Support

Admin Tools

#9917 Interesting enttry in security exceptions

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 26 June 2011 15:31 CDT

Sunday, 26 June 2011 14:21 CDT

davesage
Mandatory information about my setup:

Have I searched the forum before posting? Yes
Have I read the Troubleshooting Wizard before posting? Yes
Have I read the documentation before posting? Yes
Joomla! version: 1.5.23
PHP version: 5.3.x
MySQL version: 5.0.x
Host: (optional, but it helps us help you)
Admin Tools Professional version: 2.0.5


Description of my issue:

I saw an interesting entry in my security exceptions log and wanted to ask if I should be concerned.

An unknown ip address with admin string

www.mydomain.org.uk/administrator/index.php?option=com_akeeba&view=log&task=download&tag=xmlrpc


I take it this means that they didn't download this log because they were blocked by the WAF.

When I go to this URL it gives me a log file giving lots of interesting info I wouldn't want people to see.

I have a log file directory outside my public folder is there a way of moving these files to be stored there and then not allowing this url to access them.

I hope I am worrying about nothing as I'm hoping that this was blocked anyway.

Cheers,

Dave

Sunday, 26 June 2011 14:32 CDT

nicholas
Hi Dave,

In order to access the contents of this URL you need to be logged in as a Super Administrator (or a back-end user which has EXPLICITLY given the "Download" privilege using our Access Control feature) to your site's back-end. Otherwise, you won't be able to access it. If you want, substitute your domain name with this site's domain name and give it a go ;) As you would assume, I do take security very seriously and I consider log files to be of the same, utmost, confidentiality as full site backups.

Why it worked in your case? Because you were already logged in (that's what your browser cookie and Joomla!'s session storage told the Joomla! core). Try to log out of your site's back-end and retry accessing that URL. It no longer works :)

As for the severity of this unauthorised access attempt... All I can say is that the "attacker" was a complete idiot. If he had the slightest clue, he would have already known that this "attack" (it's a stretch to call it such!) is bound to fail anyways. Don't lose any sleep over it.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 26 June 2011 14:52 CDT

davesage
Hi Nicholas,

Thanks for the quick response. I got my head round it after my initial panic, after I posted, and did exactly what you said logged out and tried the url and it bounced me to my home page as expected and logged my attempt to get to the file.

I didn't think you'd let this file out, but thought I should check.

Thanks again for all your hard work and dedication to Joomla security.

I sleep easier knowing I'm running ATPRO.

Cheers,

Dave

Sunday, 26 June 2011 15:31 CDT

nicholas
You're welcome, Dave! It's a pleasure to be of assistance.

I would like to also thank you for your kind words. It's a great satisfaction (actually, the greatest there is!) to know that my software has a positive impact. That's what fuels my coding fingers :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!