#45

Product support

Get help in the plugin support forum.

Categories

  • Security

Hooray!! We have shared coupon for 50% discount.. Do not forget to use BLACK_FRIDAY as coupon code when you are purchasing this plugin before 31th December!

"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked."
-- White House Cybersecurity Advisor, Richard Clarke

We know, Laravel and October are tough enough against bad situations. But security is always matters.

This plugin adds extra layers for hardening Security. Also useful for blocking Abusive Users, IPs, Bots and many more.

Installation

Also if you are getting "dependencies missing" error:

This plugin have some dependencies and they should be provided. OctoberCMS handles this process itself but if you are getting "dependencies missing" error, you should run command php artisan uxms:sentry-install on console for installing library dependencies. And RainLab.User and RainLab.Location plugins also must be installed.

Performance Tips

  • If you encounter slowing your website, consider disabling HackRepair.com's Abusive User-Agents List feature. It has 17,780 Definitions and may slightly affect performance if you have too much visitors or average server specs.

Features of Plugin:

Security Essentials

  • Disable Directory Browsing (Apache Only)
  • Disable PHP Files in Storage Folder (Apache Only)
  • Filter Request Methods (Apache Only)
  • Filter Suspicious Queries (Apache Only)
  • Filter Non-English Characters in QS (Apache Only)
  • IDS (Intrusion Detection System) [EXPERIMENTAL]

Blocking Features

  • HackRepair.com's Abusive User-Agents List (17,780 Definitions) (Apache Only)
  • HackRepair.com's Abusive Referers List (Apache Only)
  • HackRepair.com's Malicious Bot Queries List (Apache Only)
  • Custom Blacklist IP Blocking (Supports IPv6)
  • Custom Blacklist IP Range Blocking (Supports IPv6)
  • Custom User-Agent Blocking
  • Custom Referer Blocking
  • Custom Blacklist Country Blocking
  • Block Browser Access to Important Files (Apache Only)
  • Blocking Some Types of Drive-by-Downloads (Apache Only)
  • Blocking Some Types of XSS Attacks (Cross-Site Scripting) (Apache Only)

Automation Jobs

Crontab Installation: Setting up the scheduler

  • Modified Website Files Alteration Scanner
  • Manual Alteration Scanner
  • Website Malware Scanner
  • Manual Malware Scanner
  • Scheduled DB Backups to Email
  • E-mail Alerts

Additional Features

  • Detailed Visitor Logs
  • Detailed User Logs
  • Detailed Admin Logs
  • Detailed System Information
  • Detailed MaxMind GeoIP2 Lookup
  • Secure Password Generator
  • Whois Lookup Tool

Do you need help about something? please do not hesitate to contact us.

Have a suggestion for a new feature to this plugin? We are always eager to hear from you.

Encountered any error, bug or something missing? Write us and we will solve that asap!!

TODOs: (by priority) (after v1.0.9)

  • htaccess gzip compression support
  • htaccess deflate compression support
  • "Force SSL" option for front-end requests
  • "Away Mode" for Backend access
  • Admin Audition for Backend users
  • 404 detection for IPv4 and IPv6 based auto-lockouts
  • Cloudflare Integration
  • Scheduled DB backups extra options (via email, locally, Amazon S3, Dropbox)
  • IPS (Intrusion Prevention System) [EXPERIMENTAL]
  • Dashboard widgets for quick view

Detailed Changelog

Changelog Page

Requirements

Demo Backend Account

If you want to examine the detailed backend functionality, please kindly ask for login details.

Additional Licenses on behalf

If you are getting "dependencies missing" error:

This plugin have some dependencies and they should be provided. OctoberCMS handles this process itself but if you are getting "dependencies missing" error anyway, you should run command php artisan uxms:sentry-install on console for installing library dependencies. And RainLab.User plugin also must be installed.

What should I do?

Octo Sentry plugin works on background regularly if it has configured properly. Everything is automated. If you want to be informed what is happening on system, you can look at the plugin pages for more information.

