Dean Marshall Consultancy Ltd

Freephone:     0800 756 6482
International: +44 1524 63492
Lancaster UK: (01524) 63492
Joomla!® Security and Support Experts

Please note that our documentation is being reviewed due to the release of DMC Firewall for WordPress. The following documentation was written for Joomla! so some of the information will not apply to DMC Firewall for WordPress.

DMC Firewall Explained

DMC Firewall is built up on a number of plugins, modules and a component. Below we will outline the tasks of each so you can gain a better understanding of how DMC Firewall works.

Component - DMC Firewall

The component provides you with a friendly user interface where you can manage the DMC Firewall settings. You also have a number of security 'tasks' that you can perform from within the component such as changing the database table prefix, changing weak Super Administrator passwords, configuring which 'bad bots' to ban, turning DMC Firewall into 'test mode', view the statistics of hack attempts - SQL Injection attempts and the number of 'bad bots' which tried to access your website. You can also see a number of issues that need attention - such as Super Administrators using 'weak passwords', if you are using the default Super Administrator account, if you are using a 'weak' table prefix.

Plugin - System - DMC Firewall Plugin

This plugin does all the 'heavy lifting'. The system plugin checks all page requests that are sent to Joomla - making sure they are safe. The plugin checks for 'bad bots, hack attempts and SQL Injection attempts' and only blocks the bad requests meaning that legitimate visitors are allowed to view your website. This plugin also handles the requests to the centralised blacklist where all bad activity is stored (this is stored on our servers).

Plugin - System - DMC Content Sniffer

This 'system' plugin 'sniffs' your websites output just before it is rendered to the end user. It looks for any 'bad content' that shouldn't be there. If any of the content contains these 'bad words', an email is sent to the 'webmaster' informing them that their website may have been compromised. Some websites may contain these 'bad words', just like our website does in some of our blog articles. For this reason we didn't want an email being sent to us every time the 'bad words' were found in the page so we added a Threshold limit. 'Bad words' can be found on your website but as soon as the threshold limit has been reached, the email will be sent. By default the Threshold limit is set to 5.

Plugin - Authentication - DMC Login

This plugin replaces Joomla's authentication plugin and allows us to manage logins within your website. We created this plugin and the corresponding extensions parameters so that we can block hackers from trying to login to your website. Hackers try hundreds if not thousands of different usernames and password to try and find one that works, as standard Joomla lets them keep trying. This plugin blocks their access when they have trued X amount of attempts - the value is configurable via the Global Configuration tab within DMC Firewall. This plugin is only available within the Professional release of DMC Firewall.

Module - DMC Firewall - Statistic Information

This module displays a number of statistics within the Joomla administrator area. It is only for statistical information only!