixed - When the System Plugin was disabled a Fatal Error would occur when trying to empty the log.

09 Dec 2019

Version 2.12.2

Updated - SQLI protections improved.
Fixed - In some cases false positives were triggered for the RFI protections.

30 Sep 2019

Version 2.12.1

Updated - Choose which Google APIs to use during the System Check.

27 Sep 2019

Version 2.12.0

Added - Google Web Risk API added as an alternative to the Google Safe Browsing API.
Added - Backend Password can now be used as a parameter.

04 Jun 2019

Version 2.11.27

Fixed - After disabling the RSFirewall! System Plugin the component was no longer accessible.

21 May 2019

Version 2.11.26

Added - Password strength check can now be toggled off from Firewall Configuration - Active Scanner.
Updated - Password strength now takes into account the parameters set in Users - Options - Password Options.
Updated - Adjusted some checks to not trigger false positives on some files.
Updated - System Check now checks if the Backend Password has been enabled.
Updated - Removed old Joomla! 2.5 code.
Fixed - Additional Backend Password attempts will now lead to an autoban.

23 Jan 2019

Version 2.11.25

Fixed - 'Convert email addresses from plain text to images' now only replaces emails from the HTML body.

09 Jan 2019

Version 2.11.24

Fixed - In some cases the GeoLite2 Country Database could not be uploaded.
Fixed - Some bug fixes to the GeoLite2 library.

07 Jan 2019

Version 2.11.23

Fixed - The "System Check" was throwing a false positive for a file from the GeoLite2 library.

07 Jan 2019

Version 2.11.22

Updated - Country blocking is now using the GeoLite2 database.

13 Nov 2018

Version 2.11.21

Updated - IP address is now included in the subject of the email alerts.
Fixed - Table Views are no longer checked in the Database Check because they will halt the check.
Fixed - In some cases disable_functions was not returning the correct count.

10 Oct 2018

Version 2.11.20

Updated - Email addresses converted to images now have a transparent background.
Updated - Email image text color can now be set in Firewall Configuration - Active Scanner.

08 Oct 2018

Version 2.11.19

Fixed - A Deprecated Warning would appear on PHP 7.2 due to an outdated library.
Fixed - Some files would show up as modified even if you clicked on 'Accept Changes'.

26 Jun 2018

Version 2.11.18

Fixed - In some rare cases, a MySQL warning would show up in the logs if BINLOG_FORMAT was set to STATEMENT.
Fixed - SimplePie User Agent was incorrectly triggering the Dangerous User Agent protection.

07 May 2018

Version 2.11.17

Fixed - An error would occur in the Blacklist/Whitelist area when adding a range or a CIDR IP in the lists.

03 May 2018

Version 2.11.16

Added - Can specify new System Check options: Max retries, Pause between retries, toggle MD5 Signatures DB off.
Fixed - In some cases the Control Panel Module would timeout due to request parallelization.

19 Apr 2018

Version 2.11.15

Fixed - In some cases country flags were not showing up correctly next to IPs.
Fixed - IPv6 lookups could lead to malformed URLs due to an incorrect encoding.

22 Mar 2018

Version 2.11.14

Fixed - Changing a protected user could generate a Fatal Error if information was stored incorrectly in the database.

16 Mar 2018

Version 2.11.13

Fixed - In some cases, emails that were converted to images were disrupting the HTML markup.

19 Feb 2018

Version 2.11.12

Added - Joomla! 3.8.5 hashes.
Fixed - Update Code was incorrectly reset when uploading a new configuration.

11 Jan 2018

Version 2.11.11

Added - Joomla! 3.8.3 hashes.
Fixed - In some cases the File Manager could not list folders and files.
Fixed - Some filenames with UTF-8 characters were incorrectly seen as threats.

03 Oct 2017

Version 2.11.10

Updated - Malware database updated.
Updated - Can now grab IP from Cloudflare and Incapsula supplied headers.
Updated - Non-core extensions no longer show up as missing when running the System Check.

