Support

Admin Tools

#15991 hide administrator

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 08 May 2013 08:29 CDT

Wednesday, 08 May 2013 04:37 CDT

user72091
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: 1.5
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version:

Description of my issue:
I recibe atacks every day and admin tools block this attack and put ip in firewall automatly, buy my dubt is, Is possible hide administrator to not recibe more attacks?

Wednesday, 08 May 2013 05:03 CDT

nicholas
The answer is yes and no. No, you can't entirely hide the administrator URL but yes, you can "cloak" it to protect it against attacks. There are two things you can do:

1. Use the secret URL parameter feature. You will need to type something like http://www.example.com/administrator/index.php?your_secret_word to see the administrator login page. You will still receive security exceptions from people trying to access that page without the secret word, but your back-end is actually protected and these access attempts fended off.

2. Use the administrator password protection. This makes Apache ask for a username and password before you can enter your Joomla! username and password. This is one more layer of protection but if you have badly written components you might have problems in your site's front-end as well.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 08 May 2013 06:35 CDT

user72091
1- where is the secret URL parameter?? I use joomla 1.5.26 and Admin Tools version 2.2.10

Wednesday, 08 May 2013 07:04 CDT

nicholas
Towards the top of the Configure WAF page.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 08 May 2013 07:30 CDT

user72091
Urgently:

I change secret URL parameter and put "jacint"
but now I can't access to website

www.lacalendula.net

and i can't access to administrator
www.lacalendula.net?jacint

what's happend????

Wednesday, 08 May 2013 07:34 CDT

user72091
then change secret URL parameter

if put

www.lacalendula.net

i recibe

You are a spammer, hacker or an otherwise bad person.

Wednesday, 08 May 2013 07:44 CDT

nicholas
Please refer to https://www.akeebabackup.com/documentation/troubleshooter/atwafissues.html

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 08 May 2013 08:23 CDT

user72091
1-I rename plugins/system/admintools/ main.php/main.php to main-disable.php
2-then go to adeministrator and quit secret URL parameter
3- save
4-rename plugins/system/admintools/ main.php/main-disable.php to main.php
5- continue not work. (I can't access to site and I can't access to back

Wednesday, 08 May 2013 08:29 CDT

nicholas
Go inside the plugins/system/admintools directory on your site. You will see a file named main.php. Rename it to main-disable.php. This will turn disable the Web Application Firewall from executing and you can access your site's back-end again.

VERY IMPORTANT STEPS: Go to Components, Admin Tools, Web Application Firewall and click the Exceptions Log button. Delete all records with your own IP address. Then, go back to Web Application Firewall and click on the Auto IP Blocking Administration button. Select the record showing your IP address and click on the Delete button to delete the block.

TIP: Don't know what your IP address is? Just visit whatismyipaddress.com to find out!

Go to Components, Admin Tools, Web Application Firewall, Configure WAF. Make sure that you have entered your secret word correctly.

Now remember to rename main-disable.php back to main.php, otherwise your site will remain unprotected.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!