Jump to content

[MODULE] Ultimate Security Module (Pro)

MathiasReker

By MathiasReker
in Paid Modules & Themes

 Share

Recommended Posts

MathiasReker Enthusiast

MathiasReker

Posted
Posted (edited)
security-pro-all-in-one.thumb.jpg.ef9724df1f6ede4f5d8f05daca8a99ed.jpg
 
 
Price: Only 69,99 EURO (Free support included)
 
 

Cheap doesn't always mean bad. I spent more than a year on this project and I want to help as many store owners as possible. You get all the security features that you need in this module and I update the module on a regular basis.

PrestaShop in its own is very secure. It's among the most secure content management systems available. When that is said, PrestaShop advice you to set file- and folder permissions by your own, and secure your back-end with another layer of security from your webserver itself. This part is not covered by PrestaShop. I added those functions to the module, so you can do it without any coding knowledge. I added all the functions that you need to follow best practice. Trust me - this module will save you months of work.

I did not add settings that are obviously already covered by PrestaShop core with another technique, but if some technique having more layers is good practice, I added those extra layers of security. You can for instance enable Two-Factor Authentication and setup e-mail alert in case of brute force attacks.

Example of a great feature: You can enable e-mail notifications for filechanges. You choose the time interval to check for, by a cronjob. Then you will get an e-mail if there were any filechanges since last check.

In case you get malware, spyware etc., or you mess something up by yourself, you will get an e-mail with paths to the files that was changed. In that way you know exactly where to check!

Here are what you get with Security Pro (all the configurations are not listed, check screenshots for additional information):

Brute force protection:

  •     Enable/Disable "Brute force protection for back office"
  •     Enable/Disable "E-mail notification in case of fail attempts to login"
  •     Enable/Disable "E-mail notification in case of successfully login"
  •     Enable/Disable "Log"


Two-factor authentication

  •     Enable/Disable "Two-factor authentication" (for back office)


Second login

  •     Enable/Disable "Second login" (from your webserver itself)


Secure front office

  •     Enable/Disable "Click-jack protection"
  •     Enable/Disable "XSS protection"
  •     Enable/Disable "Disable content sniffing"
  •     Enable/Disable "Force secure connection with HSTS"
  •     Enable/Disable "Expect CT"
  •     Enable/Disable "Referrer policy"


Anti-SPAM

  •     Enable/Disable "Prevent fake accounts / Block bots"
  •     Enable/Disable "Contact form"
  •     Enable/Disable "Block TOR IPv4 and IPv6 addresses"
  •     Enable/Disable "Block custom list of IP addresses" (The module can handle IPv4, IPv6 addresses, as well as IP ranges, in CIDR formats like ::1/128 or 127.0.0.1/32 and in pattern format like ::*:* or 127.0.*.*)
  •     Enable/Disable "Block custom list of user agents"


Anti-virus

  •     Enable/Disable "Malware scanner"
  •     Enable/Disable "filechanges scanner"
  •     Enable/Disable "Log"
  •     Enable/Disable "Block file uploads" (for back office)


Firewall (WAF)

  •     Enable/Disable "Anti-flood / Anti DDoS protection"
  •     Enable/Disable "Bot check"
  •     Enable/Disable "Anti-SQL injection"
  •     Enable/Disable "Anti-XXS injection"
  •     Enable/Disable "Anti-SHELL injection"
  •     Enable/Disable "Anti-HTML injection"
  •     Enable/Disable "Anti-XST injection"
  •     Enable/Disable "Block too long HTTP requests"
  •     Enable/Disable "Block user agents with too long names"
  •     Enable/Disable "Block old HTTP protocols"
  •     Enable/Disable "Block file-upload" (front office)
  •     Enable/Disable "Log"


Protect content

  •     Enable/Disable "Disable right click"
  •     Enable/Disable "Disable right click on images only"
  •     Enable/Disable "Disable drag and drop"
  •     Enable/Disable "Disable copy"
  •     Enable/Disable "Disable cut"
  •     Enable/Disable "Disable paste"
  •     Enable/Disable "Disable text selection"


Automatic backups

  •     Enable/Disable "Backup database to local"
  •     Enable/Disable "Backup database to Dropbox"
  •     Enable/Disable "Backup files to local"
  •     Enable/Disable "Backup files to Dropbox"


Admin directory

  •     Change name of admin directory in a few clicks.