20 Sep 2017

Version 2.11.9

Added - Joomla! 3.8.0 hashes.
Updated - Malware database updated with ~10.000 hashes.
Fixed - Uninstalling did not remove the Installer Plugin.
Fixed - signatures.data.sql files are now deleted because they were causing some hosting provider virus scanners to go off.

18 May 2017

Version 2.11.8

Updated - No longer recommending disable_functions to include phpinfo and show_source.
Updated - System Check now recommends expose_php to be Off.
Updated - Some more explanations in the 'Server Configuration' area.
Fixed - 'Log all blocked events' would not take the 'Mozilla' User Agent into account.
Fixed - The #__rsfirewall_offenders table was not being pruned causing this table to reach a large size.

04 Apr 2017

Version 2.11.7

Updated - Can now remove Mozilla from 'Deny access to the following User Agents' section.
Updated - System Check will now display the file modification time for core modified files and malware.
Updated - Lockdown options have been moved to a separate tab for better visibility in the Configuration area.
Updated - System Check now identifies dot files as suspicious (except .htaccess, .htpasswd, .htusers, .htgroups)
Fixed - Google API key errors no longer intrerrupt the System Check.

13 Feb 2017

Version 2.11.6

Updated - Malware database updated.
Fixed - Saving the configuration.php file was not changing permissions back to 0444.
Fixed - mod_rsfirewall will no longer trigger the AJAX requests in parallel.
Fixed - Cyprus was erroneously set in Asia.
Fixed - Various language improvements.

29 Nov 2016

Version 2.11.5

Fixed - Scanning for malware AJAX response could be scrambled by an incorrect encoding of a malware pattern.

31 Oct 2016

Version 2.11.4

Updated - Malware database was updated.
Updated - More thorough check for Joomla! < 3.6.4 vulnerability.
Fixed - In some cases, GeoIPv6 functions might throw an error.

06 Oct 2016

Version 2.11.3

Fixed - Checking for the GeoIP v6 file was not working correctly.

28 Sep 2016

Version 2.11.2

Fixed - In some cases when using reverse proxies, the REMOTE_ADDR variable contained multiple IPs and threw an error.
Fixed - GeoIP was incorrectly initialized when not enabled.
Fixed - Google Safe Browsing error messages are now displayed to provide more details.

07 Sep 2016

Version 2.11.1

Updated - IPv6 GeoIP database support.
Updated - Improved Country Blocking interface initial setup.
Updated - Google Safe Browsing API updated to v4.
Updated - Malware database updated.
Fixed - Permissions were not being saved correctly due to Joomla! changes since 3.6.0.
Fixed - Denied referers were not recorded in the System Logs even with 'Log all blocked attempts' set to 'Yes'.

05 Aug 2016

Version 2.11.0

Added - Map of blocked attacks in the System Overview area.
Updated - Malware database updated.
Updated - Replacing email addresses with images has been re-worked to reduce page load.
Updated - More information shown when a protected user change has been attempted.
Fixed - No longer allows you to delete files from your Temporary Folder if it's incorrectly set and contains your website's folder.
Fixed - System Logs was becoming slow due to missing indexes on tables.

09 May 2016

Version 2.10.2

Updated - A log entry will be created when a change is attempted on a protected user.
Updated - A log entry will be created when the creation of a new administrator is blocked.
Updated - Malware database updated.
Fixed - Old log entries were not deleted according to the settings.

01 Apr 2016

Version 2.10.1

Added - Check your website's status in Google Safe Browsing lists.
Added - View and remove files that have been ignored during the System Check through "Accept changes".
Updated - Malware database updated.

19 Feb 2016

Version 2.10.0

Added - Built-in exceptions for com_plugins, com_templates, com_modules
Updated - Show number of files (hashes) modified or missing from your Joomla! installation.
Updated - Can overwrite modified files or add missing files straight from the Joomla! repository.
Updated - Malware database updated.
Fixed - If no signatures are present an error messages is shown during the System Check scan.
Fixed - 'Error! is not a valid folder' message rewritten to make more sense.
Fixed - Creating php.ini: open_basedir value could have contained empty paths in some cases.
Fixed - Creating php.ini: open_basedir did not return the correct session.save_path.
Fixed - Checking temporary files might not have listed files in some cases.

