Support

Admin Tools

#23211 Security Exception

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Friday, 04 September 2015 02:03 CDT

Thursday, 03 September 2015 09:31 CDT

Ch3vr0n
 Now i just installed a component on a concept site called Ignite Gallery, i starting configuring and uploading images and all of a sudden (4 minutes later) i was greeted in my inbox by an automatic ip ban

The banning occured at 16:18, i saw the messages appear at 16:22

SQLi Shield x2
DFI Shield x1
Country CN - User Agent Ruby
IP Address: 115.159.64.220

Should i be worried? This occured minutes after i started using that extension so a bit worried that there's something fishy with that component. I did not have that issue with phoca Gallery the day before. Just to be on the safe side, i've uninstalled that component for now until you can advise

Thursday, 03 September 2015 10:30 CDT

tampe125
Hello,

the logged IP address is yours?
The security exception happens exactly when you use that component?
Sometimes components are triggering some exceptions since they are doing "weird" stuff. If you trust such component and its developer, you can create a WAF exception, so you won't lock yourself out again.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 03 September 2015 10:36 CDT

Ch3vr0n
Nope it aint mine. I'm belgian not chinese and my server isn't located in china either. That's why it got me worried

Thursday, 03 September 2015 10:54 CDT

tampe125
Doing some research, it seems that an old version of that component had a security issue
https://www.exploit-db.com/exploits/6723/

However the exploit is very old (2008) and related to a very old version (0.8.x while the latest version is 3.6).
I think the attacker tried to use an old vulnerability, however you should ask more details to the developers of that extension, we can only try to detect and intercept the attacks performed.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 03 September 2015 11:03 CDT

Ch3vr0n
Version used was 3.6 but no need. Swapped to Phoca Gallery. I don't like security exceptions, no matter who or what does it. Components shouldn't trigger exceptions period, no excuses. Now since the exception happened on the concept site and not the live one, no real harm done. Phoca Doesn't trigger it, bit more options and complicated to use but does the trick just fine without security issues

Friday, 04 September 2015 02:03 CDT

tampe125
ok, I'm glad you fixed your issue!

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!