Securitycheck Pro 4.1

+ Database update until Jan 10 2023 (both versions)
+ Fixed bugs (only Pro version)
Causing fatal errors getting new vulnerabilities in database update and view vulnerabilities functions.
+ Improved compatibility with Dark mode (only Pro version)
Removed old styles to make the extension compatible with this new mode.
+ Improved the way to retrieve the component involved on each query (only Pro version)
Using a different core event that gives us that information.
+ Improvements in the extension's design (only Pro version)
Removed unused css, javascript and image files. Now the extension loads all resources using the Web Asset Management.
+ Improvements in scans (only Pro version)
To avoid an issue with encoding and remove some deprecated functions in php 8.2.
+ Fixed bug in firewall (only free version)
To really block IPs when added to blacklist.
+ Updated Hungarian translation (thank you very much for your effort, Zoltán!)(only Pro version)
+ Fixed bug in spam protection (only Pro version)
Content into the "Forms to include a honeypot trap" field was not saved.

+ Code rewritten (both versions)
I completely rewrote the code to make it fully compatible with the Joomla! 4 and Joomla! 5 branches.

+ Database updated until Sep 04 2023 (both versions)
+ Final version for Joomla! 3 (both versions)
As per our policy regarding end-of-life Joomla! release branches, we have discontinued support for Joomla! 3 sites. (https://securitycheck.protegetuorde...ment/2231-announcement-about-joomla-3-support).
+ Improvements checking info about outdated extensions for Control Center (thank you very much for reporting this, Alex!) (only Pro version)
For some reason the core function to search for outdated extensions returned an exception. Added code to catch it.
+ Avoid error adding exceptions (thank you very much for reporting this, Margaret!) (only Pro version)
Every time we tried to add exceptions that had already been added, all those exceptions were added. This resulted in the exceptions field being flooded.
+ Fixed bug getting info about the system (only Pro version)
We got a fatal error if the php_uname function was disabled by the hoster.

Securitycheck Pro is a global protection suite designed to protect your website without affecting your server's speed. This version includes:

A modular interface to manage the entire extension quickly and easily.

Web Firewall
The web firewall protects against SQL Injection, Cross-site scripting, LFI and RFI, Headers modification, CSRF, clickjacking and brute force and dictionary attacks, and includes the following features:

• Ipv6 supported.
• Blacklist (ip range allowed).
• Whitelist (ip range allowed).
• Dynamic blacklist.
• Events recording, which can be viewed by admins from backend.
• Alert or strict mode.
• Redirection to a default page or drop connection if an attack is detected.
• Second level protection to find suspect words (with editable list of suspect words).
• Base64 check.
• Email notification.
• Filter exception, mode and priority selection for greater flexibility.
• User session protection.
• Session hickjacking protection.
• Export logs in csv format.

File Manager
You can check file/folder permissions and easily view misconfigured configurations.
Any problem? Click 'Repair' button and permissions will be corrected.

File Integrity
Thousands of files in our Joomla website, how to know if one of them is modified?
With File Integrity you will be alerted when a change occurs in any file.

Malware scanner
The most advanced malware scanner on the market. Look for suspicious patterns, known malware filenames and files with multiple extensions and check them against an online service with 40 anti-malware engines and millions of hashes on it databases. And all with two clicks!

.Htaccess protection
Lot of traffic from bots?
Block malicious user-agents and increase overall security esily with this feature.
Want to hide your backend url? Add a secret key to your admin page to prevent dictionary and brute force attacks.

Track failed login attempts
We can monitorize failed login attempts from backend and frontend and take actions against them.

Email on backend login
You receive an email every time someone access to the backend.

Forbid new administrative accounts
Even if they are created not using the Joomla backend.

Upload scanner
We can check uploaded files looking for files with multiple extensions and forbid certain extensions and mime-types.

Remote Management
Manage the extension remotelly from a centralized console.

Rules Management
Trusted users? Now you can choose to which groups apply Web Firewall rules.

Cron Plugin
Get files status without afecting QoS.
Launch File Manager or File Integrity tasks when your server has less workload.

ACL checking
Administrators got an alert if an insecure ACL configuration is set for Guest or Public groups. This could save us of many headaches.

Module Info
Check your Joomla security status at a glance.

Url Inspector
The url inspector allows us to ban IPs that use forbidden words in urls. This way we have a powerful mechanism to control all queries to our website, even those that are redirected to a 404 page.

Vulnerabilities checking
Securitycheck Pro performs a check of the versions of all the components, plugins and modules of your Joomla installation, comparing them with its database to show if there are vulnerable extensions. Forget individually test of every extension to avoid vulnerabilities: Securitycheck Pro does it for you.

Vulnerabilities database
Securitycheck Pro incorporates a database where you can see all the vulnerabilities known to our version of Joomla. This database is constantly updated to include the latest vulnerabilies.

Performance
This feature has been designed to improve Joomla's performance. Now we can optimize and repair our mysql database.

+ Database update until Jun 02 2022 (both versions)
+ Improvements in updates through Control Center (only Pro version)
Added support to update JCH Optimize version 7.
+ Removed the "Determine option accurately" (both versions)
I have improved the way to retrieve the component involved during an attack. The old method gave a 404 error in same cases (for example multilingual sites) and I was forced to include that option in Securitycheck Pro's config. With this new method we should not have this issue anymore as we retrieve the component more accurately. Customers with this option enabled will have to update the exceptions as previous versions returned a predefined value.
+ Fixed bug storing logs (only Pro version)
Avoiding not storing logs if some fields are too long.
+ Improvements in XSS filter (thank you very much for reporting this Philippe!) (only Pro version)
To avoid false positives in certain words.
+ Improvements in scans (thank you very much for reporting this Philippe!) (only Pro version)
To avoid problems encoding filenames.
+ Improvements in extension's design (only Pro version)
To avoid menu dissapearing on J3 if a plugin loads the modal core function.
+ Fixed minor bug adding exceptions from logs (only Pro version)
The 'second level protection' exceptions were not added.
+ Fixed bug in cron (only Pro version)
Preventing launching the task(s) during the schedule selected.
+ Fixed bug storing logs (thank you very much for reporting this Louis!) (only Pro version)
If the original string was too long the log entry was not written.
+ Improvements in LFI filter (only Pro version)
To avoid false positives in certain patter

• + Database update until Nov 22 2021 (both versions).
• + Improvements in source code to avoid errors launching cli commands. (Only Pro version).
• + Improvements in exceptions system (Only Pro version).
• Now all scans (permissions, integrity and malware) catch the setting for storing or not storing exceptions in database from Global Configuration -> File manager tab. This avoids duplicity and keep things simple.
• + Improvements to avoid a fatal error on PHP 5 versions (thank you very much for your patience Ron!) (Only Pro version).