Joomla! Checksum Scanner - Joomla! Component - Logo

Joomla! 3 native

Name: Joomla! Checksum Scanner - Version: 3.2.0 - Type: Component - License: GPLv3
Description: JCS scans files for modifications

Overview of all downloads of the extension: JCS - Joomla! Checksum Scanner Downloads

File Scanner - Scans the system for integrity with Core, Snapshots and Archive Checks

Component: JCS - Joomla! Checksum Scanner
Function: Detects changes to files quickly and easily - Monitoring security extension
Languages: English / German
Joomla! Versions (tested with): >=3.3.x

This extension scans files for changes. For this purpose, a snapshot is created by the system, in which all files and the corresponding checksums are stored. This snapshot can be used for further scans to detect changes to the current system. The extension supports three different types of scan: Core, Snapshot and Archive Checks. In the Core Check the system is checked with checksums from the official packages. With the Snapshot Check the current system is compared with a previously created snapshot. In the Archive Check an archive file (e.g. the core package or a backup archive) is compared with a snapshot. Thus you can find modified files quickly and easily, what greatly simplifies an analysis of the file-integrity.

Features

  • File scanner for the CMS Joomla!
  • Scanner recognizes modifications reliably with the help of checksums
  • Scan types: Core, Snapshot and Archive Check
  • Core Check uses the service provided by CMS MD5 CHECKSUMS
  • Snapshots are image copies of the entire system
  • Snapshots can be exported to save them independently (import function will be added soon)
  • With the Archive Check the system can be compared with a zip archive (e.g. backup archives)
  • No limitations on the number of scan, snapshot or counting processes
  • Result is listed by the file states: New, modified, removed and identical
  • Scan result is saved to the database and can be analyzed at a later time
  • Additional feature: Count Files - fast scanning process without unnecessary overhead
  • Options: Exclude files and folders from the scan process, set checksum algorithm
  • Checksum algorithms: MD5 and SHA1 (hash values)
  • Fine-grained ACL configuration: Create snapshot, Core Check, Snapshot Check, Archive Check, Display scan result, Count files

Installation

Install the extension in the backend through the installer and open it in Components -- JCS - Joomla! Checksum Scanner.

The dashboard of the component is divided into two parts: scan types and a list of all scans. The Core Check can be executed directly, however for the Snapshot and Archive Check a snapshot has to be created first. The snapshot of the current system state can be created in the submenu 'Manage Snapshots'. All previous scan processes are listed in the dashboard and can be analyzed at any time.

The scanner finds new, modified or removed files reliably and lists them with the full path on the result page. Suspicious files should be checked manually with the help of a (S)FTP program in more detail!

Scan Types

Core Check - With this type you can compare the current state of the Joomla! installation for integrity with the checksums from official packages. This scan type requires a request to load the checksums from the project CMS MD5 CHECKSUMS.
Attention: Only core files are checked for changes, you should still use a snapshot or a backup files to compare with a previous state.

Snapshot Check - With this type you can compare the current state of the Joomla! installation with a previous state from a snapshot.

Archive Check - With this type you can compare the current state of the Joomla! installation with all files from an archive (e.g. core package or backup archive).
Important: To improve the performance, the archive files are always compared with a snapshot. Please create a new snapshot and use this snapshot to check the state of the installation with the files from the archive. This means that the snapshot represents the current system in this type!

Attention: It can happen that the server rejects large files, therefore the Archive Check can not be performed properly. The limits can be increased in the "php.ini" with post_max_size and upload_max_filesize!

The counting scan (submenu 'Count Files') should be used to get a quick overview. The files are counted quickly without unnecessary overhead and space in the database.

Settings

You can set the following options in the settings:

  • Exclude Files From Scan Process - Enter the full names of the files with the path which should be excluded from the scan process. One entry each line! (not recommended)
  • Exclude Folders From Scan Process - Enter the paths of the folders which should be excluded from the scan process. One entry each line! (not recommended)
  • Select Checksum Algorithm - Here you can select the checksum algorithm. MD5 is faster than SHA1 but more collision-prone. It is very unlikely that a changed file will produce the same checksum, so MD5 should be used to create the checksums. See for more information: http://stackoverflow.com/questions/4233113/what-checksum-algorithm-should-i-use

Each action can be controlled accurately with the Joomla! ACL functionality (see Options - Permissions).

For very large sites you may occasionally encounter problems due to limitations of the server. In such cases, you can solve the problem by excluding folders or increasing the limits (by your hosting company). I could scan a test site with more than 4 GB without a problem on my local server environment.

Tips for proper use

  • Create regularly snapshots to be able to compare the with the current state of the system and check the system with these snapshots
  • Before updating always perform a scan with the latest snapshot
  • Create a new snapshot after an update, use it as a reference
  • Check the system regularly with the core checksums and available snapshots to ensure integrity
  • Create a new snapshot when moving to live stage or to a new server
  • Save the reference snapshots on your local machine with the help of the export functionality

Important: Joomla! Checksum Scanner is not a malware scanner (yet)! It will not scan for malicious code but for file modifications. The files need to be checked manually for changes!

Changelog

+ = Added - ! = Removed - ^ = Changed - # = Fixed

Joomla! 3.x

Version 3.2.0 - 2016-03-18

  • + Core Check - With this type you can compare the current state of the Joomla! installation for integrity with the checksums from official packages. This scan type requires a request to load the checksums from the project CMS MD5 CHECKSUMS.
  • + Export Snapshots - Export your snapshots and save them as a text file locally. Import function will be added in the next version.
  • + Code Refactoring
  • ^ Updated template files / Code style improvements
  • ^ Updated Language Files
  • ^ Updated custom field - krtitle
  • # Fixed archive upload functionality - using filter raw instead of array
  • # Fixed clear button to clear search input field
  • # Fixed loading animation after click on a scan button
Open/Close

Version 3.1.0 - 2015-08-01

  • + Donation Code Validation Process - Improved the validation process with a new server (HTTPS request) plus an independent, separated fallback server (HTTP request).
  • https://check.kubik-rubik.de/
    http://check.kubik-rubik.eu/
  • + New Download Server - Download packages are located independently of the project website on a new download server.
  • https://downloads.kubik-rubik.de/
  • ^ Semantic versioning - Switched to semantic versioning, see http://semver.org/ for more details. Please update manually since the core update server functionality will not recognize the new version!
  • ^ Improved footer output with donation code message in all views

Version 3-1 - 2014-09-16

  • + First public release!

Version 3-1 DEV-2014-08-17

  • + Added new scan type: Archive Scan - With this type the current system state (represented by a snapshot of the system) can be compared with an archive file (e.g. backup or core packages)

Version 3-1 DEV-2014-08-14

  • # Files which were excluded in the settings weren't removed properly in the scan process with a snapshot which was created before the exclusion was set - Thank you Roger Perren for reporting this issue!

Version 3-1 DEV-2014-08-12

  • First test release of the security component - Contact me via email if you want to test this release!

This version is for preselected testers only. Do not use this development version on a productive environment!

Download

Download - improved development versions exclusively for subscribers

-

Download - free, public versions

Overview of all downloads of the extension: JCS - Joomla! Checksum Scanner Downloads