Support

Admin Tools

#9985 Understanding the operation of the tool Web Application Firewall

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 01 August 2011 01:15 CDT

Saturday, 30 July 2011 00:34 CDT

user42830
Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the forum before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)

Understanding the operation of the tool Web Application Firewall
I read the documentation at this point but I still doubt has arisen:

Administrator secret URL parameter

Normally, you can access your site's administrator area using a URL similar to http://www.example.com/administrator. Potential hackers already know that and will try to access your site's administrator area the same way. From that point they can try to brute force their way in (guess your username and password) or simply use the fact that an administrator area exists to deduct that your site is running Joomla! and attack it. By entering a word here, you are required to include it as a URL parameter in order to access your administrator area. For instance, if you enter the word test here you will only be able to access your site's administrator area with a URL similar to http://www.example.com/administrator?test . All other attempts to access the administrator area will be redirected to the site's home page. If you do not wish to use this feature, leave this field blank.


Understanding the operation of the tool Web Application Firewall

I read the documentation at this point but I still doubt has arisen:

At this point I mention that my site has already installed the plugin kareebu which has a similar function, for example with this plugin you have to type the address siguiernte www.misitio.com/administrator/? (Password assigned to pugin).

There will be a problem if I use both tools admintools Kareebu and function?

Saturday, 30 July 2011 01:47 CDT

nicholas
Hello Rodra,

Both Kareebu and this feature of Admin Tools Professional do the same thing. Please keep only one of them activated. Activating both may lead to inability to log in to your site's administrator area.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 31 July 2011 00:36 CDT

user42830
Continued to study the documentation of the component Admintoolspro but right now I'm more focused on internal tool Web Application Firewall.

Based on that I just mentioned ask:
In order necessary to bring about the different areas of admin tools or settings I can select the area that currently has more priority for my logical place without affecting the less important?

Sunday, 31 July 2011 01:14 CDT

user42830
Allow administrator access only to IPs in Whitelist

When enabled, only IPs in the Whitelist (see the following sections of this documentation about configuring it) will be allowed to access the administrator area of the site. All other attempts to access the administrator pages will be redirected to the site's home page. Be careful when using this feature! If you haven't added your own IP to the Whitelist you will get locked out of your administrator area!


IP Speaking of White and applied in my case will need to add the IP that corresponds to the place of my work and my home IP which is usually two places where they normally work in different sites I manage and in which I installed the component admintools?

The IP will be added to the white list will only be to enter the area manager for Joomla?

If at any time no IP X add a place as I can solve the problem to access the administrative area?

Sunday, 31 July 2011 05:37 CDT

nicholas
Hello Rodra,

In order necessary to bring about the different areas of admin tools or settings I can select the area that currently has more priority for my logical place without affecting the less important?


I don't understand what you mean. I suppose that you can try enabling each option one by one in order to evaluate if it suits your site.

Regarding the Administrator IP Whitelist, when you enable this options you must add the IPs of all Internet connection which you want to have administrator access to your site in the white list. If an IP is not in the whitelist, it will be denied access to the administrator area (even the login page!). If it is in the whitelist, they will be able to access the administrator login page.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 31 July 2011 11:52 CDT

user42830
Continue to analyze the functionality of the herramieta admintools have reached the point of Registration Security Exceptions.

I noticed a large number of IPS that are registered and corresponding to one of my websites and when I was taken to locate cities in the U.S. and Germany.

I also was struck by the same IP route the copy in the browser bar and what was my surprise to see what I wear. (see pictures)

As I understand this information from the IP?
As I understand the route chosen such IP for example:
http://www.misitio.com/login-verify/index.php
What should I do?

I hope comemntarios valuable.

Sunday, 31 July 2011 15:36 CDT

nicholas
The translation is very bad and I can not understand what you are saying. Does the phishing link warning appear on your site or someone else's site?

If it is your site, check if there is a directory called login-verify. If there is, delete it. Please note that this means that your site was compromised by a hacker who had uploaded a phishing script. You must use the .htaccess Maker to create a secure .htaccess which would render access to this kind of scripts impossible. Moreover, you should follow our site unhacking guide to clean up your site. There is no reason trying to protect and already compromised site.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 31 July 2011 21:36 CDT

user42830
The application of admintools generates me a link to all IPs that have tried to enter my site to copy that link into the address bar takes me to a site apparently of Phishing.

Note: Previously I was generating phishing site and according to my hosting and had it removed.

What I would like to understand is this link:
http://www.nombredemisitio.com/(login-verify/index.php) that this leads me Capure phishing wing.

Sunday, 31 July 2011 21:38 CDT

user42830
The application of admintools generates me a link to all IPs that have tried to enter my site to copy that link into the address bar takes me to a site apparently of Phishing.

Note: Previously I was generating phishing site and according to my hosting and had it removed.

What I would like to understand is this link:
http://www.nombredemisitio.com/ (login-verify/index.php) that this leads me Capure phishing wing.

Sunday, 31 July 2011 21:56 CDT

user42830
By adding these IP (generating Phishing) to the black list under that concept could be classified?

Monday, 01 August 2011 01:15 CDT

nicholas
I think that you are reporting something very wrong, or your computer is infected with malware.

The IP column generates a link to ip-lookup.net, e.g. http://ip-lookup.net/index.php?ip=85.75.91.237, which is NOT a phishing link and NEVER was a phishing link. If your computer reports it as a phishing site, you are infected with malware which "hijacks" the request and tries to redirect you to a malicious site.

The right-hand column in the log view contains the URL on your site which the attacker tried to access. As I said in my previous post, your site was already hacked. Please use FTP to connect to your site. Look for a directory named "login-verify". Remove it. Follow our unhacking guide. You have to clean your site. Otherwise, as I said again, there is no point protecting a site which is already hacked against hackers.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!