Cerberus

Cerberus lio Cerberus - an advanced site protection, security solution extension.

Cerberus is an advanced site protection, security solution plugin and based on a simple and durable idea - detect and remove changes caused by intruders as immediately as possible and not giving indispensable time space needed to develop attack they want, so canceling on practice, any intruders effort to compromise your site.
And an successful implementation of that powerful idea which proved day by day on practice is Cerberus application.
  This concept going to replace obsolete conception of one scan per day, which give to intruder all time they need to completion their malicious activity. Many of us had this bitter experience. So, while site being protected efficiently, give the necessary comfort to investigate further eventual intruders incidents, which successfully was cancelled, to get fixed discovered site vulnerabilities. Consequently tuning Cerberus application better.
Cerberus is consisted mainly of two scanning devices. One is use classic way to record site file system and its md5-ed content. This is slow but durable device where are implemented various options provided by Cerberus control panel to specialize device response function to fit to any possible demands.
 And an other device (Guard) which borrow basic options as search options, ignored folders, scan file types, etc. Have extremely small resources footprint and mainly devoted to track down any changes caused by intruders in immediate response.
 Some numbers, to assess efficiency of that device:
  by classic scanning device needed ~ 150 to 200 seconds for scanning an average middle size site (CMS) with about ~16000 files. And less than one second for Guard device (measured when device is on crone job mode, else when displayed spend ~3 to 4 seconds).

 Some compromises in favor to speed response of Guard device are:

  a) in case of file detected as threat (defined in Cerberus Configuration - at field "Scan file types") respect all settings for scan filtering( provided by control panel settings) but not redirecting to application jail folder, simple erase it.
  b) in case of unregistered folder detected as threat no any processing or filtering is implements. Simply erase new (eventually malicious) folder.

A few milliseconds gained by these restrictions are too valuable in straggle of removing immediately if possible malware interventions.
Certain measures have been taken to make time costly to find Cerberus application hosting folder to get access to Cerberus application control panel to disable Cerberus application.

  a) Cerberus hosting folder name is set out from control panel and, as best naming approach to be masked, maybe to set to some similar name as names used in your site.
  b) Even if intruders finds hosting folder a 100 bytes access codes to control panel will be demanded.
  c) Access to Cerberus control panel is possible only from plugin back-end - tab "Plugin" | "Cerberus command panel link" | "Go to Cerberus command panel".
  d)Access duration of Cerberus control panel is varies from 5 minutes to 6 hours and set out from tab "Options" | "Control panel access duration".

  And most important:

 Even if intruders will remove host folder and its content, damage they will cause not affect normal functioning of Cerberus application and only application communications will be lost temporary, which recoverable from Cerberus application by itself automatically. However, the Cerberus application continue functioning normally on full extent, ruining intruders malignant plans.

 Thus with Cerberus application, you'll protect, efficiently, your internet presence, investments and gain peace of mind about your site safety, which is the precious good in nowadays .

____________

Articles:

Cerberus application is auto installing with predefined most common worst case use - an site under continues intruders pressure.

 To adapt application response to particular needs there is rich collection of available settings.
 Let's briefly walk through the application settings to take it over instantly.

PLUGIN tab:
 "Install Cerberus application / Restore Cerberus application Defaults" control
  a. When installing this control is only control in this tab and whole installation is automated and need to follow steps provided by control help panel description.
  b. After application is installed added other two controls:
    - "Connect and run all enabled features"
    - "Cerberus command panel link"
  "Connect and run all enabled features" - simply ON / OFF Cerberus application button.
  "Cerberus command panel link" - provide direct link to Cerberus application native control panel - with adjustable expiration, which set out in tab "OPTIONS" from Group controls: "Cerberus host folder options". See at "OPTIONS" tab: for more detail.

ENABLE / DISABLE tab:
  a. Guard device and its respective cron job, settled separately.
  b. Scanner device and its respective cron job, settled separately.
  a. Execute modules

CRON JOBS tab:. Enable / disable following devices:
  a. Control "Set Guard cronjob time interval" set the time interval per which cron job executes the guard device, predefined at 3 minutes. Cronjob period is together a checking time depth value (plus some small time overlap ~ max scan time set to 1sec - at now it is not adjustable).
  a. And for scan device as much more slower device, predefined time interval set to 2 hours, suitable for most cases.

FOLDERS tab:. Control group "application folders" are filled by application, with predefined folders and are adjustable from user. all folders are set above the site root and all paths mast be absolute.

WHAT TO PROTECT / IGNORE tab:
  a."Protect directories" field set comma separated list of folders you want to scan, paths mast be relative to site root.
  b. "Ignored directories" field set comma separated list of folders you want to be ignored, paths mast be relative to site root. However, please use sparingly, since this increase site exposure to threats.
  c. "Scan file types" field set comma separated list of what file types mast be scanned.

