Support

Admin Tools

#14192 Giving admin credentials to 3rd party for temporary access to backend

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 30 November 2012 12:02 CST

user40075

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? some
Have I read the documentation before posting (which pages?)? didn't look very hard
Joomla! version:2.5.8
PHP version: 5.3current (unknown)
Host: Rochen
Admin Tools version: 2.4.2

Description of my issue:

 

Hi Nikko!

 

I want to allow a third party to have temporary access to my back end so he can help with a problem.

I gave him good credentials but he apparently cannot obtain a login page.

My thought was to go into .htaccess Maker and toggle off the backend protection.

(I did whitelist his IP but that didn't help.)

 

I could just turn off admintools temporarily but I don't particularly care to do that. : )

 

What do you recommend?

 

Thanks,

 

Lowtech

 

 

 

nicholas
Akeeba Staff
Manager

The one thing which should not have anything to do with that is the .htaccess file.

Do you have an IP block on his IP? You will need to remove him from it if you do.

Do you have an Administrator IP whitelist? You will need to add him there if you do.

Do you have an administrator secret word? You will need to supply it to him.

Do you have administrator password protection? You will need to give him the username/password to see the login page.

 

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user40075

Hi Nikko!

 

In answer to your questions:

 

Do you have an IP block on his IP?   NO

 

Do you have an Administrator IP whitelist? YES. He was added.

 

Do you have an administrator secret word?  NO

 

Do you have administrator password protection? NO

 

I note his IP appears in the Security Exceptions Log, with the reason given being IP

whitelist. Strange. There are a number of other IPs shown there with the same IP

whitelist reason, but they are not listed in my whitelist. There are only three IPs there. These others

are attackers.

 

Perhaps you could try access yourself if I gave you admin privileges?

 

Best,

 

Lowtech

 

PS It's about this editor : (    Default 8 pt? No line-height compensation for larger type?

nicholas
Akeeba Staff
Manager

Then I am pretty sure the problem is unrelated to Admin Tools. I'll give you the benefit of doubt. Let's make sure that the problem is indeed caused by Admin Tools. In order to do so, try the following:

1. Try setting the Error Reporting level in your Global Configuration to "None". Many errors are caused by harmless PHP Notices and Warnings being output to the browser, breaking anything which requires HTTP header manipulation such as Joomla!'s session management, AJAX calls and download systems.

2. Try to replicate the issue after disabling the "System - Admin Tools" plugin. If you can still replicate the issue, it is not caused by Admin Tools. Disabling that plugin means that Admin Tools code (including the Web Application Firewall) is not running on your site.

3. If you suspect an issue with the .htaccess file, replace its contents with the contents of the stock htaccess.txt file shipped with every version of Joomla!. If you are on GoDaddy please wait for 1-30 minutes for the changes to be effective. Then, retry loading the problem page. If you can still reproduce the error, then it is not caused by .htaccess Maker.

If doing any of the above resulted in the issue still occurring, it's not related with Admin Tools and I can't help you. If doing any of the above did stop the issue from occurring, we'll have to do some troubleshooting.

First go to Admin Tools, Web Application Firewall, Configure WAF. Make sure "Log security exceptions" is set to Yes; if it's not, set it to Yes and click on Save. Now try reproducing your issue. Immediately after that, please go to Admin Tools, Web Application Firewall, Security Exceptions Log and go to the last page. The last log entry should have the date and time of when the issue occurred. Please copy the Reason and Target URL here so that I can help you.

If, however, you do not see a log entry, or the Date and/or IP address do not match your last access, this problem is not caused by Admin Tools' WAF. In this case, you will have to do some .htaccess troubleshooting. You may need to read the general .htaccess troubleshooting page, as well as the page on finding out necessary .htaccess exceptions.

