Chapter 2. Using Admin Tools

Table of Contents

The Control Panel
The component Options
Fixing the permissions of files and directories
Configuring the permissions of files and directories
Emergency Off-Line Mode
Protect your administrator back-end with a password
Why use the Administrator Password Protection?
The .htaccess maker
Basic Security
Server protection
How to determine which exceptions are required
Custom .htaccess rules
Optimisation and utility
System configuration
The NginX configuration maker
Basic Security
Server protection
How to determine which exceptions are required
Advanced NginX Settings
Optimisation and utility
System configuration
The web.config maker
Basic Security
Server protection
How to determine which exceptions are required
Optimisation and utility
System configuration
Web Application Firewall
Configure WAF
Basic Features
Request Filtering
Hardening Options
Project Honeypot
Logging & reporting
Troubleshooting (I got locked out of my site)
WAF Exceptions
WAF Deny List
Administrator Exclusive Allow IP List
Site IP Allow List
Site IP Disallow List
Anti-spam Bad Words
Blocked Requests Log
List of blocking reasons
Auto Blocked IP Addresses
Auto IP Blocking History
Email templates
Database tools
The PHP File Scanner
How does it work and what should I know?
Scanning and administering scans
Reading the reports
Automating the scans (CRON jobs)
Automating the scans (front-end scheduling URL)
Automating with Joomla Scheduled Tasks
SEO and Link Tools
URL Redirection
Cleaning your temporary files directory
Protecting Admin Tools with a password
Import and Exporting Settings
Access Control
The "System - Admin Tools" plugin
Automating maintenance tasks
Admin Tools – PHP File Change Scanner
Admin Tools – Blocked Requests Log cleanup
Admin Tools – Session table repair & optimise
Admin Tools – Clean up session metadata
Admin Tools – Cache clean-up
Admin Tools – Clean up the temporary directory
Admin Tools – Delete inactive users
Admin Tools – Auto-import configuration
Rescue Mode
Custom public folder
What is a custom public folder?
Admin Tools and the Joomla! custom public folder feature
Troubleshooting guide
Administrator password protection issues
New Super Users are blocked and deactivated after login
Can not create or edit Managers, Administrators, Super Administrators using Admin Tools (403 error thrown)
Locked out of my site after applying a .htaccess using Admin Tools' .htaccess Maker
Admin Tools' Web Application Firewall (WAF) locked you out of your site
My components, modules or templates stopped working after using Admin Tools .htaccess Maker and how to determine and apply exceptions
I created a .htaccess file on my main site and I can't access my other domains / subdirectories on the same account
The administrator secret URL parameter is not working
There are too many security exceptions. Should I be worried?

The Control Panel

The main page of the component which gives you access to all of its functions is called the Control Panel.

The Control Panel page

In the left hand area you have icons which launch the individual tools out of which Admin Tools is made when clicked. Each of those tools is described in a section of its own in the rest of this documentation.

Clicking on the Scheduling (via plugin) button will launch the System - Admin Tools plugin configuration page in a pop-up dialog box. In there, you can configure the scheduling options for Admin Tools' utilities. Do note that this feature is only available in the Professional edition.

The graphs on the right hand side display the number of blocked requests logged (potential attacks Admin Tools Professional has protected you against), their distributions by type and a few statistics about them, e.g. how many requests were blocked in the last year, month, week, day and so on. Please note that the number of requests blocked IS NOT MEANT TO BE USED AS A MEASURE OF HOW WELL ADMIN TOOLS PROTECTS YOUR SITE. The number of requests blocked depends on EXTERNAL FACTORS, namely how many attacks were launched against your site in a period of time. Most sites will experience a great variance of this metric over time. It is perfectly normal and very common to see just a handful or no attacks for days or months at a time, then a short but sudden burst of hundreds to thousands of blocked requests over the span of a few hours to a few days. The idea behind the graphs is to make you aware of these spikes which indicate that a malicious showed an interest on attacking your site. The graph showing the types of attacks is a good indication of what they tried to use when probing or attacking your site. That's all there is to it. These are not Key Performance Indicators (KPIs), they are just a quick glance at the information you could extract by poring over the blocked requests log yourself.

The lower panes display the Admin Tools version information. You can see the version of the software and display the changelog. Finally, there's a reminder that security extensions are not a panacea, they are just one of the many tools in the defender's arsenal.