Hi IOANNIS,

I could not access the backend(https://take.ms/N3BYG). Please advice.

By the way, I could not reproduce the issue in my local instance(https://take.ms/9n8KY).

Please use the following:
url: https://blog.deriscope.com/administrator/
Username: derisc5
Password: dj7Ls2Pdhg4f

By the way, I managed to save a draft of my post yesterday by removing the word "union" that was used once in my text.

Hey IOANNIS,

It appears that the jhackguard on your site is preventing those words from being used in post requests(saving a blog post is a post request). If I disable jhackguard, the blog post can be saved with those words(https://take.ms/u1eeq).

I believe it is a security measure from jhackguard as those terms are used to manipulate databases. If you really need to use those terms together on your blog posts, perhaps you can consult jhackguard about a workaround?

What is this jhackguard? I have never heard of it before and I never remember installing it.
Google tells me it is a product of SiteGround, my web host.
Has EasyBolg anything to do with its installation?
I find it utterly idiotic from the part of this jhack developer to believe that a document is protected by disallowing a combination of perfectly legal English words anywhere within the body of text!!! Worst of all, no hint was given and all my text was disappeared without a recovery option!!!

I have already sent an email to SiteGround regarding this.
I am very upset because I missed my posting deadline yesterday due to this unbelievably stupidly designed hacker prevention.
I will obviously remove the jHackGuard, but I am terrified that this or a similar plugin will be installed again in the future without my explicit approval.

Hey IOANNIS,

I am really sorry to hear that you missed your deadline.

Has EasyBolg anything to do with its installation?

We do not own JHackguard nor include it in EasyBlog's installer.

We will investigate this and check why it is removing the content completely and whether we can do anything from our side to prevent this in the future.

I must confess that in the beginning (early last afternoon) I thought that my post disappeared because I had not renewed my EasyBlog license. This is why I rushed to renew my license for one more year, in the hope that I could afterwards save my draft and publish the post.
Now I realize that you guys are great!!! I am very grateful that you discovered so quickly the culprit plugin. And of course I am glad I renewed my license because you deserve every penny of the renewal cost!
Regarding the jHackGuard, I have been left speechless! Which 21st century developer would ever come with the idea of considering the occurrence of the three words "union, next, select" anywhere in the body of text as a hacker attempt? Didn't occur in the mind of the developer the high probability of false positives?
Even an innocent sentence such as "Lets' select our next reunion date." would cause the post's disappearance!!!!!!!!
Even adding letters before of after the "evil" words - for example using nextm instead of next, or reunion instead of union - will lead to the same catastrophic end!
Perhaps you would consider sending an email to all your users about avoiding certain word combinations or disabling the jHackGuard plugin, as I imagine I will not be the only one affected.

I have received a response from SiteGround.
Apparently they have corrected this but in their latest version and they sent me the link below:
https://www.siteground.com/blog/new-jhackguard/

Hey IOANNIS,

Thanks for updating us on the issue. Since siteground claimed to have solved the issue in a newer version. Can you send me the installer of the new version so we can test this on our end?

By the way, we will also create a documentation of this conflict under EasyBlog so that users are aware of the conflict.

My earlier installation of the jHackGuard plugin appeared to be version 2.0.4 from year 2013.
I removed everything and installed the latest from the link https://www.siteground.com/joomla-hosting/joomla-extensions/ver1.5/jhack.htm
Now the plugin version appears to 2.0.3, from year 2013, which is strange since the previous version was 2.0.4
Anyway I tested it and now it seems the problem is not there.
So it is likely that the cause was something else. Perhaps some incompatibility between versions. I don't know.
If you manage to somehow keep a copy of the draft when the user clicks on the Publis Now or Save Draft button, no matter what the external environment does, that would be of course great.
I attach the jHackGuard installer as requested.

Hey IOANNIS,

It could be that your plugin is not enabled. Can you check your jhackguard plugin and make sure it's enabled before testing their fix?

I wrote that "I tested it and now it seems the problem is not there."
This means it is all ok now.
And yes, I made sure the plugin is enabled.,

Hey IOANNIS,

I tested the issue again on your site and it is still happening when you have 'union', 'from', 'select/update/delete' in the content. Video: https://take.ms/3nHqR

I also tested the provided jhackguard installer in my local instance and the issue occurs as well.

This is good to know Raymond. Just curious, how did you come up with the words? I guess these are standard database keywords.
I have updated the SiteGround people with this new finding. I am curious on what they have to say. I don't like to judge, but this story is so pathetic that it could circulate in the news as a programmers' joke! Treating normal English words as hacker attempts! No matter how many times I think about it, I cannot believe it!!!!
I think the way forward is either switching off jHackGuard all together or you manage to find a way so that a copy of the original content is always saved before any processing by jHackGuard takes place.

Hey IOANNIS,

Just curious, how did you come up with the words?

It's actually coming from the general post input filter in jhackguard component: https://take.ms/IhZFB

Yes they are commonly used words to retrieve or manipulate data in the database.

I think the way forward is either switching off jHackGuard all together or you manage to find a way so that a copy of the original content is always saved before any processing by jHackGuard takes place.

Yes you can disable jHackGuard for now.

SiteGround could not be very helpful. They said, they will forward the case to the management for consideration. In reality, it is obvious that the software needs a serious repair. but anyway, this is the case for now.

Hey there,

I am really sorry for the delay of this reply as it is a weekend for us here.

I am agree with you, this jHackGuard 3rd party component/plugins developer have to think of this situation, what if the user site use to blog about some guidance related with the SQL query stuff (database), e.g.

SELECT City FROM Customers

UNION

SELECT City FROM Suppliers

ORDER BY City;

So it definitely conflict with this jHackGuard plugin, the user site unable to blog about this on the site because the blog content contain those SQL keywords like union, select, update, delete and from.

By the way, keep us update if you need any further assistance on this in the future.