Support

Admin Tools

#33319 Messages blocked IPs and Custom messages swapped?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 30 June 2020 00:20 CDT

Friday, 26 June 2020 09:32 CDT

RgvS
Hallo Akeeba,   I think the messages for Auto-ban / messages to blocked IPs is swapped with the message Customisation / Custom message. When I give tree times a wrong Administrator secret URL parameter I got the Messages to blocked IPs.
 When I have blocked an IP adres I got the Custom message.
I think it must be the other way around?   table *_admintools_storage
key = cparams
Value =
"spammermessage":"This must be the Auto-ban - messages to blocked IP!"'
"custom403msg":"This must be the Customisation - Custom Message!"   See also the attachment/image.   It was by version 5.6.0 as also 5.7.3.   Regards,
Richard de Boer / Richard Schlichting
Edited by on 2020-07-26 17:45 CDT

Monday, 29 June 2020 00:48 CDT

nicholas

No, the messages are not swapped and this code has actually not been changed for several years. You seem to misunderstand how these messages and the secret URL parameters features work.

The Custom Message is displayed every time the firewall is triggered i.e. a request is blocked. This is what we used to call a "security exception" in versions 2.0 to 5.6. In other words, every time you trigger the site's protection WITHOUT your IP having been blocked you are shown this message.

This is NOT the case for the administrator secret URL parameter. If you enter the wrong or no secret URL parameter when you try to access the administrator directory a blocked request is logged and you are redirected to the site's root without being displayed a message. This is on purpose. You do NOT want to tell a potential hacker that you are in fact using Joomla but blocking access to the administrator application. It'd make it easier for an automated attack to change its approach. We don't want that, we want them to try and fail repeatedly so they get their IP banned automatically.

The “Show this message to blocked IPs” message is shown when someone whose IP is automatically blocked tries to access the site. Since you tried to access the administrator application three times in a row you triggered the firewall with the Admin Query Reason thrice. Because of your Auto-ban settings the IP address was blocked. Therefore Admin Tools correctly displays the “Show this message to blocked IPs” message.

In so many words, what you observe is the intended behavior of Admin Tools. Nothing is wrong.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 29 June 2020 14:49 CDT

RgvS

Hello Akeeba, Nicholas,

Thank you for your extended answer.
I still did some testing why I thought the messages where swapped.
In the Rescue mode documentation:
https://www.akeebabackup.com/documentation/admin-tools/rescue-mode.html

"First on all, when a blocked request is raised the visitors see a message informing them they did something they shouldn't have done. You can customize this in the Configure WAF page, Customisation tab, Custom Message option. If that option is left blank the default message generated by Admin Tools contains information about unblocking yourself."

I changed the Custom Message option, but I still got the "unblocking yourself information"!

Now I see the second part of displaying messages becomes active:
"The second place where this is displayed is the message shown to blocked IPs. You can customize that in the Configure WAF page, Auto-ban Repeat Offenders tab, Show This Message To Blocked IPs option. If you leave this blank or if you use the default message ("You are a spammer, hacker or an otherwise bad person.") the information about unblocking yourself will be appended to the end of the message."

The "unblocking yourself information" is still being displayed if you use the default "blocked IPs message".
Changing the Custom Message has no effect on this part.

And maybe the default messages give me some confusion:
The "This request is blocked by Admin Tools." is NOT for the Auto-ban blocked IP's.
The "You are a spammer, hacker or an otherwise bad person" is NOT for the "suspicious" users of a "security violation" (help text Custom Message).

After re-reading I see it is the "intended behavior of Admin Tools" but it cost some time to see the exact difference and behavior of the two messages.

Regards,
Richard de Boer / Richard Schlichting

Tuesday, 30 June 2020 00:20 CDT

nicholas

The Rescue Mode information is forcibly added to the message since a year and a half ago.

I have also already explained how the messages work and I can confirm 100% with absolute confidence and with my hand on the Holy Scripture that THE MESSAGES ARE NOT -- REPEAT: NOT -- SWAPPED IN ANY WAY, FORM OR FASHION and that the code that generates them HAS NOT -- REPEAT: NOT -- BEEN CHANGED for at least 2 years.

Sorry, I can only tell you how things work. I cannot understand it for you.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!