Password generator

  •     Strong password generator for MySQL database, FTP, hosting panel/cPanel, SSH access and back office.


Scripts

  •     Fix insecure permissions vulnerability
  •     Fix directory traversal vulnerability


Analyze system for all known vulnerabilities

  •     CVE-2020-5293
  •     CVE-2020-5288
  •     CVE-2020-5287
  •     CVE-2020-5286
  •     CVE-2020-5285
  •     CVE-2020-5279
  •     CVE-2020-5278
  •     CVE-2020-5276
  •     CVE-2020-5272
  •     CVE-2020-5271
  •     CVE-2020-5270
  •     CVE-2020-5269
  •     CVE-2020-5265
  •     CVE-2020-5264
  •     CVE-2020-5250
  •     CVE-2019-13461
  •     CVE-2019-11876
  •     CVE-2018-8823
  •     CVE-2018-8824
  •     CVE-2018-7491
  •     CVE-2018-19355
  •     CVE-2018-19124
  •     CVE-2018-19125
  •     CVE-2018-19126
  •     CVE-2018-13784
  •     CVE-2017-9841
  •     CVE-2015-1175


Analyze your server for insecure settings

  •     session.use_cookies
  •     session.use_only_cookies
  •     session.cookie_httponly
  •     session.hash_function
  •     session.use_trans_sid
  •     session.cookie_secure
  •     session.use_strict_mode
  •     session.cookie_lifetime
  •     session.lazy_write
  •     session.sid_length
  •     session.gc_divisor
  •     session.sid_bits_per_character
  •     allow_url_fopen
  •     allow_url_include
  •     display_errors
  •     log_errors
  •     error_reporting
  •     display_startup_errors
  •     expose_php
  •     register_globals
  •     register_argc_argv
  •     short_open_tag
  •     xdebug.default_enable
  •     xdebug.remote_enable
  •     file_uploads
  •     upload_max_filesize
  •     post_max_size
  •     max_input_vars
  •     max_input_time
  •     memory_limit
  •     max_execution_time
  •     default_charset


Analyze you PrestaShop configuration for insecure settings

  •     PHP version (7.2.19)
  •     SSL enabled
  •     SSL Enabled everywhere
  •     PrestaShop token
  •     Mod Security
  •     PrestaShop admin directory name
  •     Database table prefix
  •     PrestaShop debug mode


Analyze SSL

  •     Analyze your SSL certificate
  •     Scan your website for mixed content


Recommandation
The module does not use overrides and none of the core-files are modified, so you are completely safe against conflicts between other modules.

Works on all major server software (Apache, Nginx, LiteSpeed, etc.).
Works on PrestaShop 1.6.1.x, 1.7.x.x and on thirty bees 1.x.x.
Works on PHP 5.6.x, 7.0.x, 7.1.x and 7.2.x.

Everything is very well tested. No known bugs exist and the module is battle tested! The module is already in production on many stores.

The code quality is high and it follows PretaShop's guidelines.

The code is optimized for performance and security.

If you want to see a demo of the module, or if you have questions please contact me. Contact link: https://addons.prestashop.com/en/contact-us?id_product=44413

1.thumb.png.ccba84010138499506a7ab0a1724c1f0.png2.thumb.png.f073d2585a5ca55938d326471981e788.png

17.thumb.png.943a0f24b48f0ade4213be6de26e062c.png

3.thumb.png.e6a6abf704101d57f8145a0a9d27e6f8.png4.thumb.png.97d0a264154a1bbf80ed0ca4386c8838.png5.thumb.png.b4328ed2fa9ef4917e0364d73e83dc55.png6.thumb.png.ac289e94fd6099456149f4fdf718a94c.png7.thumb.png.e6de4ad25ba02d8e560301f2fedfb7f5.png

8.thumb.png.dae07c27c697d5134b36409d70462f28.png18.thumb.png.ef7dc64b2d1abbf747e1b2b4d976f314.png

