Support

Admin Tools

#20283 Since update 3.0.1 only template in url shield works

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 18 June 2014 03:07 CDT

Monday, 16 June 2014 01:42 CDT

Hansdampf
 Since update Admin Tools to 3.0.1 I get no Email notifications about SQL-Shield, RFI-Shield, DFI-Shielt and so on. Only template in url-Shield works.
This effect is the same on about 20 Sites. I Updated last Friday. I looked in the Graphic-Statistics of some Sites were i used to get much Shield notifications, most dfi-shield. There are no exceptions listed since the update. What is going wrong?

Monday, 16 June 2014 03:55 CDT

nicholas
I am not sure what "URL shield" is supposed to mean. Regarding the notifications about attacks, you have to be aware of some important changes:
- The .htaccess Maker now includes a whole lot of malicious users agents which are being blocked from accessing your site BEFORE Joomla! loads, therefore before Admin Tools is triggered. This has the very positive side-effect of dropping the number of attacks hitting Admin Tools' system plugin by a whooping 90%.
- You can now select which security exceptions result in emails being sent and which are being logged. Under the Logging and Reporting tab you will find the options "Do not log these reasons" and "Do not send email notifications for these reasons". By default we only include "Geo Block" which is consistent with what Admin Tools has always been doing. If you have modified them (please DO CHECK, do not simply trust your memory that you didn't touch them) then yes, Admin Tools will not report and / or log what you told it to not report and / or log. Anything else would be a bug.
- Finally, just because you used to get a lot of security exceptions doesn't mean that you'll always be getting a lot of security exceptions. Script kiddies tend to lose interest to your site after a while, especially if they've tried all they got and still couldn't get past your site's defenses.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 17 June 2014 01:52 CDT

Hansdampf
Hi Nicholas,

sorry for my bad English. Thanks for your answer and thanks a lot for your component that helps me to protect my sites. Sorry, I didn't mean "url-shield", I mean "template=' in URL". I didn't use the htaccessMaker since yesterday (your answer inspiered me to test it - now every of my sites has an new htaccess-file createt by admintools) and the report- and log-settings are ok. Maybe it is a coincidence that the reports/logs of the dfi-shield etc. stopped with my update to 3.0.1. Is there a easy way to test that the shield works?

Greetings - Hans

Tuesday, 17 June 2014 02:27 CDT

nicholas
There is an easy way to test DFIShield. Let's say your site's domain is www.example.com. Try to access the following URL with your browser:

http://www.example.com/index.php?dummy=https://raw.githubusercontent.com/akeeba/fof/development/fof/autoloader/component.php

This will trigger DFIShield. The DFIShield protection is triggered every time there is a query parameter holding a URL to something that looks like PHP code. It doesn't matter if it's benign (like the file I am giving you) or a malicious one. If it contains PHP code it triggers DFIShield.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 17 June 2014 03:34 CDT

Hansdampf
Hi Nicholas,
I tested your example with a domain from me. I am landing on my start page. I get no report and no log. I tested it five times and I am not blocked. The configuration is blocking after 3 atempts in one hour.
Greetings Hans

Tuesday, 17 June 2014 04:31 CDT

nicholas
Please check your WAF Configuration. DFIShield must be disabled. If this doesn't help please try reinstalling the component (without uninstalling it!) and make sure the System - Admin Tools plugin is published and its order is set to make it the first plugin to be loaded.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 17 June 2014 05:45 CDT

Hansdampf
Hi Nicholas,
I checked all what you say. I think you mean that the DFIShield must be enabled. The plugin is published and ordered first. No report, no log and no blocking. - I reinstalled the component - no report, no log and no blocking of your exampel url.

I deinstalled the component 3.0.1 and installed Version 2.6 - configurated it new - everything works fine. The report, the log, both ok and the url is blocked.
The Problem with 3.0.1 appears on 21 Sites of mine. So it is a lot of work to deinstall the new Version and install the older Version and configurate all new.
Do you have an idea why does 3.0.1 Shields does not works on my sites. Is there a new configuration step that I didn't see?
Greetings Rainer

Tuesday, 17 June 2014 06:57 CDT

nicholas
Are you absolutely and perfectly sure you have PHP 5.4 actually activated on your site? Please do check by going to your site's back-end and clicking on System, System Information. Click on the PHP Information tab. You will see something with really big letters on top, e.g. "PHP Version X.Y.Z". Can you please copy it here? I have the growing suspicion that you are using an old and unsupported version of PHP...

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 17 June 2014 07:48 CDT

Hansdampf
Hi Nicholas,
here it is:
PHP-Information:
PHP Version 5.4.28

System-Information:
PHP erstellt für Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux
Datenbankversion 5.1.73-1
Datenbankzeichensatz utf8_general_ci
PHP-Version 5.4.28
Webserver Apache
PHP-Interface für den Webserver cgi-fcgi
Joomla!-Version Joomla! 2.5.22 Stable [ Ember ] 12-June-2014 14:00 GMT
Joomla!-Plattform-Version Joomla Platform 11.4.0 Stable [ Brian Kernighan ] 03-Jan-2012 00:00 GMT
Browsererkennung Mozilla/5.0 (Windows NT 6.2; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0

A screen of System-Information is attached.

Tuesday, 17 June 2014 10:59 CDT

nicholas
Thank you VERY MUCH for the detailed information. I could now reproduce the issue. A new release is on the way. It will be published within a few minutes.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 18 June 2014 00:25 CDT

Hansdampf
Good morning Nicholas,
good and fast work. It seems the problem is solved. But one more question. Maybe I'm absolutely wrong, and shure it's the wrong category to post it. But Maybe the same issue. My Backend Cronjobs for Akeeba Backup don't works since update to, I think it was version 3.11.0. In Version 3.9.2 erverything worked fine. The path to php and the akeeba file is ok. I can't find the reason why they don't work.

I changes my sheduled backups to the frontend cronjob that works. But the backend backup is absolutely the better way.
Do you have any idea? Sorry, that I post it here - but because I think maybe it is the same issue??
Greetings Hans

Wednesday, 18 June 2014 03:07 CDT

nicholas
They are unrelated. Please post a new ticket to the correct category.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!