25 Jan 2016

Version 2.9.7

Added - View contents of files tagged as malware directly from the System Check area.
Updated - Malware database updated.
Fixed - Invalid data could be stored when activating 'Protect the following users from any changes'

21 Jan 2016

Version 2.9.6

Updated - Notification emails now contain the 'Debug information' as well.
Updated - System Check now ignores folders it cannot access rather than stopping.
Fixed - System Check could not be completed when encountering a symbolic link pointing back to the Joomla! root.

22 Dec 2015

Version 2.9.5

Fixed - Reverted some functions so that Joomla! 2.5 is still supported.

22 Dec 2015

Version 2.9.4

Updated - File paths in the Ignore files and Monitor files section are now stored with relative paths when backing up.
Updated - Can choose if you want to keep the Update Code from the configuration.json.
Fixed - Converting email addresses to images displayed a PHP Notice in some cases.

21 Dec 2015

Version 2.9.3

Added - System Check now checks if the Session Handler is set to 'Database' and issues a warning.
Added - Select which headers to check for the real IP if server behind proxy (wasn't configurable until now).
Updated - Can now filter based on Blocked status in the System Logs area.
Updated - Debug information in System Logs hidden by default - a 'Show' button has been added to display it.
Fixed - Session injection protection did not automatically blacklist IPs.
Fixed - Language strings in the mod_rsfirewall module were not loaded if the System Plugin was disabled.
Fixed - In some cases, the System Check would write a log even if the option was disabled.
Fixed - Converting email addresses to images did not work with new (long) domain extensions.

16 Dec 2015

Version 2.9.2

Updated - Further improvements to session injection vulnerability prevention.

15 Dec 2015

Version 2.9.1

Updated - User Agent Blacklist updated to prevent Joomla! session vulnerability.
Updated - Malware database updated.

11 Dec 2015

Version 2.9.0

Added - Can now view differences in modified core Joomla! files.
Added - Ability to deny referers by specifying the domain name.
Added - Export & import configuration data.
Added - Download System Logs in CSV format.
Updated - Country Flags are now displayed on the Blackist/Whitelist page.
Updated - Visually improved Backend Login and Forbidden views.
Updated - Backend Login and Forbidden views can be overrided through the template now.
Updated - No longer checking 'register_globals' and 'safe_mode' on PHP 5.4 and newer.
Updated - System Check last run time is now recorded.
Updated - Small interface improvements.
Updated - New malware signatures added to the database.
Fixed - Updating the component did not run the necessary queries when using MySQL (PDO).

22 Sep 2015

Version 2.8.14

Fixed - Add to Blacklist and Add to Whitelist buttons from the System Logs area were not working correctly.

30 Jul 2015

Version 2.8.13

Fixed - Backend login CAPTCHA no longer appeared due to a HTML change in the mod_login layout.

03 Jul 2015

Version 2.8.12

Added - Hashes for Joomla! 3.4.3

01 Jul 2015

Version 2.8.11

Added - Hashes for Joomla! 3.4.2

29 Jun 2015

Version 2.8.10

Added - Joomla! updates integration.
Fixed - Clicking on countries in the Country Block area did not work on Google Chrome and Internet Explorer.

25 May 2015

Version 2.8.9

Fixed - Blacklisting no longer worked if a wrongfully added IP range was present in the database.

21 May 2015

Version 2.8.8

Added - Ability to select a continent to block.
Updated - Malware signature database.

15 May 2015

Version 2.8.7

Updated - 'Automatic blacklisting for /administrator login' is now independent of the 'Automatic blacklisting' option.
Updated - 'Enable CAPTCHA' is now independent of the 'Automatic blacklisting for /administrator login' option.
Fixed - Dashboard message that a file has been modified persisted even after replacing the file with the correct version.
Fixed - Logging in successfully now resets the number of login attempts to 0.
Fixed - 'Monitor the following files for changes' was not being loaded correctly from the Configuration.
Fixed - When using a PDO MySQL database an error was thrown.
Fixed - Longer texts in the System Logs areas were showing outside of their bounding area.

