Recently I noticed that one of my trusted customers was downloading all extensions he had a subscriptions for. No issue there, but I noticed that the download originated from an Iranian IP Address.
I contacted my customer by email and asked him if it was him who was doing the downloads: it turned out that he wasn't the person logged in!
The username and password that he used on my site (and that he also used on other sites) was compromised.
He was glad I notified him: he immediately changed his password on all sites he was using these credentials on avoiding further damage!
Notifying your users automatically
And that started me thinking:
Is the person logging in to my site also the person who the account belongs to? If not, my extensions potentially end up on the 'black-market'. But worse: the account information will also be available and that also has worth for a hacker.
What if the abuser changes your password or even your email address in your account: you would never know and would not be able to get access any more.
ochSimpleFirewall's new 'Notify Users' feature
And that is how the new 'Notify Users' feature was started in ochSimpleFirewall.
Just like the mayor content platforms (like HBO Max, Netflix, Nextcloud, etc.) ochSimpleFirewall adds the the ability to notify your users of account activity via email to your Joomla site:
- on a password change
- on an email change (email to the old email address)
- on a new device / location login
I have tested these features extensively and in the short period of time that I had it enabled, I already found 5 (!) illegal logins: logins the account holders where not aware off.
I use it now on all my sites, not only for my users, but also on sites that have one (administrator) user: I now get notified if any of my own accounts on my Joomla sites is used to login with, or if the password / email was changed.
That won't stop abusers...
Of course these notifications are no 'cure' for your account being misused: two-factor authentication and (very) strong passwords are best implemented but even then...
It will limit further damage...
The damage will even get bigger when your account is abused and you are not aware of it.
It is like your bank card got stolen: the moment you are aware of this you can contact your bank and block the card for abuse. The sooner you know, the better: that is the added value of these notifications!
This new feature is available in ochSimpleFirewall version 2.2.0!