Support

Please supply the mandatory information, as well as your operating system, browser and versions of your operating system and browser.

Just for the sake of future searches, it would be beneficial to tell us how you solved it. I assume it was a browser extension or an Internet security application conflicting with AJAX requests?

Regarding your question, right now it's not possible to have an email sent out. This will be included in a future version of Admin Tools (it's on our to-do list). However, if when that's added, you'll still need to have a CRON job to run every so often. It is not possible to have a file alteration monitor in PHP.

FWIW, the closest approximation I could think of to what you describe is installing the FAM (File Alteration Monitor) daemon in Linux and creating a custom service which would respond to FAM's event. This is a little too complicated and very OS-dependent to be implemented in a generic tool, let alone implement it in PHP (a custom programme in C/C++ would be much more apt to the task).

Well, as you can see from the screenshot, RSFirewall does that for just a handful of files. This means that on each and every page load of Joomla! it will check the (short) list of files to determine if the files are changed. And this is the problem.

If you do proper scanning (MD5 sums, content evaluation against potential threat signatures) just like Admin Tools does, you need 100-200msec per file. With just 10 files you get a performance hit of 1-2 seconds on each and every page load. This is a lot and will cause your site to be ranked lower by Google (and presumably other search engines). In order not to incur a performance hit, one would have to reply on file sizes and timestamps as this check is two orders of magnitude (that's 100x) faster. However, these are very easy to spoof if the hacker is not a complete moron.

So, a realtime file alteration monitor implemented as a Joomla! plugin has the following disconcerting limitations:
a. It will be limited to a few files. This means that, as a hacker, I can upload a hacking script with an inconspicuous filename (usually hackers use the name README.php) deep inside a folder, get the list of files you are monitoring, alter some other file you are not monitoring and which is loaded all the time and essentially hack you under your nose while you are lulled by a false sense of security.
b. It will either incur a performance hit or use a relatively unsafe method of monitoring changes. The performance hit will degrade site visitor experience and get your site downranked by search engines. The unsafe method is easy to bypass by any real hacker.

Therefore I consider that to be a bad form of a security feature. It will give you a false sense of security and may also cause a performance hit. If you want to have complete coverage you need to do a site-wide matching of files content, just like Admin Tools or Akeeba SiteDiff does. This is why RSFirewall is very careful in the language they are using in this feature's description: they tell you that you should use it to monitor downloadable files, not use it to make sure your site is not hacked ;)