Support

Admin Tools

#13765 Question about somethink in firewall log

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 10 October 2012 06:55 CDT

Wednesday, 10 October 2012 06:42 CDT

petr86
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (2.5.7)
PHP version: (5.3.16)
MySQL version: (5.5.11)
Host: (optional, but it helps us help you)
Admin Tools version: (2.3.2)

Description of my issue:
In firewall log I have this things: Reason tmpl= in URL; target URL: http://www.moto-svet.cz/hledat?format=opensearch&id=289&tmpl=index, you may see it on screenshot.
It is probably because I have "Block tmpl=foo system template switch" ON.

But what is it? Is it some attack or is it safe? May I add it to tmpl= keywords whitelist?

Thanks
Petr

Wednesday, 10 October 2012 06:55 CDT

nicholas
It is blocked because you have set "Block tmpl=foo system template switch" to Yes, exactly as you said. Now, is it something expected or not? Difficult for me to say. Are you using an extension which may be using format=openserach and tmpl=index? If you do, it's not a hacking attempt. If you don't, it's a hacking attempt.

Poking around your site it seems that format=opensearch does return valid data. I suspect that this is the result of a legitimate extension providing this sort of data. Please ask its developer what are the valid tmpl values he's using and add them to the list of allowed tmpl values in Admin Tools' WAF Configuration page.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!