If you ever had a Joomla! site hacked, you know how difficult it is to clean up the site. Hacked files can be sprinkled among the thousands of files and folders in the Joomla! filesystem and are not easily found by an administrator. Looking at file dates and combing through web server logs are the manual techniques to find these files, which is a laborious process and missing just one file is an opportunity for a site to be re-infected all over again. Hacked sites can be blocked by web browsers or shut down by ISP's until they are cleaned up.
Zap Audit is our newest Joomla! extension and was written by a Joomla! administrator for Joomla! administrators to combat hacking of Joomla! sites. It allows administrators to take back control of their Joomla! site. Zap Audit finds hacked files, recommends best practices based on a site analysis and provides proactive monitoring to minimize damage from future hack attacks. Zap Audit can save hours of work cleaning up a site, allowing you to delay or even eliminate the need to rebuild a hacked Joomla! website from scratch. It runs entirely within your Joomla! website, so no data is transferred outside your company to a third party. Zap Audit can even analyze an offline site that is down due hacking or other reasons by analyzing the zipped files from the site using Zap Audit installed on another Joomla! site.
Your Joomla! site is analyzed by Zap Audit for hacked files in seven ways:
Unauthorized Files - Zap Audit looks for files that have been added to a Joomla! or Zap Audit folder but not in the original installation.
CRC Check - Zap Audit performs a CRC checksum comparison between the files in the Joomla! and Zap Audit distributions and the corresponding file in the file system. If the checksums are unequal, this means the file was modified since its installation, a common technique used by hackers.
Suspect Files - For 3rd party add-ons and other files not in the Joomla! or Zap Audit distribution, a suspect file check is made to determine if the file is exhibiting a hacked file signature.
PHP Files In Media Folders - Media folders are for media, so lets keep it that way! PHP files found in media folders are flagged.
PHP Files In The Temporary Folder - 3rd party add-on installations may leave behind PHP files, fertile ground for hacked files to hide in.
Files And Folders With The Wrong Permission - All files and folders are checked against the recommended Joomla! file and folder permissions.
PHP Files Added Or Modified Within The Past 3 Days - If a file was added or modified recently it will appear in this list. Valid Joomla! log and cache files are removed from the list to reduce false positive results on valid Joomla! files.
In addition to the file checks, Zap Audit analyzes the site for Joomla! and database best practices.
Zap Audit Lite: Peace of Mind Monitoring
Zap Audit Lite is the free version of Zap Audit and provides a summary audit of your site. Sleep better knowing your site is free from hacks. The thousands of files and folders in your Joomla! site are scanned for hacks and viruses. If it finds an issue, Zap Audit will let you know about it. To fix an issue, use our standard or pro versions for a detailed report of specific issues.
Zap Audit Standard: Take Back Control Of Your Joomla! Website
Zap Audit Standard provides a detailed audit report for your website, suitable for printing or e-mailing. The report shows an itemized list of file problems and a Joomla! best practices report. You can run Zap Audit Standard on all your sites for the same price as one site.
Zap Audit Pro: Take Back Control and Proactively Monitor
Zap Audit Pro does everything the standard version does plus adds site monitoring. This version is great for users managing multiple websites or want to proactively monitor their site. Get e-mails automatically when an issue is discovered or see an audit summary of all your sites on a single page report. Since there is no limit to the number of sites you can run Zap Audit on, you can monitor all your Joomla! sites at no additional cost.
Two site monitoring tools are included with the Pro version:
- E-Mail Alerts: Zap Audit Pro will monitor your site for changes in the background and send an e-mail to you when it finds an issue. This can be done for one or more sites. This utilizes one cron job for each site.
- Monitor Report: Up to 20 sites can be displayed on single screen and show at a glance the audit findings with counts for each category. When enabled, e-mails can be sent when a change in audit findings is detected. This utilizes one cron job for all sites.
Zap Audit is offered as a subscription, which provides application updates during the subscription period. If a subscription expires, updates will no longer be available but the Zap Audit will still run.