Support

Admin Tools

#11352 DFIshield / googlebot

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 04 March 2012 07:19 CST

Friday, 02 March 2012 16:55 CST

user58348
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? yes
Have I read the documentation before posting (which pages?)? apublic ticket
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)

Description of my issue:

Hi Nicholas,

I recently received a system mail telling me that the DFIshield was used against an IP-address (66.249.66.213). In the IP lookup I found out, that it has been a googlebot. In another public ticket you said that it could nevertheless be the attack of a hacker. What should I do ?

Thank you in advance

Netzy

Friday, 02 March 2012 17:16 CST

nicholas
You don't have to do anything. Admin Tools blocked that suspicious request. That's all that was required to be done.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 03 March 2012 13:48 CST

user58348
You don´t think that this ip address should be added to the white list in order to avoid blocking of goolgebots? According to http://chceme.info/ips/ it is the ip address of google ...

Greetings

Netzy

Sunday, 04 March 2012 03:33 CST

nicholas
Netzy,

As you see, the defaults are pretty stark. It's up to you to create the kind of whitelists which are fit to your site. For some people, allowing GoogleBot would be a mistake, especially if GoogleBot had cached URLs which were repeatedly used by hackers to compromise my user's site and my user wants to block GoogleBot until he fixes his/her site.

Here's what I think about defaults. A locked door can keep the burglars out, but can also trap people in a burning building. I should not decide if the door in your building should be locked. I should only provide you with the lock and the key and let you decide if you want to lock it or not.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 04 March 2012 06:56 CST

user58348
Hi Nicholas,

in other words: even if the IP address which is shown belongs to Google, it might be a hacking attempt ?! If this is correct, I´d rather keep the door closed and the key in my pocket ;-)

Greetings

Netzy

Sunday, 04 March 2012 07:19 CST

nicholas
If the IP belongs to GoogleBot, the request comes from GoogleBot. However, what does the request mean? GoogleBot has no idea. If I were a clever hacker and found an exploit to your site, I could create a sitemap to my site which contains a link to your site. Only that the link to your site is actually a URL which is supposed to hack (or at the very least cause unexpected behaviour) on your site. GoogleBot picks it up and tries to access it. As a result, my hacking attempt does not originate from me, but from GoogleBot. If you add GoogleBot's IP to the "Never block these IPs" whitelist, then Admin Tools' protection won't be applicable to the requests coming from GoogleBot. If you have a vulnerable extension on your site and a clever hacker uses the aforementioned trick, your site will be hacked despite having Admin Tools installed and properly configured.

The correct solution is to see why GoogleBot is being blocked and add some .htaccess code to redirect these suspicious URLs to a 404 error page. This will cause the GoogleBot to not be blocked (the 404 will occur before Admin Tools has a chance to execute) and it will also tell GoogleBot to not visit that URL again (after it sees a 404 a few times, it will consider it a broken link and remove it from its list of URLs to look up).

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!