Useful artisan commands

We put 3 console commands which you may need:

  • php artisan uxms:sentry-clear - Clears all Sentry settings for any wrong blocking situations (i.e. when locked-out yourself..)
  • php artisan uxms:sentry-htaccess - Reverts back OctoberCMS' original .htaccess file if you have any issue with rules
  • php artisan uxms:sentry-install - Installs composer dependencies if vendor folder not populated properly

Plugin Configurations

You should go to Settings > System > OctoSentry page and configure these settings as described:

  • Send E-mail Alerts to - This email address is for keeping you informed about actual events

  • Activations - This options switches logs, blockings and filters

    • Keep Visitors Log- Activates statistic logs when any visitor visiting the website
    • Keep Users Log- Activates statistic logs when any user logged-in on website
    • Keep Admins Log- Activates statistic logs when any administrator logged-in on backend
    • Disable Directory Browsing- Directory Browsing should be disabled if you want to hide directory file tree (If your server is already configured, you can disable this option)
    • Disable PHP Files in Storage Folder- OctoberCMS also take cares of directories and files' visibility, but it is wiser to take precautions..
    • Filter Request Methods- Active this option if you want to filter methods except than GET and POST
    • Filter Suspicious Queries- Filter some suspicious query strings.
    • Filter Non-English Characters in QS- Some special characters may disable security or break functionalities. It is suitable mostly to allow only English characters in Query String
    • Block Browser Access to Important Files- You can disable browsing to important files (such as logs)
    • Block Drive-by-Downloads- You can block Drive-by-Downloads by activating this option
    • XSS Attack Shield- You can block some type of XSS Attacks by activating this option
    • Enable HackRepair.com's Abusive User-Agents List- You can block access of known Abusive User-Agents from visiting your website. This has 17,780 Definitions and if you have too much visitors or average server specs, website performance may slightly affected
    • Enable HackRepair.com's Abusive Referers List- You can block access of known Abusive Referers from visiting your website
  • Daily Backup - If you activated daily backups, selected tables will be zipped to your email address everyday at 00:05

  • Filewatcher - If you activated filewatcher, it scans selected folders automatically for alterations everyday at 00:10

  • Malware Scanner - If you activated Malware Scanner, it scans selected folders automatically for harmful codes everyday at 00:15

  • IP Blacklist - IPv4 or IPv6 addresses for blocking access to your website. You can add "Standard IPs", "IP Ranges", "Wildcards" and Mask bits in "CIDR Notation"

  • User-Agent Blacklist - User-Agents for blocking access to your website

  • Referer Blacklist - Referer for blocking access to your website

  • Country Blacklist - Countries for blocking access to your website

  • Recovery - If you want to use original .htaccess file, you can recover back whenever you want
1.0.17

Plugin SVG icon added for October stable release

Aug 03, 2016

1.0.16

Fixed menu permissions

Jul 28, 2016

1.0.15

Sidebar background style changed

Jul 28, 2016

1.0.14

Sidebar partial code fixed

Jul 28, 2016

1.0.13

Sidebar file php tag fixed

Jul 28, 2016

1.0.12

Model Log file names fixed

Jul 28, 2016

1.0.11

stock .htaccess updated

Jul 28, 2016

1.0.10

Fixed sidenav partial path for error in some cases

Jul 28, 2016

1.0.9

Raised some exceptions in classes and middlewares

Mar 08, 2016

1.0.8

Default mail sender changed with app.url

Mar 08, 2016

1.0.7

Updated GeoLite2-City database

Mar 08, 2016

1.0.6

Added manual scan flexibility for both filewatcher and malware scanner

Mar 08, 2016

1.0.5

IPv6 support added for both logging and blocking

Mar 08, 2016

1.0.4

Malware Scanner optimized

Mar 08, 2016

1.0.3

Malware scanner and mail event created

Mar 08, 2016

1.0.2

File watcher (Alterations) and mail event created

Mar 08, 2016

1.0.1

Created essential tables

Mar 08, 2016

1.0.0

Plugin Init

Mar 08, 2016