Support

Admin Tools

#13777 tmpl= in URL Amd Wjat It means

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Thursday, 11 October 2012 14:33 CDT

Thursday, 11 October 2012 02:06 CDT

eng
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? No
Joomla! version: 2.5.7
PHP version: 5.3.10
MySQL version: (unknown)
Host: VentraIP
Admin Tools version: 2.4.0

Description of my issue:

Hi,

Last Friday, I had about 22 security exceptions within an hour with the following reason - "tmpl= in URL". I tried looking that up but there was no explanation on Akeeba, though my host said that it was a script attack. Except for 2 of the same ip's used, they all came from various locations around the world.

What should I do?

Thursday, 11 October 2012 02:11 CDT

nicholas
Go to the documentation page for WAF, search for "Block tmpl=foo system template switch". Read that paragraph. It will allow you to understand what that is.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 11 October 2012 02:18 CDT

eng
Hi Nicholas,

Are you saying that by using tmpl= in URL that they were trying to load a different template? Via the URL?

Still not quite clear on this?

Thursday, 11 October 2012 02:19 CDT

nicholas
Please paste a few of the URLs so that I can tell you exactly what it is.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 11 October 2012 02:55 CDT

eng
All the URL's include today's attempt were:

http://aaamazing.com.au/Search.html?format=opensearch&id=104&tmpl=index

Thursday, 11 October 2012 03:26 CDT

nicholas
This is not an attack. You are using an extension which provides a search specification in the OpenSearch format. Please contact its developer to find out what the valid tmpl keywords are and add them to the list of allowed tmpl keywords in Admin Tools' Configure WAF page.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 11 October 2012 04:17 CDT

eng
How can I tell what extension is using that OpenSearch format?

Thursday, 11 October 2012 04:52 CDT

nicholas
This is something I cannot help you with. You and only you know which extensions you have installed on your site and what they are supposed to do. A quick Google search reveals a lot of search-related extensions listed in the JED. Maybe you have one of the installed?

For what is worth, Joomla! 2.5 does implement OpenSearch in its core component com_search. That said, I don't see it using the tmpl keyword anywhere. This leads me to believe that you are not using the core search component to provide OpenSearch for your site.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 11 October 2012 14:07 CDT

eng
ok thanks for your help : )

Thursday, 11 October 2012 14:33 CDT

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!