Site "hacked" by my own security extension (Marco's SQL Injection)

[pintobuck]

I very much like the Joomla security extension "Marco's SQL Injection," and I used it on multiple sites. However, on this one site it caused my web hosting service to think the site had been hacked and they shut down my site.

Problem:
Marco's SQL Injection thought that the web site hosting service's own cache server was a potential injection attack. Everytime the cache server communicated with my web site, Marco's sent a warning email to the administrator. Marco's sent 325 emails in quick succession, which my web site hosting service thought were a nuisance or a hack and they shut down my site. Cleaning up the site to the satisfaction of the web hosting service has been a major job, because the site is closed and I have to manually disable all copies of Marco's, and manually delete all the cache files, log files, and delete inactive copies of the site that are still on the server.

I cannot get into an installed Marco's SQL Injection right now, but if I recall correctly, Marco's SQL needs a white list capability so that it can be set to ignore its own servers' IP numbers. (If Marco's does have white list capability, then I plan to use it.) I did notice that the extension does not use Joomla's automatic update feature, so it's a good idea to check Marco's for updates. Marco's own website does not have a forum, so I will alert Marco via his contact form.

[mandville]

sorry, i might be missing the point of your post

[pintobuck]

My hosting service finally let me back into my website. I uninstalled Joomla extension Marco's SQL Injection because it does not play nice with my web site hosting service's own server. It was like an autoimmune disease that keeps attacking its own body. Short of uninstalling Marco's, I could have just turned off the email notification, but that would just treat the symptom and leave the problem unsolved.

Marco's does have a whitelist feature to exclude other Joomla extensions, but Marco's does not have a whitelist feature to allow you to exclude your own server's IP number. Maybe Marco will add that in the future.

Re: Mandville, thank you for your inquiry.
Purpose of this thread is to share information and experience. No telling when someone else will experience the problem and come searching for information. A few times I've been helped by similar posts from people just sharing their experience without asking for help, and one or two times I've been thanked for doing the same. One of my recent forum threads received 4,300 hits in its first week, so you never can tell what will help. The current solution to that problem came from a solitary post that was just sharing information.