Support

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)

Description of my issue:
I have had two separate sites hacked in the last year by IPs outside of the USA (one in RU one in Saudi Arabia). In both cases, admin tools was installed and geoblocking turned on to block access from all areas except the USA. In both cases the admin tools had been settings had been "neutered" by disabling the WAF and geo blocking. In one case, when I accessed admin tools it had reverted to the initial run screen.

Is this an issue with admin tools? Or is it more likely that a password for administrator access was compromised? I am not using the two tier authentication as your documentation makes it sound like it is not ready for use. Any advice?

I just realized that I may have contributed to the hacks by a tremendous error on my part when using Admin Tools. I have used Admin Tools for some time, and never really studied your documentation (a sin, but quite true). Because I have had occasional file permission issues in the past, I will at times click on "fix file permissions" for no reason other than I am in Admin Tools and it ensures everything is properly set.

This left the configuration.php file at 644.

It is my own fault, and I have now gone into all of my Joomla installations with admin tools installed and changed.

I am writing to suggest that a good upgrade, to prevent folks like me from hurting myself, would be to either default to 444 on configuration.php or to flash a warning whenever "fix permissions" is click and configuration.php is set to higher than 444.

Thanks for your great software and Joomla contributions.