04 Mar 2015

Version 2.8.6

Added - Hashes for 3.4.0
Added - Hashes for 2.5.28
Fixed - Due to this Joomla! 3.4.0 issue uploading the GeoIP.dat.gz file did not work anymore.

03 Mar 2015

Version 2.8.5

Fixed - The backend sidebar on Joomla! 3.4 was not showing correctly.

03 Feb 2015

Version 2.8.4

Added - Whois service for IPv4 can now be configured instead of the default 'http://whois.domaintools.com'.
Added - A separate Whois service for IPv6 can now be configured.
Added - Warning message shows up when 'Disable the creation of new Administrators' is active and you're editing a user in User Manager.
Updated - Logging more events (if it's enabled) when performing the System Check to aid during debugging.
Fixed - In some cases, the JSON result returned by the System Check couldn't be decoded.
Fixed - Country Flag did not appear in the System Overview page.
Fixed - Country Flag did not appear in the RSFirewall! Control Panel Module.

14 Jan 2015

Version 2.8.3

Fixed - 'System Overview' graph wasn't showing properly.
Fixed - 'Protect the following users' was creating duplicate users when the user didn't exist.
Fixed - 'Protect the following users' was throwing a 'JUser::_load unable to load user' error when the user didn't exist.

06 Dec 2014

Version 2.8.2

Updated - Malware database has been updated with new signatures.
Updated - Rewrote 'System Plugin is disabled' message and added suggestions to fix.
Updated - 'Ignore files and folders' and 'Monitor the following files for changes' width increased.
Fixed - Resolved a '500 View not found' error in frontend.

28 Nov 2014

Version 2.8.1

Fixed - Solved an incompatibility with PHP 5.2 when enabling 'Protect forms from abusive IPs'.

27 Nov 2014

Version 2.8.0

Added - Hashes can now be downloaded straight from our update server without installing a new version of RSFirewall!.
Fixed - Scanning the integrity of files no longer works on development releases (such as alpha versions of Joomla!).
Fixed - Scanning could not finish no longer shows up when you're missing hashes for your version.
Fixed - Detecting invalid inclusions (CryptoPHP) in PHP scripts (in the Checking for malware step) was too sensitive.

18 Nov 2014

Version 2.7.5

Updated - Database Check now only performs tasks on MyISAM tables.
Updated - Checking for malware now detects invalid file inclusions in PHP scripts.
Updated - A warning message pops up when attempting to navigate away when the System Check is still in progress.

07 Nov 2014

Version 2.7.4

Updated - System Overview graph has been optimized for use with large datasets.

30 Oct 2014

Version 2.7.3

Updated - Installation no longer sets MyISAM as the default storage engine for new tables.
Fixed - When incorrect IPs were present in the Blacklist new IPs could no longer be banned through the administration.

27 Oct 2014

Version 2.7.2

Updated - Small coding style improvements.
Updated - Checking if an IP is a search engine bot now uses the more reliable 'Net_DNS2' library.
Fixed - RSFirewall! Control Panel Module now loads jQuery from the Joomla! 3.x framework.
Fixed - System Check was not able to finish when files in the root were being ignored.

23 Oct 2014

Version 2.7.1

Updated - Servers that natively support GeoIP but don't have the database installed now display a message.
Updated - 'Check All' from 'Country Blocking' now behaves more intuitively.
Fixed - System Check was throwing an error when checking for weak passwords due to the assets table being corrupted.
Fixed - Admin users were not showing up in the 'Lockdown' section when the assets table was corrupted.
Fixed - In some cases, Google or MSN Bot verification would issue a warning.

