188 comments found.
bit confused how to integrate.
I have a website portal on a domain. will this work on a sub folder?
is there any script to add to the website to work?
Yes, the script will work when installed in a subfolder and this is the recommended way for using it. After the installation of script you will see two lines of code that should be put in one main php file of your website. If the path in the integration code is correct then the script is successfully integrated with your website. The integration code and detailed instructions can be found in the Documentation and FAQ tab, too. After purchase I am available for help with installation, integration.
It would be handy if your script could ban further octets. Can it ban further ranges? 192.168 for example?
The current supported IP range ban format is: 192.168.0 (for example).
Thank you. Is this something that might be considered for a future update?
Yes, I will keep your idea in mind for the future updates.
Does it support multiple domains ??
Yes, but in the most cases the script should be installed on each domain separately if they are using different file storages.
Looks like a very well thought out script! So one install only protects one website or can it protect more? For example, I have one cPanel account with 3-4 addon domains. Must buy for each domain?
The script can protect multiple websites.
In your case when you install the script on one of the website, if the other websites have access to the file path where the script is installed, then only this one installation is enough. Multiple websites can be integrated with the script via the integration code with correct path. Otherwise a separate installation and license will be needed per each website/installation/domain.
When using Cloudflare the logs show the Cloudflare IP address. How can I enable it to show the users IP? Thanks.
Check this solution: https://support.cloudflare.com/hc/en-us/articles/200170786
Thanks. I’ll check it out now.
This is an amazing script you’ve made! Very high quality and just works as it’s supposed to. I do however have two suggestions for future versions: 1. Please look into a possible integration with the StopForumSpam API for the spammer module, and 2. Allow the AdBlock Detector to just ‘nag’ the visitor to disable their AdBlocker before letting them continue with it on.
Thanks for the good words and for the ideas. I will keep them in mind for the future updates.
You’re welcome, althought I had a question and wanted to know if you could help, I have the script installed on the same server (cPanel/WHM) in two domains (one for staging/testing purposes and the other being the ‘live’ version) the ‘Site Info’ section’s TTFB is 948ms for the staging version, and 5.95 seconds for the live one, any reason why? It can’t be the server because the staging one loads extremely quick and so do all of the other sites.
I am not sure what causes this. Server response times depend on many factors and web host provider can help with this. Maybe the testing site has less data and data files than the live one.
That makes sense. The staging environment has only 7,000 files, whereas the live one has over 53,000… Thank you for the prompt reply and amazing product, I’ll be sure to leave it a good rating and review!
Hi
The plug-in also scans the system for malware and removes it?
Hi,
Malware Scan feature is not offered in the current version of the script.
You can check the Malware Scanner product that can help you to detect malicious (suspicious) files: https://codecanyon.net/item/shell-scanner/5609275
I understood,
Does the Malware Scanner detect and remove?
Do you have a tutorial for installing the two plugins?
Malware Scanner can detect malicious (suspicious) files but does not remove them due to the chance of false-positive detections.
Installation instructions of the both scripts can be found in the Documentation and FAQ tab here. After purchase I can help with the installation.
I bought the plugins.
How is support done, by email?
I will need help with the installation.
Thanks for the purchase. Send me web host login details via the Contact Form and I will install them on your website.
Hi,
Can you pass your email for support?
I need to clear up some doubts with you
Thanks.
Hi,
The easiest way is to send me your message via the Contact Form on the right sidebar of the Item’s page. It will sent your message directly to my email address.
I need help with installing the plugin. I sent an email, via contact form
Yes, I received your message and replied to you.
Hello,
I need to update this script and install into my website. I need help about this.
Please contact with me : tasarim@cihanduran.com
Hi,
Send me web host login details via the Contact Form and I will do the update for you.
I want to be sure, i installed the script already on my website and i could see all my site configurations there which means its working. but what i dont understand is ive been using this script more than a week now and i am not seeing anything going on in the dashboard e,g Attacks, Bots, Logs, Live Traffic etc. nothing shows there even though they are enabled.
Make sure that the script is integrated with your website and mainly check if the integration code’s path is correct.
How will I know if it’s integrated? The script is showing my site php details etc.
Is there a way to find out if the script is integrated?
Yes, enable Live Traffic monitoring via the closed (minimized) panel (box) on its page and if the script is integrated correctly you will see the logged visits.
Hello, I have a WooCommerce site which only focus on the customer in my local country.
But the log shows that it is accessed by many different IP over the world everyday. I googled these IPs, nearly all of them is recored as “abuse IP list”. My temporarily way to avoid those hancker IPs is to block all IPs over the world except my own country. But it will harm my SEO.
Is your plugin a good solution to my issue? for example, it could block all the known “abuse IP” without affect the SEO?
Thanks a lot.
Hi,
Yes, Project SECURITY can help you to block “abuse IP” without affecting the SEO. The script is designed to block different types of threats. Country Bans, Bad Bots detection and many other useful features are offered, too. SEO related bots can be Whitelisted.
Hi. One more question: is it safety for SEO? The solution have some knows about google, yandex and etc bot crawlers? They did not block by you script?
