Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (Exceptions, Security Exceptions Log, Chapter 2. Using Admin Tools, What is Bad Behaviour, why do I receive emails about it by Admin Tools and what does it mean?, Web Application Firewall, Server protection)? YES
Have I searched the tickets before posting? YES
Have I read the documentation before posting (Chapter 2. Using Admin Tools)? YES
Joomla! version: (2.5.9)
PHP version: (5.3.13)
MySQL version: (5.1.66-cll-lve)
Host: (www.oderland.se)
Admin Tools version: (2.4.4 Pro)
Description of my issue:
To me the security exception tmpl= URL is somewhat difficult becasue I'm not sure when I should take action (block an IP).
What your wrote here was extremely helpful
<quote>
A hacker will use the tmpl= URL parameter for fingerprinting. Let's say I don't know if your site is using Joomla!. I will take a regular URL and pass tmpl=gobbledygock. If I see the template reverting to one of Joomla!'s built-in templates I know that you're using Joomla!. Based on some things in the HTML of the template I might even understand which version family (1.5, 1.6, 1.7, 3.0) of Joomla! you're using. This is not the only way to do that, it's just one of the most popular.
</quote>
My assumption:
So that probably means I could rule out the tmpl= URL security exceptions that have, for example
component/mailto/?tmpl=component&template=template_name
in the URL as harmless? Cause they would be caused by the “mailto icon” in articles?
Question:
But still - why am I still getting these security exceptions with URLs like
mydomain/component/mailto/?tmpl=component&template=my_template&link=xxxxxxxxxxx
even though I've set all icons in article manager options to HIDE?
And should I block IP's causing this security exception (template= in URL, with "mailto" in the URL)?
This applies to 3 different websites where I've set all icons in article manager options to HIDE.
Thank you for your great extensions Nicholas :-)