15 Oct 2014

Version 2.7.0

Added - Added spam protection for forms (can be enabled in Firewall Configuration - Active Scanner).
Added - Added support for IPv6.
Added - Added support for CIDR notation and IP ranges.
Added - 'File Manager' (from Firewall Configuration > System Check) now displays file size and permissions.
Added - IPs can now be blocked easier straight from the 'System Logs' area.
Added - IPs can now be whitelisted from the 'System Logs' area.
Updated - False positive results in 'Malware check' can be instantly ignored by clicking a button.
Updated - If GeoIP is available, a country flag is shown next to each IP in the 'System Logs'.
Updated - 'Bing Bot' is now whitelisted by default.
Updated - 'Malware check' improved - checks for rogue files in the Joomla! root as well as other folders that shouldn't contain PHP files.
Updated - No longer recommending 'allow_url_fopen' to be disabled since it caused issues with the Joomla! auto-updater.
Updated - No longer recommending placing 'configuration.php' outside root since it proved to bring minimal benefits at the cost of modifying core files.
Updated - GeoIP.dat.gz can now be uploaded and will be decompressed automatically.
Updated - Hosting server's IP can no longer be blacklisted.
Fixed - Using a broken GeoIP database no longer renders website unusable.
Fixed - Worked around bug in Joomla! 3 that prevented the action dropdown (in item listing) from functioning correctly.
Fixed - Clicking 'Accept changes' for modified Joomla! core files wasn't disabling the checkboxes.

14 Oct 2014

Version 2.6.7

Fixed - jQuery is now loaded from the Joomla! 3 framework.

01 Oct 2014

Version 2.6.6

Added - Added hashes for Joomla! 2.5.27, 3.2.7 and 3.3.6

01 Oct 2014

Version 2.6.5

Added - Added hashes for Joomla! 2.5.26, 3.2.6 and 3.3.5

24 Sep 2014

Version 2.6.4

Added - Added hashes for Joomla! 2.5.25, 3.2.5 and 3.3.4

12 Sep 2014

Version 2.6.3

Updated - During configuration.php integrity check, configuration.php location is based on where JConfig has been initialized.
Updated - jQuery (loaded in Joomla! 2.5) updated to v1.11.1
Fixed - Deprecated jQuery function calls have been replaced.
Fixed - System Check could not finish due to a redirect caused by MightySites - added workaround.
Fixed - Domain (host) added as built-in exception for JS inclusion in order to avoid false positives during Malware check.

02 Sep 2014

Version 2.6.2

Fixed - RSFirewall! still asked for the GeoIP.dat file to be uploaded even if the server had native GeoIP support.

28 Aug 2014

Version 2.6.1

Fixed - Typo in function name and proper escaping of 'Pause between requests' value.

27 Aug 2014

Version 2.6.0

Updated - Improved detection of base64 encoded strings during the System Check.
Updated - When XDebug is enabled in PHP, the System Check is no longer available.
Updated - Joomla! and RSFirewall! version checking now uses caching.
Added - A timeout can now be set between requests during the System Check.
Added - 'Google bot' is now whitelisted internally.
Fixed - IPs are now trimmed of extra spaces.
Fixed - Slightly improved error messages when the System Check failed.
Fixed - When the System Check fails, the grade is no longer calculated.
Fixed - System Check might have been flagged as a bruteforce attack by some server firewalls because it posted requests to 'index.php'.

25 Jul 2014

Version 2.5.12

Added - Hashes for Joomla! 2.5.24
Added - Hashes for Joomla! 3.3.3

25 Jul 2014

Version 2.5.11

Added - Hashes for Joomla! 2.5.23
Added - Hashes for Joomla! 3.3.2

23 Jul 2014

Version 2.5.10

Fixed - "# emails per hour" was not being used correctly.

16 Jun 2014

Version 2.5.9

Added - Ability to specify default file and folder permissions.

13 Jun 2014

Version 2.5.8

Added - Hashes for Joomla! 2.5.22

13 Jun 2014

Switched to new version mode.

12 Jun 2014

Rev 57

Added - Hashes for Joomla! 2.5.21
Added - Hashes for Joomla! 3.3.1
Added - Hashes for Joomla! 3.2.4

05 May 2014

Rev 56

Added - Hashes for Joomla! 2.5.20
Added - Hashes for Joomla! 3.3.0
Added - Option to log System Check to a file.
Added - Option to log all RSFirewall! blocked attempts.
Fixed - Large PHP files are now skipped from the Malware check.

06 Mar 2014

Rev 55

Added - Hashes for Joomla! 2.5.19
Added - Hashes for Joomla! 3.2.3
Fixed - Multiple IPs through proxy were not detected correctly.