OPTIONS tab:
  a. "Cerberus host folder" field define the Cerberus host folder.
  b. "Control panel access duration" field sets the control panel access duration time interval. When login from public places may use something reasonable small values, for example 10 min. 15 min.
  c. Field "Cache folder / sub folder which needs to be cleared on site backup" set the cache folder actual cache path which automatically will be cleared on site backup action.

MAILING tab:
  Set relative mailing fields and notifications on incidents if you want to.

CONNECT DATABASE tab:
  Database fields which are filled also automatically by application.

NOTE:
  Some notes about uploads facilities:
  Cerberus application will ignore completely uploaded files if their type is not between the scanned files types defined at "WHAT TO PROTECT / IGNORE" tab: "Scan file types" field.
  Even will ignore new folder creation if new folder not contain scannable file types defined in just now mentioned control field.
  So by these conditions any upload facilities are coexistable with Cerberus application without any adjustments.
  In case if scannable file will be discovered by guard device whole folder contained that file will be removed. In case the folder preexist (i.e. registered) will be removed just scannable file.

Some notes about ignored folders:
   Ignored folders mast to be protected by some atleast simple measures, if of course that is achievable.
  For example:
    - changing folder access level,
    - disallow folder web accessing,
    - flushing regularly, if applicable,
    - not use first level sub folders as ignored folder, use more deeply nested sub folders, etc.
  Ideal solution is not using of ignored folders at all or at least use them only temporary, if it possible.


 Cerberus installation is done automatically, but because of specificity of security application, mast to pay maximum attention application to be installed on clear, as much it possible, from malware site.
 So, mast to be taken at least some simple steps for site clearing:
 1. Download your Joomla site and database backup SQL.
 2. Get fresh download of your site version Joomla from https://www.joomla.org/. Unzip.
 3. Scan the copy of your site backup, with your installed antivirus. Focusing primary on images, media and extensions folders, from admin and site areas. Since Joomla core files will be replaced by fresh and clear ones.
 4. Via FTP or terminal remove everything from site root folder. Use server root FTP if available.
 5. Inspect parent to root folder for malware absence:
  a. Download parent to root folder (without, of course, site folder).
  b. Scan, downloaded parent folder, with your installed antivirus.
 6. Via FTP upload fresh unzipped Joomla files from step 2.
 7. Remained to install your extensions you used.
  a. If from step 3. checking folders (images, media and extensions folders) are ok - upload them so. At this point, please, be careful. Often, some intruders so cheeky so they, expose to a common view their scripts without any obfuscation and antivirus simply pass them as legitimate. So, please, examine thoroughly all executable files.
  b. Else inspect carefully from backup one by one extensions file by file. and upload them if ok. This usually a simple and fast task.
  c. Or install your extensions if you are unsure for files integrity.
 8. Inspect language files - usually they always ok.
 At end install the Cerberus plugin, which automatically will take site clear copy and record to database file system data.
 Finally, don't forget to take an complete site backup files and database
 If you follow these simple steps you'll get protect your invaluable assets, effort you invest for your internet presence and gain the peace of mind about your site safety, which today is an invaluable asset so.

Brief description

 Cerberus implements 2 independent and synchronised controls panels. One is a regular plugin backend settings panel and another a native control panel which is placed in Cerberus core files, above the site root.
 Necessity of Cerberus application core files to be placed above the site root is to deminish to maximum possible the exposure of Cerberus application to direct access from site root of various threats.
 To avoid direct access from site to native control panel were implemented mechanism of a sets of random access codes, to ensure, that communication with Cerberus native control panel is autorized from site super user.
 Additionaly, to access codes, implemented mechanism of limited Cerberus native control panel duration, which is adjustable from plugin backend - tab "Options" | "Control panel access duration".

Menus brief description

Cerberus main menu
Cerberus application initial screen

 Cerberus native control panel can to be accessed only from Plugin Manager: first tab "Plugin" | "Cerberus command panel link". Activity duration of native control panel is settled from tab "Options" | "Control panel access duration" control.


 1. Main menu item "PROTECT" is a general On(GREEN) / OFF(RED) switch which enables application. Before proceed to any intervention in site such adding extensions, updating of CMS core or any extension or addition of a folder and files - ALWAYS - disable Cerberus application, else, Cerberus application will remove any changes in site file system. Before make CMS core updating or extension addition, consider, as a good practice, to lockup the site by a click menu item "OPTIONS" | "Manage options" | "Lock up site". After you done enable again Cerberus application by click main menu item "PROTECT" and menu item "OPTIONS" | "Manage options" | "Unlock site". For details of options "Lock up site" / "Unlock site" see below.
 2. Main menu group item "OPTIONS" provide available options.
 3. Main menu group item "DOCs" provide access to Cerberus documentation

Main menu item "OPTIONS"

Menu group item "OPTIONS" | "Run manualy (no cron)"
Cerberus application main menu item \

  Menu group item "OPTIONS" | "Run manualy (no cron)" allow to run manualy Guard and Scan devices used basically for fine tunning of Cerberus application.
 1. Menu item "OPTIONS" | "Run manualy (no cron)" | "Guard" - is a fast responding part of Cerberus application scan mechanism. Average scan speed (in cron mode) less of a second, else, arround 3-4 seconds for site size about of ~16000 dirs and files an average CMS site size. Checking time depth value (plus some small time overlap ~ scan time1) is together cronjob period, which settled from tab "Cron jobs" | "Guard cronjob time interval".
 2. Menu item "OPTIONS" | "Run manualy (no cron)" | "Scan" - is a slow but more comprehensive part of Cerberus application scan mechanism. Average scan speed is about 150-200 second for site size about of ~16000 dirs and files. Scan time interval is settled from tab "Cron jobs" | "Scan cronjob time interval".

