CG Secure component protect your Joomla forms and admin access by checking IPs from AbuseIPDB, giving country/spammer status.
Version 1.0.15 : 127.0.0.0 = localhost
Version 1.0.14 : bypass com_users.profile in com_contact
Version 1.0.13 : unknown country = reject
Version 1.0.12 : wrong spammer status
Version 1.0.11 : redirection
Version 1.0.9 : JED Compatibility
Version 1.0.8 : allow all countries, but still block spammer
Version 1.0.7 : Joomla 4.0 compatibility (2019 October)
Version 1.0.6 : first release (2019 October)
|Donwload CG Secure Component |
Download not allowed
(already downloaded 132 times)
CG Secure component uses CG Secure and CG Country plugins, centralizing their parameters.
You may authorize one or more countries to connect to your admin/website. Any connection from another country must be a hacker trying to access unauthorized parts of your website.
For your information, even if you did not define any private access, any user may access to Joomla identification form by adding /index.php?option=com_users&layout=edit&id=0 to your website address. If you did not de-activate user registration (activated as default value in older Joomla version, prior 3.7.0), welcome to our open bar.
Once running, CG Secure protects /administrator using a password, after checking IP's country code, spammer status in AbuseIPDB. It also hides forms to unwanted users.
IP is checked against AbuseIPDB database which returns country code and spammer status.
In case of an unauthorized country, you may report this IP to AbuseIPDB. You must register to AbuseIPDB to report an IP (it's free).
Banned Ips may be logged in cgipcheck.trace.log file in your logs directory. I use View Logs component to check my log files.
Rejected user won't even see your forms.
Banned IPs are also stored in your database (table #__cg_rejected_ip). They remain in your database depending on your "IP life time' parameter from your CG Secure configuration menu. You may see these IPs through CG Secure Logs menu.
How access to your administration once CG Secure has been actived ?
Note: if you did not enter any password, administrator access is done as usual, IP checking is performed anyway.
- HTTP Authentication: standard Apache authentication. You'll have to enter a password in "Password" field, "Username" field may remain empty as it's not checked,
- Compatibility: you'll have to enter http://www.yourwebsite.com/administrator?yourpassword — "yourpassword" being the password you entered in CG Secure plugin.