07 Feb 2014

Version Rev 54

Added - Hashes for Joomla! 2.5.18
Added - Hashes for Joomla! 3.2.2

18 Dec 2013

Version Rev 53 - Joomla! 2.5/3.x only

Added - Hashes for Joomla! 2.5.17
Added - Hashes for Joomla! 3.2.1
Fixed - RSS Feeds handling has been rewritten.
Fixed - Limit for RSS Feeds items wasn't being used.

07 Nov 2013

Rev 52 - Joomla! 2.5/3.x only

Added - Hashes for Joomla! 2.5.15
Added - Hashes for Joomla! 2.5.16
Added - Hashes for Joomla! 3.1.6
Added - Hashes for Joomla! 3.2.0
Fixed - Checking for weak passwords during System Check did not work on 3.2.0.
Fixed - Added a few exceptions for some false positives during System Check.

02 Aug 2013

Rev 51 - Joomla! 2.5/3.x only

Added - Joomla! 2.5.14 hash files
Added - Joomla! 3.1.5 hash files

26 Jul 2013

Rev 50 - Joomla! 2.5/3.x only

Added - Joomla! 2.5.13 hash files
Added - Joomla! 3.1.4 hash files
Fixed - Worked around JView bug introduced in Joomla! 3.1.2 and upwards

29 Apr 2013

Rev 49 - Joomla! 2.5/3.x only

Added - Joomla! 2.5.11 hash files
Added - Joomla! 3.1.1 hash files

25 Apr 2013

Rev 48 - Joomla! 2.5/3.x only

Updated - Malware database
Added - Joomla! 2.5.10 hash files
Added - Joomla! 3.1.0 hash files
Added - Joomla! 3.0.4 hash files
Fixed - System Check was looping in some cases

05 Feb 2013

Rev 47 - Joomla! 2.5/3.x only

Added - Joomla! 2.5.9 hash files
Added - Joomla! 3.0.3 hash files
Added - PHP 5.2 compatibility (we still recommend 5.3)
Fixed - Getting an IP behind a proxy is now more reliable

09 Nov 2012

Rev 46 - Joomla! 2.5/3.x only

Added - Joomla! 2.5.8 hash files
Added - Joomla! 3.0.2 hash files
Fixed - Multiple issues found in R45
Fixed - Workaround for version checking on 2.5.x
Fixed - Accept changes for missing files

06 Nov 2012

Rev 45 - Joomla! 2.5/3.x only

Joomla! 3.0 compatibility (including responsive design & bootstrap compatibility)
Refactored code to use less resources
Completely rewritten the System Check, providing a smoother, less resource intensive experience
Database Check has been rewritten to work only on MySQL servers
System Logs are now showing more information
Firewall Configuration now provides more detailed options
The RSFirewall! Control Panel Module has been rewritten
Grade computing logic has been changed
System Overview now includes a visual graph of the latest attacks
Lockdown has now been split into three separate options
Ability to create exceptions with several filtering options available
Permissions check no longer runs on Windows servers
Password strength didn't work on Joomla! 2.5
Failed login attempts are now only being triggered on Joomla! logins only

14 Sep 2012

Rev 44

Added - Joomla! 2.5.7 hash files

28 Jun 2012

Rev 43

Updated - Missing language translations are now reverted to en-GB
Updated - Backend CAPTCHA is now disabled automatically if it cannot be shown (in 3rd Party Administrator Templates)
Updated - mod_rsfirewall now uses layout overrides
Added - Bulk adding to Blacklist/Whitelist
Added - Automatic blacklisting for failed /administrator login attempts
Added - Ability to disable backend CAPTCHA
Fixed - Auto blacklisting did not add the date when the ban was added

20 Jun 2012

Rev 42

Updated - Protections are no longer triggered for IPs in the Whitelist
Updated - Improvements when loading the RSFirewall! configuration
Added - Country blocking
Added - Blacklist/Whitelist management
Added - Ability to automatically add to blacklist repeat offenders
Added - Ability to limit the number of log emails to be sent within an hour

