Support

Admin Tools

#24304 getting tons of these error code emails and can't distinguish the IP

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by avcompinc on Tuesday, 02 February 2016 12:23 CST

Wednesday, 27 January 2016 22:37 CST

avcompinc
 I am receiving tons of these emails a day with the following information in them. I am attaching a text file with a copy of the data because the last time I pasted the text into this form, your site threw 403 error. So please see attached file.

Is there something wrong with my Admin Tools install? How can this be fixed please?

Wednesday, 27 January 2016 23:58 CST

nicholas
This excerpt from the log proves that Admin Tools protects you against the zero-day attack which was fixed in Joomla! 3.4.6. However, you should go to Admin Tools, Web Application Firewall, Configure WAF, Basic Protection Features and set Enable IP Workarounds to No. Please note that IP workarounds are only necessary when you have a reverse proxy or CDN in front of your site and your web server is not configured to accept the forwarded end user's IP address.

Background information: Joomla! 1.0.0 to 3.4.5 (inclusive) was susceptible to a PHP session handling security hole which allowed a malicious user to run arbitrary PHP code with Super User privileges on your site. The attack vector in Joomla!'s case was a specially crafted User Agent string or X-Forwarded-For HTTP header. The latter is used instead of the IP of the attacker. Admin Tools is aware of these attack vectors and stops them. That's why you see these messages. If you disable the IP workarounds which are not necessary on your site the attacks will still be stopped but the real IP of the attacker will be displayed in the message.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 02 February 2016 12:23 CST

avcompinc
Thank You Nickolas!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!