PS: Regarding the browser. The font size 10pt and I can read it, with -3.75/-4.00 degress on each eye and rather old glasses, from 2 meters across the screen on my 15" screen. BTW, in case you missed it, it's the exact same font and size as the editor in your Joomla! backend. In case you also missed it, it's the same size as the letters in the site, albeit solid black instead of dark gray (for better contrast). Not to mention, of course, that you can always use your browser's zoom-in feature: CTRL-+ (Windows, Linux) or CMD-+ (Mac) ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user40075

Hi Nikko!

 

I had to disable AdminTools default.php temporarily to let my third party in.

I don't know if his problem was unique but I can't spend time now to prevent a future 3rd party problem.

 

By the way, I think something is askew regarding the ticket editor. I attach a screen capture of how your setup looks to me

while I am typing.

 

Best,

Lowtech

nicholas
Akeeba Staff
Manager

Hi Lowtech,

If you don't spend time you'll never know what prevented your user from entering to the backend. It could be the Project Honeypot integration thinking that your other admin has an IP address suspicious for spamming/cracking. It could be the Bad Behaviour kicking him out because, for example, your other admin has installed a User Agent switch extension on his browser and he has set up his browser to pretend to be GoogleBot. There are so many stupid things a third party can do, all the while saying "no, no, I didn't do anything!". I don't have a crystal ball and I don't expect you to have it. Magic left aside, you have to do some troubleshooting, using my very clear, dead easy, extremely quick to carry out instructions:

First go to Admin Tools, Web Application Firewall, Configure WAF. Make sure "Log security exceptions" is set to Yes; if it's not, set it to Yes and click on Save. Now try reproducing your issue. Immediately after that, please go to Admin Tools, Web Application Firewall, Security Exceptions Log and go to the last page. The last log entry should have the date and time of when the issue occurred. Please copy the Reason and Target URL here so that I can help you.

It should take you all of 2 minutes to carry them out and I could give you a solution or at the very least an explanation of what is going on. So, please, don't sound annoyed that you don't know what happened or if it's a generic issue. If you spend 2 minutes you can find out. Otherwise I will ahve to spend about 5 hours theorising what could have gone wrong and you would have no way to check if my theories are right, wrong or plausible.

Regarding the editor: this is not how the editor is styled. Which browser are you using?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user40075

Nikko,

 

I can't reproduce the issue.  I gave the third party my own credentials. I have no problem logging in with my own credentials, but he couldn't until I turned off Admin Tools.

I have always logged security exceptions. The third party is logged there at the top of the list under the reason "admin whitelist." I added him to the whitelist so he shouldn't be listed there at all, right?

 

The security exception for the third party is IP Whitelist and the URL is

mysite/administrator/index.php (omitting the http://)

(Hm, why do I have dozens of IPs listed there with the reason being IP whitelist when they are all from Turkey, Russia, Ukraine, etc.,? I suppose it is an invitation to add them to the whitelist?

 

 

 

Appreciate any light you can throw on the issue.

 

Best,

 

Lowtech

 

PS

Regarding the editor: the undesirable behavior occurs in FireFox and IE but not in GoogleChrome. I can increase the font size to 10 point by selecting 10pt from the menu but the default is much smaller.

nicholas
Akeeba Staff
Manager

OK, the "Admin Whitelist" means that the IP of that third party is not in the administrator IP whitelist. See the third point in my first reply. Since you've added his IP on the whitelist it can't raise a new Admin Whitelist exception. If this happens it means one of:

  • you entered the wrong IP 
  • you accidentally typed a comma instead of a dot in the IP address, e.g. 192.168,0.1 instead of 192.168.0.1
  • you accidentally typed whitespace before, after or in the middle of the IP, e.g. 192.168. 0.1
  • his IP is dynamic

In this case you can always temporarily disable the Administrator Whitelist feature.

Moreover, if his IP got autoblocked you must remove it using the Auto IP Block Administration page, otherwise your user will remain blocked.

Regarding the editor, it doesn't surprise me it only happens in Firefox. A lot of strange issues happen with FF  lately (ever since the 6 week release schedule was adopted) and I've stopped officially supporting it.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!