20 Jun 2012

Rev 41

Added - Joomla! 2.5.6 hash files

19 Jun 2012

Rev 40

Added - Joomla! 2.5.5 hash files

02 Apr 2012

Rev 39

Added - Joomla! 2.5.4 hash files
Fixed - Minor installation issue with Joomla! 2.5
Fixed - Joomla! 2.5 generator tag was not being removed

28 Mar 2012

Rev 38

Added - Joomla! 1.5.26 hash files

15 Mar 2012

Rev 37

Added - Joomla! 2.5.3 hash files
Added - Basic Joomla! 2.5 ACL support

06 Mar 2012

Rev 36

Added - Joomla! 2.5.2 hash files
Removed - Joomla! 1.6.x hash files
Fixed - Throwing false alerts from Google tracking links
Fixed - IP was not detected correctly when using proxies

03 Feb 2012

Rev 35

Added - Joomla! 2.5.1 hash files

25 Jan 2012

Rev 34

Added - Joomla! 2.5.0 hash files

14 Nov 2011

Rev 33

Added - Joomla! 1.7.3 hash files
Added - Joomla! 1.5.25 hash files

18 Oct 2011

Rev 32

Added - Joomla! 1.7.2 hash files
Added - Joomla! 1.5.24 hash files
Fixed - mod_rsfirewall was not displaying the correct image ratio

27 Sep 2011

Rev 31

Added - Joomla! 1.7.1 hash files

28 Jul 2011

Rev 30

Added - Joomla! 1.6.6 hash files

20 Jul 2011

Rev 29

Added - Joomla! 1.7.0 stable hash files

12 Jul 2011

Rev 28

Added - Joomla! 1.6.5 hash files

29 Jun 2011

Rev 27

Updated - Joomla! 1.7 compatbile
Added - Warnings when using 1.7 development version
Added - Joomla! 1.7.0 (beta1) hash files
Fixed - Tooltips in overview screen
Fixed - Looping error during System Check on 1.7
Fixed - Uninstall not removing the RSFirewall! System Plugin on 1.6

28 Jun 2011

Rev 26

Added - Joomla! 1.6.4 hash files

19 Apr 2011

Rev 25

Added - Joomla! 1.6.3 hash files

15 Apr 2011

Rev 24

Added - Joomla! 1.6.2 hash files
Updated - Skipping default Joomla! 1.6 templates (administrator and frontend)

05 Apr 2011

Rev 23

Added - Joomla! 1.5.23 hash files

08 Mar 2011

Rev 22

Added - Joomla! 1.6.1 hash files
Fixed - Some admin users were not being detected correctly

21 Dec 2010

Rev 21

Updated - Joomla! 1.6 compatible
Added - Joomla! 1.6.0RC1 hash files
Fixed - Improved SQL injection detection
Fixed - Improved Shell detection
Fixed - Improved LFI detection
Fixed - The check if the "admin" user is active now takes into account if the user is blocked
Fixed - Using native functions to check if the RSFirewall! plugin is enabled
Fixed - W3C Validator is now able to connect to a RSFirewall! protected website
Fixed - Email cloaking not working correctly

05 Nov 2010

Rev 20

Added - Joomla! 1.5.22 hash files

11 Nov 2010

Rev 19

Updated - Additional backend password has been rewritten, works on all servers and provides a nicer layout
Updated - SEF support detects 3rd Party SEF components as well
Added - Joomla! 1.5.21 hash files
Added - Database Check
Added - During System Check, the current folder is shown
Added - Check for .htaccess in your Joomla! root
Added - Number of files/folders to check in the System Check
Added - Ability to ignore folders/files during System Check
Fixed - System Check no longer hangs, it skips to the next available step
Fixed - Directories with slashes were hanging the System Check

29 Jul 2010

Rev 18

Improved - XSS attacks filtering
Improved - LFI "controller" injection detection

19 Jul 2010

Rev 17

Added - Joomla! 1.5.20 hash files

16 Jul 2010

Rev 16

Added - Joomla! 1.5.19 hash files

16 Jun 2010

Rev 15

Added - Protection against common malware User-Agents
Added - A few more passwords for strength test
Fixed - The module now uses Ajax calls to connect to the server to avoid timing out in the Administrator area