Menu group item "OPTIONS" | "Enable / disable"
Menu group \

  Menu group item "OPTIONS" | "Enable / disable" allow to enable / disable various parts of Cerberus application scanning mechanism as well as respective parts of cron jobs.
 1. Menu item "OPTIONS" | "Enable / disable" | "Guard mode ON/OFF" - enables / disables Guard device.
 2. Menu item "OPTIONS" | "Enable / disable" | "Guard mode cron job ON/OFF" - enables / disables Guard device cron job.
 3. Menu item "OPTIONS" | "Enable / disable" | "Scan mode ON/OFF" - enables / disables Scan device.
 4. Menu item "OPTIONS" | "Enable / disable" | "Scan mode cron job ON/OFF" - enables / disables Scan device cron job.
 5. Menu item "OPTIONS" | "Enable / disable" | "Execute module ON/OFF" - enables / disables Execute module which execute the final actions of Cerberus application as directories / files removing, sending in jail restoring deleted files. Default is to ON, where OFF is used mostly for fine tunning measurments.

Menu item "OPTIONS" | "Show Jail incidents"
Show Jail incidents
Cerberus incidents report
Show Jail incidents

  Menu item "OPTIONS" | "Show Jail incidents" Show recorded intruders incidents where happened in site which end up in jail. Intruders incidents where happened do not end up, always, in jail, when they are discovered by fast respond device they simply are erased - to keep Guard - fast respond device really fast. Additionaly allow to view these files content dependently of files type directly from Cerberus incidents report list.

Menu group item "OPTIONS" | "Setup"
Cerberus application Setup

  Menu group item "OPTIONS" | "Setup" setup the Cerberus application.
 1. Menu item "OPTIONS" | "Setup" | "Configuration panel" - where can to implement, comprehensive and fine tunning of Cerberus application.
 2. Menu item "OPTIONS" | "Setup" | "Reset application" - reset the application tables according Configuration panel settings. On any major update, extension addition or folders and files addition mast to reset application. Before Reset application mast disable application via main menu item "PROTECT" which is a general On / OFF switch and additionally, as good practice, lock up the site via menu item "OPTIONS" | "Manage options" | "Lock up site". Only then click this menu item "OPTIONS" | "Setup" | "Reset application". At end do not forget to enable application via main menu item "PROTECT" and unlock the site via menu item "OPTIONS" | "Manage options" | "Unlock site".

Menu group item "OPTIONS" | "Manage options"
Manage options

 1. Menu item "OPTIONS" | "Manage options" | "Lock up site" lock up site to be accessed and fully operable only from your mashine - very useful for updating, extension addition or folders and files addition. For all other visitors will display an default message (hardcoded for now: Sorry for inconvenience. We perform an urgent, important security update. After few minutes site will be available again. Thank you for your patience and understanding.) .
 2. Menu item "OPTIONS" | "Manage options" | "Unlock site" - unlock previosly locked site, make it available for public.
 3. Menu item "OPTIONS" | "Manage options" | "Delete site backup" - delete the site backup.
 4. Menu item "OPTIONS" | "Manage options" | "Make site backup" - make site backup and place it above the site root.
 5. Menu item "OPTIONS" | "Manage options" | "Restore site from backup" - restore the site from backup.
 6. Menu item "OPTIONS" | "Manage options" | "! Delete restore site" - first delete site completely to remove anything and then restore from site backup.
 7. Menu item "OPTIONS" | "Manage options" | "Create the Jail" - create Jail folder above the site root, where application place all diskovered unregistered files.
  Menu item "OPTIONS" | "Manage options" | "Empty the Jail" - empty the Jail folder.
  Menu item "OPTIONS" | "Manage options" | "Create Removeds" - create Removeds folder above the site root, where place all folders and files which need to be removed from the site and notify Cerberus application to not restore removed folders and files. Reverse functionality not provided for security reasons.
  Menu item "OPTIONS" | "Manage options" | "Empty the Removeds" - empty the Removeds folder.
  Menu item "OPTIONS" | "Manage options" | "Remove folder / file" - Remove folder / file from site and notify Cerberus application to not restore removed folders and files.
  Menu item "OPTIONS" | "Manage options" | "Empty cache folder" - empty the cache folder, however this performed when reset the application.
____________

1 for now is simply fixed about to 1 sec - enough for majority of CMS sites.
Create an account
v 3