IDSJ - Intrusion Detection System for Joomla!

Simple to use, well structured and fast security layer for Joomla!

Intrusion Detection System for Joomla! is a simple to use, well structured, fast security layer for your Joomla! website. The plugin recognises when an attacker tries to break your site and reacts exactly how you configure it.

Based on a set of approved and heavily tested filter rules provided by the PHPIDS project, any attack is given a numerical impact rating, and preselected actions are triggered to mitigate or stop the hacking attempt entirely.

Installation

Install the extension in the backend under Extensions. Set the desired settings in Extensions -> Plugins -> System - Intrusion Detection System for Joomla! - IDSJ.

The plugin has four intrusion detection actions:

The Email Action (PRO) allows you to send a notification email with detailed information to specified email addresses if the system detects an intrusion attempt. Note: This action can only be activated in the Pro version!

The Block Action (PRO) blocks IP addresses from accessing the Joomla! website entirely if they exceed the allowed number of intrusion attempts. All requests from blocked IP addresses are terminated directly by the plugin. After the specified block time, the IP addresses are removed from the lock list and can access the system as usual again. Note: This action can only be activated in the Pro version!

The Log Action logs all intrusion attempts into a text file on the server. You may find the log file under plugins/system/intrusiondetectionsystemjoomla/src/logs/log.txt.

The Stop Application Action abruptly stops the execution of the Joomla! system and displays an error message if an intrusion attempt is detected.

Note: The plugin does not sanitise or filter malicious input but executes the selected actions if an intrusion attempt is detected. An IDS system should not be relied upon for sole protection in your environment! Use it as the first level of threat identification.

The plugin uses the Expose library for the checks: https://github.com/enygma/expose

Changelog

Joomla! 4.x

Version 4.0.6.0-PRO - 2022-11-27

• + Added Email for user agent blocks option. With this option, the plugin sends a notification email for blocked user agents.

Version 4.0.5.0-PRO - 2022-09-16

• + Added German translation. Thanks to Dirk (Wilderer) for requesting it!

Version 4.0.4.0-PRO - 2022-09-12

• + Added Pro Security Token validation check. The Pro package contains a token file with an individual security token linked to the user account and checked against the validation server for authenticity.
• ^ Multiple internal code optimisations.

Version 4.0.3.0-PRO - 2022-07-25

• + Added Delete log file link to delete the log file directly in the browser.
• ^ Updated language files
• ^ Code optimisations

Version 4.0.2.0-PRO - 2021-12-19

• + Added Show log file link to display the log file content directly in the browser.
• + Added Request-URI information to the log file and email notification. Thanks to Thomas L. for the feature request!

Version 4.0.1.0-PRO - 2021-11-11

• + Added the built-in Download Key Manager support to enter your Pro Update ID without installing the update helper plugin.
  Important: Please copy your personal Pro Update ID using the second copy button in the Pro ID Manager and enter the key in System - Update - Update Sites - Select the entry of the Pro extension and enter the ID into the Download Key field.
• ^ Code optimisations

Version 4.0.0.0-PRO - 2021-08-27

• + First Pro release for Joomla! 4.x based on IDSJ Pro version 3.1.1.1-PRO

Joomla! 3.x

Version 3.1.5.0-PRO - 2022-11-27

• + Added Email for user agent blocks option. With this option, the plugin sends a notification email for blocked user agents.
• + Added German translation.

Version 3.1.4.0-PRO - 2022-07-24

• + Added Delete log file link to delete the log file directly in the browser.
• ^ Updated language files
• ^ Code optimisations

Version 3.1.3.0-PRO - 2021-09-27

• + Added Show log file link to display the log file content directly in the browser.

Version 3.1.2.0-PRO - 2021-09-25

• + Added Request-URI information to the log file and email notification. Thanks to Thomas L. for the feature request!

Version 3.1.1.1-PRO - 2021-04-19

• ^ Added labels to the notification email
• ^ Added request parameters to emails triggered by the user agent blocklist

Version 3.1.1.0-PRO - 2021-04-18

• + Blocklist - User agents option - This option allows blocking requests from specified user agents. If such a request is registered, it is treated as an impact threshold excess, and the selected actions are applied.

Version 3.1.0.0-PRO - 2021-04-12

• + Impact threshold - Direct block option for Block Action - Set the value from which impact the system triggers the blocking action directly. The value 0 disables this option.
• ^ Changed the version number specification. The first number stands for the supported major Joomla! version. The following three numbers follow the Semantic Versioning Specification (SemVer), as it used to be previously.

Version 3.0.1-PRO - 2021-03-10

• + Whitelist option - This option allows to whitelist names from the analysed data so that these names' values are not analysed and do not affect the overall impact. It is useful for variables that are prone to false-positives but are appropriately sanitised by the application (for instance, "password").

Version 3.0.0-FREE - 2021-02-22

• + First release for Joomla! 3.x - Based on 3.0.0-PRO with a limited feature set.

Version 3.0.0-PRO - 2021-02-18

• + First release for Joomla! 3.x

Download

Overview of all downloads of the extension: IDSJ - Intrusion Detection System for Joomla! Downloads