Hi,
Yes, it is safe for SEO. During the tests of the script SEO related bots were not blocked. If false-positive detections appear you can Whitelist them, send me a message with details via the Contact Form and I will fully solve it.
Hello, today i got some mail from some person that one of my site has SQL injection vulnerability which come to be strange, after that i set up again your great product. So on index of web site i added our code and all seems work fine. My question is, do i need to add this code only on index.php? or do i need to apply it on every needed page? One other, ones we apply this code, does it block sql injection attacks? do we need to do someting more beside ? Thank you…
Hi,
Yes, it is enough the integration code to be added only in index.php file if all other .php files of your site are including it. Otherwise the recommended way is to put the integration code in the other .php files too if there is not main/common for them .php file. After the code is applied correctly the SQL Injection attacks will be prevented and there is no need to do something additional.
Thank you so much
One other on my dashboard, i see now SQL INJECTIONS 1 what should i do ? or it is shows protection count?
There is no need to do something. This just shows the count of the prevented threats (SQL Injections in the case).
thank you for great product*
I want to purchase this. I don’t know how to install it. I have some questions.
1. My site currently have a database and its a php script. When installing your script via Cpanel, would I have to install it in the public_html ?
2. When creating the database, would I have to link it to my existing database or create a new one?
1. The recommended way is to install it in a subfolder of public_html. Example: public_html/security/
2. The both solutions can work, you decide whether to create new database or to use the existing.
Okay . Thank you
Lastly, Does this also work with sub domains and sub directories or we have to get a new license for that? E.g i want to get the script and install it on my parent site (public_html > Security). Will the script extend to my sub domains or sub directories or just only my parent site?
Yes, the script can protect subdomains and subdirectories. After installation you will have to integrate it with the subdomains / subdirectories that you want to protect. Separate license is needed per installation/website/domain. In your case one license will be enough.
Pls which folder will i install it? I created a new folder, named it security and installed the Source filles there, but when i checked my site /security, im not seeing any installation.
The folder is correct. This could be caused by parent .htaccess rules of your site. You can send me web host login details via the Contact Form and I will do the installation for you.
ive sent you already. pls check
Done, the installation is finished.
This is a good project, but I want the author to listen to me and make some changes and improvements in the near future:
1) Determine the real IP addresses of the visitor, not the IP addresses of the proxy servers behind which they are located (Matomo analytics platform as an example). 2) Ability to add IP addresses for blocking in CIDR format. Thus, you can compose the correct IP addresses of any country as a whole (IP address blocking by forum engine xenforo as an example). 3) Ability to connect a local IP address database (GeoLite2 City Binary as an example).
Thanks in advance.
1) Update that should improve this was released. Also check this article: https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs
2 and 3) Thanks for these ideas, I will keep them in mind for future updates.
Hello Antonov_WEB !
Questions before buying:
1) What method is used to determine the IP address of a visitor from a specific blocked country? Is the local IP address database used for this? For example – GeoIP2 Binary (.mmdb) from maxmind.
2) If I have blocked a specific country, can I grant access to the site for some specific IP addresses from that country?
3) I noticed that there is no blocking of IP addresses in the CIDR format. Could you add this capability in a future update?
Thanks in advance.
Hi,
1. IP is detected in real-time via PHP techniques. The first method is the $_SERVER variable and its REMOTE_ADDR value. The second method is using PHP”s getenv function and its HTTP connection related values. No database is used for the IP detection. For the country detection is used external API.
2. Yes, you can exclude IP Address from blocked country via the IP Whitelist module.
3. Thanks for the idea, I will keep it in mind for the future updates.
would this be suitable for kiwimate.nz install ? I am familiar with wordpress not php so much. How diffficult is it to install ? do you offer a install serveice?
Yes, it suitable. The Installation process is very easy but in addition I offer help and can install the script for you.
how to intergrate code into main php file
The recommended way is to copy the integration code (from the Documentation for example) and put it in the top part of one main .php file that is included in all other .php files of your site. After that set a correct path to where the script is installed.
If you are not able to do it, just send me web host login details via the Contact Form and I will do it for you.
Hi, I have just purchased and installed your script. Is there a way that we can test to see that it is working correctly?
It’s OK regarding the testing question. I found another question about this and managed to test the installation.
The easiest way to test it is to enable Live Traffic monitoring and if visits are recorded, then everything is working fine.
how do I use script to protect entire server/webhost/cpanel.
Such functionallity is not offered in the current version. Only the hosting providers have access to the full file storage of the webhost where CPanel is installed. You can protect all .php based sites, located in your www / public_html directory via the integration code of the script.
hello,
Your software is very interesting, but in my opinion it lacks a function to complete the protection.
Can you add a function that makes a scan of all files in the directories (or some of them in choice functions) to check if the date, size or checksum of the file, directory rights, has been changed. You could program a cron 1 or 2 times a day to check. This would allow to see if there are any changes. Look at the FileWizz prog available on codecanyon
and which sends an email or/and sms in case of change
cordially
Hi,
Thanks for the idea, I will keep it in mind for the future updates.
