Support

Admin Tools

#19681 Good bad IP and IP

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 31 March 2014 15:39 CDT

Tuesday, 25 March 2014 13:35 CDT

Renata1410
 Welcome.

I have a question about blocking IP addresses. How do I know what IP is good. I mean from what IP will use robots such as google, bing and others.

These are the addresses that are blocked and the information in the admin tools are "unsupported" that means that someone is using an old browser so? whether such address block? are they safe?

What to look for when blocking an IP that I know that actually are hacking attempts?

Thanks in advance. Renata.

Wednesday, 26 March 2014 04:57 CDT

nicholas
Rule of thumb: you should never, ever block IP addresses manually (using the IP Blacklist feature) unless you have a very specific reason and you know what and why you're doing it. In the nearly 4 years we have been developing and using Admin Tools on our site we needed to block just one IP, for just a week, due to a sever case of contact form abuse. In so many words: don't block IPs manually, it's very likely that you will cause more problems to yourself than what you solve.

Now, regarding the "unsupported" thing... I am not sure exactly what you see. There are two completely different issues that come to mind, one has to do with how some templates handle Internet Explorer 6 and another one which has to do with IPv6 handling by your server. Can you please post a screenshot of the page where you see that "unsupported" label? It will help me understand exactly which case we have and give you more information about it without running the risk of confusing you.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 26 March 2014 11:16 CDT

Renata1410
Thank you for the quick reply. In Annex I send screenshots via the links are trying to get. Are these supposed to block the IP? Can I enter to the blacklist?

There are entry "tmpl = unsupported" whether they are safe to enter? and also attempts to break? I use templates RocketTheme

Thank you. Renata.

Wednesday, 26 March 2014 17:34 CDT

nicholas
The DFI attacks are legitimate. They are blocked and they should be blocked. Sleep well at night, Admin Tools has got you covered.

Regarding the tmpl issues, please do the following in the Components, Admin Tools, Web Application Firewall, Configure WAF page, towards the middle of the page:

  • Block tmpl=foo system template switch => YES
  • List of allowed tmpl= keywords => component,system,raw,unsupported
  • Block template=foo site template switch => YES
  • Allow site templates => YES


I marked the things you will need to change in red. These settings are what you need to provide the best protection for your site without blocking people who shouldn't be blocked.

PS: Thank you for the very thorough screenshots! They made it much easier helping you.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 28 March 2014 07:14 CDT

Renata1410
Welcome. Thank you for your prompt and specific answer. I have a question. How do I enabled authentication (Password Protection) is a payment does not operate its status is pending. How can I fix this?

Images in the Annex.

Friday, 28 March 2014 10:36 CDT

nicholas
Sorry, we have discontinued support for Akeeba Subscriptions. Besides, I honestly can't even understand your question.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 28 March 2014 11:05 CDT

Renata1410
As it does not support? for what I paid for the addition of the "Pro" Admin Tools. Yesterday was the support, and today right? Now I do not understand.

Friday, 28 March 2014 13:24 CDT

nicholas
I thought that you were asking me a question about a different product, Akeeba Subscriptions. Sorry, I was wrong. You are asking me to provide you support for a third party application called "Reverse Factory". We cannot do that. We can only offer support for Admin Tools Professional. This is what you paid for and this is what we can provide. If you have a problem with the "Reverse Factory" component please ask its developers.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 31 March 2014 05:23 CDT

Renata1410
There are no problems with the "Reverse Factory" everything is working properly. The problem is that the inclusion authentication is not working payment. That's it.

This is not a problem Ads Factory. As there is no authentication it works as it should.

Monday, 31 March 2014 07:36 CDT

nicholas
Sorry, I do not understand what "inclusion authentication" is and your screenshots don't help me understand your question. What I see in your screenshots is a third party application not developed by us, displayed in a language I can't read. Your description of the problem indicates that you have a problem with that third party application. I still can't see the connection to Admin Tools.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 31 March 2014 07:41 CDT

nicholas
Let me see if I can guess. Are you by any chance trying to tell me that after you enabled the administrator password protection in Admin Tools the payments made to Reverse Factory result in the subscriptions not being activated? If this is what you are asking me, you have to contact the developer of that component and ask him if he tries to directly access files in the administrator directory from the front-end of the site. If this is so, there are two solutions:
  • Ideally he should never do that. The proper way is having the payment callback through a front-end view of the component, just like we do with Akeeba Subscriptions. If he has questions about that, please ask him to use our Contact Us page. We'll be happy to help him.
  • If that change is not an option you will have to disable the administrator password protection.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 31 March 2014 12:02 CDT

Renata1410
So in terms of password protection. When I turn it is an error with the payments.

I wrote to "Reverse Factory" asked whether the administrator password without additional working correctly, wrote back that yes. Then I wrote back to me that I have to report to those which component is causing the problem when you turn.

Monday, 31 March 2014 15:39 CDT

nicholas
Sorry, I am struggling to understand you but I can't. Please just disable the Administrator Password Protection (what you have put in a red box in your screenshot). It is impossible for me to help you in any other way.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!