Support

I have 2 questions:
1) with the new version of the Admin Tools, they quick setup creates a code to access the backend:
sitename.com/administrator/?idskhdi

So the code: ?idskhdi
if someone did not enter it it will go to the home page. Do I need to create: Directory "folder" password with this new feature?
of its not necessary any more.

Because I noticed if we only keep the code not creating the folder password protction, there is no:
.htaccess
.htpasswd

So I'm not sure if my admin is safe without at least .htaccess


2) after upgrading to the latest version of Admin tools, I got over 20 emails with Security exception notifications in both things:
IP Address: 87.118.135.129 (IP Lookup: IP Lookup)
Reason: Admin Query String

and

IP Address: 68.180.228.110 (IP Lookup: IP Lookup)
Reason: template= in URL

I'm not sure what is going on, are people trying to spy on me and find out or trying to hack my site, or what is going on, why I'm getting so much alert from people all over the world by IP address, and why they want to hack my small site lol. I do not think my site is that important or has any credit info for them.
please help, as now I'm greeting some concern that people are looking at my site, and the question how did they find my site. and there are billions of sites around the world and why ME.

My site is non for profit and people should respect the cause of my site not looking a way to hack. so I'm really not sure.

For example: there is an ip address that kept coming from Denmark
IP Address: 93.160.60.22 (IP Lookup: IP Lookup)
Reason: template= in URL

and when I go to google Analytic, it shows in the GEO report that there is no hit from that country.


Please help.

Thanks,

The secret parameter is one way of protecting the back end of your site, you are hiding the back end login. Password protecting the /administrator folder is a different way of protecting the back end of your site. You can use one or both. Both provides better protection but makes you jump through more hoops to get to the back end.

The only thing the .htaccess file in the /administrator folder does is trigger the password protection. All other .htaccess level protections are inherited from the .htaccess file in the root folder.

You need to take a look at the auto ban feature. After x number of attempts in y minutes/hours/days the IP address will be banned for z minutes/hours/days. Hackers don't use their own IP address so any address that you ban is a potential legitimate visitor tomorrow. When the IP address is banned, the hacker will just move to another IP address or go bother some other site that is not so well protected. If the IP address is banned multiple times, you can set it up to permanently ban that address.

The GeoIP information relies on a third party database that tracks the country of an IP address. It is about 90% accurate. GeoIP blocking is pretty effective against a script but a human will just log in to a proxy server in an allowed country and keep on attacking.

It doesn't have anything to do with your site. The script just goes from one IP address to the next looking for vulnerable sites. When it can get control of one, it can set the site up to serve infected files or spew out spam emails - using your IP address. You can't stop them from trying, you can only stop them from succeeding. I'm the webmaster of a non profit site, I feel your pain.

Hi I can add exception to the firewall, as I see lots of people get blocked into the site, I'm using rockettheme template and it does not support older browsers:

https://www.mysite.com/?tmpl=unsupported

Do you think if I make this exception will be safe?:
?tmpl=unsupported


Also lots of the security alters for:

/component/mailto/?tmpl=component&template=ccimy_temp&link=a1b7e40acc70d275f33b3f2f338302f43ec51ada

Adding "unsupported" to the allowed list is not really a security exception. It is part of your template that warns users that their browser is unsupported. Your template needs that permission to work properly.

but people are getting blocked of that .
because they are trying to access the site and a white page shows because its unsupported.
so after trying 3 times the ip is blocked, I got some phone called from people they are not able to access the site.

Adding "unsupported" should stop the ban. They should be getting an error page from your template telling them what is wrong. Your template is throwing the "error" message, Admin Tools is blocking its display. Adding unsupported will allow that display.

so I just added: unsupported

but I'm still getting the alerts, please see my setting if its correct in the attached. file.

Also, how I can fix the mail issue:

/component/mailto/?tmpl=component&template=ccimy_temp&link=a1b7e40acc70d275f33b3f2f338302f43ec51ada

Thank you

Sorry, I didn't see your attachment. That isn't where we add that.

Under Web Application Firewall, Configure WAF, on the Visual Fingerprinting Protection tab, add "unsupported" to the List of allowed tmpl= keywords.

great, the unsupported now is wokring :)

how I can fix the mail issue:

/component/mailto/?tmpl=component&template=ccimy_temp&link=a1b7e40acc70d275f33b3f2f338302f43ec51ada

what should i do, thank you again

I have set: Yes to allow site template. I hope that should be fine.?

That is the correct answer.

Thank you dlb for all the help and guidance.

God bless Akeeba :)

You are welcome!

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.