Support

Admin Tools

#10157 Geo blocking and addon domains

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Thursday, 15 December 2011 14:49 CST

Thursday, 15 December 2011 11:35 CST

Mobilepro
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.25/1.7.3
PHP version: 5.2.15
MySQL version: 5.0.92
Admin Tools version:2.1.14


Description of my issue:
Hi Nicholas -

I just wanted to get some advice on the correct way to setup AT/WAF with my configuration.

I have a root domain/website with several add-on domains (not setup as subdomains) under the root and the VPS server is running CSF. I have admin tools installed on every site but I'm noticing that only the root website gets security exceptions in WAF (in addition to CSF blocking).
My question is should add-on domains be treated the same as subdomains and use WAF on all the sites?

Thanks

Thursday, 15 December 2011 12:06 CST

nicholas
Admin Tools should be installed on each and every site you want to protect. Just think about how Admin Tools works. When a page is requested, Joomla! is loaded, then Admin Tools' system plugin runs, then the rest of your plugins, modules, components and templates load. Obviously, when you have an add-on domain or a site in a subdirectory, it's a separate Joomla! installation. It doesn't know that it has a parent site, let alone that its parent site has Admin Tools installed. Therefore, Admin Tools won't run on the child sites / add-on domains unless it's installed there. As a result, what you're doing right now is correct.

Regarding your question, yes, have WAF turned on on all sites. I mean, you can't predict if and when an attacker will try to infiltrate any of those sites. Admin Tools' WAF is part of your hacking prevention policy, therefore it should run even on the sites which do not get any attacks yet. Please note that the popularity of the site is irrelevant to the hacking risk. I've seen quite busy sites which get no attacks and I've seen a site with only 30 pageviews per month getting hacked. Go figure!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 15 December 2011 14:23 CST

Mobilepro
Thanks as always for your great support and help...ironically after months of having AT installed and not one security exception I suddenly got several hits on one of the sites not an half hour after I did this post!





Thursday, 15 December 2011 14:49 CST

nicholas
What can I say, hackers are like Beetlejuice. If you say their name three time, they appear all of a sudden :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!