Support

Documentation

Chapter 2. Using Admin Tools

Table of Contents

The Control Panel
Fixing the permissions of files and directories
Configuring the permissions of files and directories
Emergency Off-Line Mode
Protect your administrator back-end with a password
The .htaccess maker
Basic Security
Server protection
How to determine which exceptions are required
Custom .htaccess rules
Optimisation and utility
System configuration
The NginX configuration maker
Basic Security
Server protection
How to determine which exceptions are required
The Kitchen Sink (Expert Settings)
Optimisation and utility
System configuration
The web.config maker
Basic Security
Server protection
How to determine which exceptions are required
Optimisation and utility
System configuration
Web Application Firewall
Configure
Help, I have been locked out of my site's administrator area!
WAF Exceptions
WAF Blacklist
Administrator IP Whitelist
Site IP Blacklist
Anti-spam Bad Words
Geographic blocking
Security Exceptions Log
List of blocking reasons
Auto IP Blocking Administration
Auto IP Blocking History
Email templates
Database tools
The PHP File Scanner
How does it work and what should I know?
Configuration
Scanning and administering scans
Reading the reports
Automating the scans (CRON jobs)
Automating the scans (front-end scheduling URL)
SEO and Link Tools
URL Redirection
Cleaning your temporary files directory
Protecting Admin Tools with a password
Import and Exporting Settings
Access Control
The "System - Admin Tools" plugin
Rescue Mode
Other plugins
The plugins powering the One Click Update feature
The CLI update notification and automatic update script

The Control Panel

The main page of the component which gives you access to all of its functions is called the Control Panel.

The Control Panel page

The Control Panel is split in three areas, a top area, the left-hand control panel icons and the right-hand information boxes.

If Admin Tools has detected that some of its directories/files are missing or tampered with it will give you a warning instead of displaying this page. Per the warning message's instructions, you should download the Admin Tools ZIP package from our site and install it on your site twice, without uninstalling Admin Tools before or in between these subsequent installations. For more information about this self-check feature read the "Self-check feature" section further down this chapter. If you are wondering which files are missing please click on the Run files check button. If you want to ignore this message ENTIRELY AT YOUR OWN RISK click the second button. Do note that ignoring this message will most likely cause your Admin Tools installation to act erratically. Moreover, if you choose to ignore the warning message be advised that you will receive no support.

If there is an update available, you will see the information about it at the very top of the page. Click on the Update button to go to the Joomla! extensions update page where you can install the update.

The top area displays information about the Geographic IP (GeoIP) database. Please read on towards the bottom of this section for more information.

In the left hand area you have icons which launch the individual tools out of which Admin Tools is made when clicked. Each of those tools is described in a section of its own in the rest of this documentation.

Clicking on the Scheduling (via plugin) button will launch the System - Admin Tools plugin configuration page in a pop-up dialog box. In there, you can configure the scheduling options for Admin Tools' utilities. Do note that this feature is only available in the Professional edition.

The Joomla! Core update status icon will toggle between a green check mark, an exclamation/warning icon and a recycle icon. When it is a green check mark it means that your site already has the latest version of the Joomla! core installed and no further action is required. An exclamation icon means that there is a newer version of the Joomla! core available than the one installed and you should upgrade immediately by clicking on it. When it turns into a recycle icon, it means that Admin Tools was not able to fetch the latest Joomla! release information from the JoomlaCode.org servers. In this case you have to manually update your Joomla! site. Most often you can ask your host to open their firewall so that your site can access the JoomlaCode.org servers of standard HTTP (port 80) to restore the functionality of this feature.

The topmost right hand information pane displays the Admin Tools version information. You can see the version of the software, as well as force-reload the update information for Admin Tools itself. The latter is only necessary if there was an update released in the last 24 hours and your copy of Admin Tools has not "seen" it yet.

Below that you will see the graphs showing the number of logged security exceptions (attacks Admin Tools Professional has protected you against), their distributions by type and a few statistics about them, e.g. how many exceptions have occurred in the last year, month, week, day and so on.

What is the GeoIP database, installing and updating it

[Note]Note

This product includes GeoLite2 data created by MaxMind, available from MaxMind. This is only required by the Professional version of the component.

Certain features in Admin Tools require it to be able to find out the country and / or continent associated with the IP address of a visitor of your site. This is used to provide country information on blocked requests, as well as the Geographic IP Block feature. Naturally, IPs do not carry geographic information so we need an external database which has this kind of information.

Admin Tools requires you to install an optional plugin called "System - Akeeba GeoIP provider plugin". You can download it for free from our site. Please remember to enable it after you install it.

This plugin is using the third party MaxMind GeoLite2 database to match IPs to countries and continents. This list is not static, i.e. it is updated about once per month. Admin Tools can attempt to download its newest version by clicking the Update the GeoLite2 Country database button in the Control Panel page. However, if this is not possible (for reasons ranging from your host restrictions to permissions issues) you can do so manually.

You can download the latest version of MaxMing GeoLite2 database in binary format, from http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz. Extract the downloaded compressed file using gunzip on Linux, 7-Zip on Windows or BetterZIP on Mac OS X. It will result in a file named GeoLite2-Country.mmdb. Upload it to your site's plugins/system/akgeoip/db directory overwriting the existing file.

[Important]Important

Capitalization matters! You have to upload the file as GeoLite2-Country.mmdb.gz, not geolite2-country.mmdb.gz or any other combination of lowercase / capital letters, otherwise IT WILL NOT WORK, AT ALL.

[Tip]Tip

If you are a subscriber to MaxMind's more accurate (99.8% advertised accuracy), for-a-fee GeoIP Country database you can use that database instead of the free GeoLite2 database included in the component, using the same procedure.

Do note that security exception log records prior to installing the new version of the database will not be affected. Only security exceptions logged after uploading the new database version will be affected by the new database version.

Self-check feature

We have seen an intermittent issue with Joomla! where it “forgets” to copy or overwrite some files when upgrading an extension. This usually happens when the directory structure of the extension's top-level directories has changed since the previously installed version. It doesn't affect all Joomla! installations and we have not been able to identify the exact conditions which trigger it since the first time we observed it in 2009. The result is that you end up with a partially updated extension.

Working around this issue is very simple. Just install the extension's installation package twice in a row, but without uninstalling it before or between installations. This somehow forces Joomla! to get unstuck and install all of the necessary files.

In the case of Admin Tools, this Joomla! bug usually means that the component is updated but the plugin –which implements the security features– is not, putting your site at risk. This version of Admin Tools includes a self-check feature which makes sure that the correct files are installed. If they are not, you will be notified about it and given the instructions to manually fix your installation. If you choose to ignore this warning please note that your Admin Tools installation will not work as expected and we will not provide any support until you follow the manual fix instructions.