UniForce the Security Extension for Websites on Drupal 9, 10
Here is a brief tutorial on incorporating key security features into a Drupal website. Before delving into the details, let's explore the rationale behind opting for UniForce.
UniForce serves as an extension compatible with any PHP site, CMS, or framework. It provides the following functionalities:
- Conducting one-time and daily automatic tests to detect existing malware and viruses within the site's files.
- Utilizing the UniForce Security FireWall to control and restrict website access.
- Safeguarding a website from exploit attacks, XSS attacks, and SQL injections.
- Defending against password guessing through brute-force attacks.
Developed by CleanTalk, a company specializing in Anti-Spam, Security, and Monitoring services for websites, this application has been active in the market since 2012, serving over 800,000 sites to date.
We commonly refer to UniForce as Universal Security Plugin suitable for every CMS.
1. Download the latest and greatest UniForce build https://github.com/CleanTalk/php-usp/releases/download/3.9.0/uniforce-3.9.0.zip.
2. Unzip the archive inside your website root folder (usually the "web" folder). You should see a folder named "uniforce" in the root of your website. Example,
shagimuratov@mbair-ds web % ls -al
total 112
drwxr-xr-x 21 shagimuratov staff 672 Jan 12 14:16 .
drwxr-xr-x 8 shagimuratov staff 256 Jan 11 18:50 ..
-rw-r--r-- 1 shagimuratov staff 1025 Jan 11 18:50 .csslintrc
-rw-r--r-- 1 shagimuratov staff 151 Jan 11 18:50 .eslintignore
-rw-r--r-- 1 shagimuratov staff 41 Jan 11 18:50 .eslintrc.json
-rw-r--r-- 1 shagimuratov staff 2467 Jan 11 18:50 .ht.router.php
-rw-r--r-- 1 shagimuratov staff 8024 Jan 11 18:50 .htaccess
-rw-r--r--@ 1 shagimuratov staff 87 Jan 11 18:50 INSTALL.txt
-rw-r--r-- 1 shagimuratov staff 3205 Jan 11 18:50 README.md
-rw-r--r-- 1 shagimuratov staff 315 Jan 12 11:17 autoload.php
drwxr-xr-x 52 shagimuratov staff 1664 Jan 5 03:27 core
-rw-r--r-- 1 shagimuratov staff 1495 Jan 11 18:50 example.gitignore
-rw-r--r-- 1 shagimuratov staff 549 Jan 11 18:50 index.php
drwxr-xr-x 4 shagimuratov staff 128 Jan 12 11:17 modules
drwxr-xr-x 3 shagimuratov staff 96 Jan 11 18:50 profiles
-rw-r--r--@ 1 shagimuratov staff 2027 Jan 11 18:50 robots.txt
drwxr-xr-x 7 shagimuratov staff 224 Jan 11 18:50 sites
drwxr-xr-x 3 shagimuratov staff 96 Jan 11 18:50 themes
drwxr-xr-x@ 15 shagimuratov staff 480 Jan 12 11:22 uniforce
-rw-r--r-- 1 shagimuratov staff 804 Jan 11 18:50 update.php
-rw-r--r-- 1 shagimuratov staff 4039 Jan 11 18:50 web.config
shagimuratov@mbair-ds web % ls -la uniforce
total 48
drwxr-xr-x@ 15 shagimuratov staff 480 Jan 12 11:22 .
drwxr-xr-x 21 shagimuratov staff 672 Jan 12 14:16 ..
-rw-r--r--@ 1 shagimuratov staff 205 Oct 12 15:27 .htaccess
drwxr-xr-x@ 18 shagimuratov staff 576 Oct 12 15:27 css
drwxr-xr-x@ 8 shagimuratov staff 256 Oct 12 15:27 data
drwxr-xr-x@ 9 shagimuratov staff 288 Oct 12 15:27 img
drwxr-xr-x@ 10 shagimuratov staff 320 Oct 12 15:27 inc
-rw-r--r--@ 1 shagimuratov staff 1666 Oct 12 15:27 index.php
drwxr-xr-x@ 18 shagimuratov staff 576 Oct 12 15:27 js
drwxr-xr-x@ 6 shagimuratov staff 192 Oct 12 15:27 lib
drwxr-xr-x@ 3 shagimuratov staff 96 Oct 12 15:27 replacement
-rw-r--r--@ 1 shagimuratov staff 1265 Oct 12 15:27 router.php
-rw-r--r--@ 1 shagimuratov staff 4343 Oct 12 15:27 uniforce.php
-rw-r--r--@ 1 shagimuratov staff 32 Oct 12 15:27 version.php
drwxr-xr-x@ 8 shagimuratov staff 256 Oct 12 15:27 view
shagimuratov@mbair-ds web %
Make sure your web server has access to the UniForce files, usually www-root or www-data should be set as the files owner,
sudo chown -R www-root:www-data uniforce
sudo chmod -R o+rw uniforce
3. Go here in your browser: SITE.COM/uniforce/index.php
4. Enter your email address and password to set up access to the UniForce settings.
5. Sign up for a CleanTalk account to get your Access key https://cleantalk.org/register?product_name=security
Fill in the Access key in the same form as on step 5.
6. (Optional) In "Additional scripts", write the path to your index.php or any other index file which you use to route requests to your site.
7. Then press the button "Install" to run the installation.
8. By default, UniForce edits the file index.php in the root folder and doesn't touch anything else. You can specify additional admin page URLs in the field "Additional scripts", just separate them by commas in the "Advanced configuration" section.
DRUPAL_ROOT/index.php
Code injection by UniForce to run FireWall and Brute-Force Protection.
//cleantalk-usp/bottom_code/start
if(ob_get_contents()){
ob_end_flush();
}
if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'){
die();
}
//cleantalk-usp/bottom_code/end
9. You should see a Summary page in case of success.
10. On the Settings page in the Admin page URL put the URL of your admin page, for example '/admin' and turn Brute-Force Protection on.
11. On the Malware Scanner page run the first scan. Here the app shows all found dangerous and suspicious files. Usually it takes up to 60 minutes to finish scanning.
12. You can see your Security Firewall Logs, add a new site and manage the existing sites on the Security Dashboard page.
13. To troubleshoot any issues, post a support request here: https://cleantalk.org/my/support/open
Periodical Updates of the Installed Extensions
I also recommend doing periodic updates of all installed Drupal extensions, which you can find there,
DRUPAL-SITE.COM//en/admin/modules/update
or Drupal Admin -> Administration -> Extend -> Update
It helps to keep all your installed extensions free of known vulnerabilities. Drupal publishes known security issues here https://www.drupal.org/security.
It would also be interesting
- The CleanTalk Malware Scanner for WordPress. How it worksThe CleanTalk Malware Scanner for WordPress Quarantine Can files like OTF or ICO, JPEG,...
- CleanTalk Security. How to use Security FireWall LogHow to Use Security FireWall Log 1. First go to your Security Dashboard. Choose "Site Security"...
- All Installation Manuals of CleanTalk Anti-Spam ServiceCleanTalk Anti-Spam Installation Guides Here you can find our plugin installation guides for popular...