Support

Admin Tools

#12215 Honeypot breaks firewall

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 08 May 2012 06:12 CDT

Tuesday, 08 May 2012 03:56 CDT

user61729
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yas
Joomla! version: (2.5.4)
PHP version: (5.2.17)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (2.2.5)

Description of my issue: Honeypot breaks firewall, exactly as described in ticket# 12094. (https://www.akeebabackup.com/support/admin-tools/12094-activating-honeypot-option-broke-the-firewall.html)

I found out about this upon discovering that I could access the administration entry page using the default URL. So I reset the secret URL parameter, then logout to test, and it just redirects to home page. Rename main.php to regain access, tried another secret URL, logout, same thing occurs. So then I jumped onto forum, found the ticket thread mentioned above, switched off honeypot, and then everything is working again. Except of course now there is no honeypot protection.

I have followed your suggestions in that thread, and the problem remains.

Tuesday, 08 May 2012 04:15 CDT

nicholas
Try accessing this site's administrator URL. Can you see the login page? (I have the Project Honeypot integration turned on and, of course, the latest version of Admin Tools Professional installed)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 08 May 2012 04:24 CDT

user61729
With HP switched on and with secret URL parameter set, yes, standard administrator URL is visible. With HP switched off and secret URL parameter set I can only access admin via secret URL version, as it should be.

Also, it might be worth you knowing that when I looked in the firewall for the first time upon discovering I had access via standard URL, the secret was gone. ie: blank field. ironically, I could still access the administrator page with the secret URL, even though there wasn't one there.

Tuesday, 08 May 2012 04:43 CDT

nicholas
On every single site I've tried what you said –including this one– I can not replicate your issue. As I told you, try accessing https://www.akeebabackup.com/adminsitrator. Do you or do you not see my login page? Please do reply to this question. I am only able to test it from two IPs, the static IP of my main ADSL line and a semi-random IP assigned to me by me cellphone operator. My static IP is in the whitelist, so I can access everything without being blocked. From the cellphone's IP (which is not in any whitelist) I can not access the backend login page without the secret URL parameter. Do note that this site is using Admin Tools Professional 2.2.5 with the secret URL parameter turned on and Project HoneyPot integration turned on, too. I want you to tell me if you can access the login page or not so that I can understand if it's a problem with your site or a problem with my testing methods. Obviously, unless I can replicate a problem I can't solve it.

FWIW, what I understand from your description is that you have a different problem. For some reason, you are losing your firewall settings. That's why the secret URL parameter becomes blank and that's why you no longer have a secret URL parameter protection for your back-end.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 08 May 2012 04:57 CDT

user61729
Sorry, misunderstood you last post.
No, I cannot see your admin page using that URL.

You may be correct in saying that some other problem caused that particular firewall setting, I cannot say for sure. What I can say for sure is that since I discovered it, I have ran numerous attempts at getting a secret URL admin working with HP activated.

With HP activated, it redirects to home, on both standard admin URL and secret version. With HP disabled, it works.

Tuesday, 08 May 2012 05:08 CDT

nicholas
All right, so it's something only on your site. Enable the URL secret parameter. Log out and try accessing the back-end login page without the secret URL. You should not see the login page.

Log in to your site. Go to Admin Tools and enable the Project HoneyPot integration. Save. Log out and try accessing the back-end login page without the secret URL. Can you see the log in page now? If you can see the login page, log in and check the WAF configuration in Admin Tools. Is the secret URL parameter blank?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 08 May 2012 06:00 CDT

user61729
Log in to your site. Go to Admin Tools and enable the Project HoneyPot integration. Save. Log out and try accessing the back-end login page without the secret URL. Can you see the log in page now?


No, working as it should be all of the sudden. Before I was unable to see the admin page using the secret URL, but magically, this time I can (and this is about the 5th time I've done it, first time successfully). How strange.

And no, the secret URL parameter is not blank, nor did it blank out on my other attempts. I am not sure that the HP activation issue and field blanking were related. I have certainly not seen any evidence to suggest so.

In any case, it all seems to be working now.

Cheers,
Josh

Tuesday, 08 May 2012 06:02 CDT

nicholas
I will write it off as a temporary issue :) If it happens again, follow the steps above. It will be interesting to see if we can replicate this somehow.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 08 May 2012 06:10 CDT

user61729
Indeed. I'll keep an eye on it and let you know if I see it occurs again

Tuesday, 08 May 2012 06:12 CDT

nicholas
Thank you!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!