9.thumb.png.016f92a303093fa67814c061cf174bec.png10.thumb.png.96f610ee5349d0f2de47f1316eb21a36.png11.thumb.png.937a60981d6c38d9b9a380c188ef9043.png12.thumb.png.b539d158fafa5c4c32562b1b37bb93f7.png13.thumb.png.44c7b4b4af7cc24645ed20a9c867ed9b.png15.thumb.png.c8b42f020d349f9d5d154803d9ed5253.png111.thumb.png.7e1a8a3da12d20b0857e78a1c03fb563.png

 

14.png

Edited by MathiasReker
New major version (see edit history)
Link to comment
Share on other sites
  • 4 weeks later...
  • 2 weeks later...
  • 1 month later...
  • 4 months later...
  • 2 months later...
  • 3 months later...
  • 4 months later...
MathiasReker Enthusiast

MathiasReker

Posted
  • Author
Posted

New version. See the demo here: https://reker.dk/demo/admin-dev/

 

Changelog:

## [8.8.1] - 2021-04-01

### Improvements
- Refactored the whitelist of file monitoring

### Added
- Check for CVE-2021-21398


## [8.8.0] - 2021-30-03

### Fixed
- Minor bugfixes

### Improvements
- Sort backups by date
- Improved input validation

### Added
- Feature to block custom list of email addresses from contact form
- Check for CVE-2021-21302 & CVE-2021-21308


## [8.7.9] - 2021-05-03

### Fixed
- Minor bugfix with PHP 5.6.x

### Improvements
- Thirty bees 1.2.x improvements


## [8.7.8] - 2021-03-03

### Fixed
- Minor bugfix

### Changed
- Improved coding style
- Improved performance of firewall
- Improved display of server configurations
- Improved XXS rules

### Added
- Serbian language
- Bosnian language


## [8.7.7] - 2021-02-12

### Changed
- Improved SQLi detection


## [8.7.6] - 2021-02-10

### Fixed
- Bug with HTTP headers

### Changed
- Improved coding style

### Added
- Arabic language
- Italian language


## [8.7.5] - 2021-01-31

### Fixed
- Long loading time on module back office is improved a lot
- Upload of big files to Google Drive was failing on some systems
- Google reCAPTCHA v3 token expired after 120 sec. It is now resat every 90 sec.
- Fixed error in case of invalid date format

### Changed
- Visually improvements


## [8.7.4] - 2021-01-16

### Fixed
- Minor bugfix


## [8.7.3] - 2021-01-15

### Fixed
- Bugfix for PrestaShop 1.6 with log in to BO

### Changed
- Using SHA1 for the malware report to compare files
- Updated French translation


## [8.7.2] - 2021-01-12

### Fixed
- Bugfix for Internet Explorer at two-factor auth


## [8.7.1] - 2021-01-11

### Fixed
- Login bug with two-factor auth


## [8.7.0] - 2021-01-09

### Added
- Check if the website includes front-end JavaScript libraries with known security vulnerabilities
- New feature at two-factor auth
- New feature to secure external links
- New feature to log admin login attempts

### Changed
- Improved generation of file backups
- Improvements to the code


## [8.6.1] - 2021-01-05

### Fixed
- Login bug with two-factor auth


## [8.6.0] - 2020-01-05

### Fixed
- Old backups were included in the new backup due to an error in the path
- Fixed minor display issues

### Added
- Google Drive integration
- Option to encrypt backups (AES 256)
- BZIP2 support
- Slovakia translation

### Changed
- Improved file change monitoring
- Improved performance of the file backups
- Improved performance of back-office
- Improved Romanian translation
- Improved layouts of the logs


## [8.5.1] - 2020-12-16

### Fixed
- Detection of redirecting to HTTPS
- Detection of CVE-2018-7491

### Added
- Polish translation

### Changed
- Improved wording

Link to comment
Share on other sites
MathiasReker Enthusiast

MathiasReker

Posted
  • Author
Posted
14 hours ago, REGE said:

Hello,

How can I update the module to the latest version?
I have v8.7.9 - purchased on March 22, 2021 from PrestaShop Addons.

Hello

The very latest version is still being validated by PrestaShop. If you want to get it now, please contact me here: https://addons.prestashop.com/contact-form.php?id_product=44413

Then I can send the newest version to you.

Link to comment
Share on other sites
  • 5 months later...
  • 3 months later...
  • 1 month later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...