Support

Admin Tools

#21909 Admin query string

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Thursday, 22 January 2015 07:34 CST

Monday, 19 January 2015 09:37 CST

adgilcan
 I am getting a few security exceptions per day coming from my IP address. I don't quite understand why that should be when I know I need to append the secret URL (and it is bookmarked with the secret password URL ) and in many cases it is happening when my computer is asleep overnight and the site pages closed.

Can you tell me what might be happening? Should I be concerned about a "bot" on my computer independently attempting to access sites ?

Tuesday, 20 January 2015 03:22 CST

tampe125
Hello Duncan,

there are a couple of possibilities:
  1. Your ISP is recycling your IP when your connection is idle. This means that there is someone else using your IP and it's triggering the security exception
  2. Your tablet or your smartphone are trying to fetch the image of your bookmarked site. This is quite common, so you can ignore it.

If you want to be on the safe side, run an antivirus.
If you want to investigate further you can correlate Admin Tools timestamp with your server access log, but this requires some extra skill.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 22 January 2015 04:50 CST

adgilcan
Hi Davide

Thank you for your input.

I have bookmarked both the front-end and back-end of the site as required to login, so the secret URL is part of the bookmark for the front-end. Is this a foolish thing to do from a security perspective?

I am also getting regular security exceptions from IP Address: 54.86.66.252 This appears to be an AWS IP. I do have an account with AWS but I have no idea why they should be probing my site. Is this a worry, do you think?

Many thanks for a great product. The problem with great security is you become aware of how many bad guys are out there, don't you.

Duncan

Thursday, 22 January 2015 04:57 CST

tampe125
The problem with bookmarks is that the browser tries to fetch the screenshot of the site, so it can present it to you.
However, doing that, it strips out all the params, that's why you are getting those security exceptions.

Regarding AWS: Which security exceptions are you receiving?
Do you have any site on AWS? Does the logged IP matches with yours one?

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 22 January 2015 05:09 CST

adgilcan
Hi Davide

Wow, that was quick!

Thanks for the info re. browsers. Interesting

I have an S3/ Glacier account with aws. I don't know how to log that IP address but the DNS is https://console.aws.amazon.com/glacier/home?region=eu-west-1#

I could just block it. Could it be a suspicious probe, do you think? the exception is Admin Query String

Thanks

Duncan

Thursday, 22 January 2015 05:14 CST

tampe125
If you don't have any site hosted on AWS, most likely is someone using Amazon infrastructure to scan the web.
You can easily block it as usually.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 22 January 2015 05:19 CST

adgilcan
Thanks Davide

I shall block it.

Much appreciated

Duncan

Thursday, 22 January 2015 07:34 CST

tampe125
You're welcome!

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!