31 May 2010

Rev 14

Added - Joomla! 1.5.18 hash files

11 May 2010

Rev 13

Added - SEF check
Added - Session Lifetime check
Added - FTP password check
Fixed - JavaScript bug when running the System Check a second time
Fixed - RSFirewall! Administrator module overlapping in IE8
Fixed - CSS issue with grade icon in IE
Fixed - No longer throwing a fatal error if the helper file is missing
Fixed - Rewrote installation procedure

28 Apr 2010

Rev 12

Added - Joomla! 1.5.17 hash files

26 Apr 2010

Rev 11

Added - Joomla! 1.5.16 hash files
Added - Extra message in PHP fix
Fixed - Moved malware signatures to database in order to prevent server antivirus software to identify RSFirewall! as a false positive
Fixed - CSS issue with missing background image
Fixed - PayPal no longer being blocked as DoS attack

05 Nov 2009

Rev 10

Added - Joomla! 1.5.15 hash files

03 Nov 2009

Rev 9

Added - Cleaning backdoored versions of Jumi
Fixed - Accept change bug

29 Sep 2009

Rev 8

Added - Warning message for old version of Internet Explorer users
Fixed - System Check Javascript to work with Internet Explorer 8

24 Sep 2009

Rev 7

Added - Ability to show CAPTCHA after a number of unsuccessful login attempts
Added - Ability to ignore modified/missing files during System Check
Added - Logging unsuccessful attempts to login into the backend
Added - Password strength tester in com_users
Fixed - Redone the System Check to use multiple ajax threads instead of a single one
Fixed - Various fixes when generating php.ini
Fixed - com_frontpage was not showing up in the list of allowed components
Fixed - Wrong md5 calculated in the System Overview when a modified Joomla! file was detected
Fixed - DoS protection and converting emails to images still ran even with Active Scanner disabled
Fixed - SQL protection was flagging a legitimate server query as an injection in a special situation
Fixed - If a component/module or default template has been uninstalled it should not be checked
Fixed - Wrong language loaded when sending emails
Fixed - The file and folder permissions grade was not correctly calculated
Fixed - Using $JSession->set() to store data instead of $mainframe->setUserState()
Fixed - No more stripping slashes on Windows servers
Fixed - Improved the System Check URL recorded in the System Log

03 Aug 2009

Rev 6

Fixed - Results are now truncated to save server memory
Fixed - Optimized the checking for file and folder permissions to use less memory
Fixed - Optimized the checking for malware patterns to use less memory
Fixed - Version compare now ignores "rebranded" Joomla! versions such as "1.5.14 DutchJoomla"

31 Jul 2009

Rev 5

Added - Joomla! 1.5.14 hash files
Fixed - If Backend Access Control is enabled and there are no users selected, by default all users are allowed so you don't lock yourself out
Fixed - No more stripping HTML from passwords

23 Jul 2009

Rev 4

Added - Joomla! 1.5.13 hash files
Fixed - Language file wasn't loaded correctly in a special situation

14 Jul 2009

Rev 3

Added - Ability to generate images instead of plain text email addresses
Fixed - Not showing modified files in the Overview
Fixed - The RSFirewall! Grade did not show up in the module correctly
Fixed - The RSFirewall! Grade would give very high scores when having a few files or folders with wrong permissions
Fixed - Throwing errors when $_REQUEST contained an object or resource
Fixed - addslashes() escaping quotes with quotes instead of backslashes

01 Jul 2009

Rev 2

Added - Joomla! 1.5.12 hash files
Added - Removal of the generator meta tag from your Joomla! template
Added - Website grading system (computing a security score based on your website's security)
Added - System Log entry when running the System Check
Fixed - Minor memory optimizations

Search In:

Ordering:

Our Latest Template

RSVario!

Join The Template Club

Free Downloads

Paid Downloads

General FAQ

Documentation

Home / Support / Documentation / RSFirewall! User Guide / Changelog / RSFirewall! Changelog