Support

Admin Tools

#27039 blocking admin IP address

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 05 March 2017 17:17 CST

Friday, 03 February 2017 05:38 CST

monetise
 I upgraded AdminTools yesterday to 4.1.1
And now twice today our office IP has been blocked by AdminTools

Below is the email we receive:

Hello,

We would like to notify you that a security exception was detected on your site, Beauty Bulletin, with the following details:

IP Address: 41.xx.xx.xx (IP Lookup: IP Lookup)
Reason: Frontend Edit Admin User

If this kind of security exception repeats itself, please log in to your site's back-end and add this IP address to your Admin Tools's Web Application Firewall feature in order to completely block the misbehaving user.


It seems happens when we log in to the backend of Joomla. To us this seems like a new bug.

Friday, 03 February 2017 06:56 CST

nicholas
This is not a bug. Admin Tools has a new protection feature which prevents anything in the front-end of your site from modifying a user account with administrator access privileges. It seems that you have a misbehaving plugin on your site which tries to modify the back-end users. I know that you said this happens when you try to log in to your site's back-end. This probably happens because the misbehaving plugin injects Javascript code in the login page to call something through your site's main index.php file (therefore: the front-end of your site).

The correct and permanent fix is trying to find which is that plugin and disable it. As you can read in our documentation you should never, ever have a plugin modify administrator users from code which is accessible through the front-end of your site. This is VERY dangerous. A small bug can open a massive security hole which lets an attacker either escalate his privileges (convert a Registered user account to Super User) or create a privileged account (e.g. directly a Super User account). Considering how new versions of Joomla allow Super Users to access and modify the site's Global Configuration from the front-end this can prove to be fatal for your site, EVEN if you have taken all sane security measures for protecting your site's backend (complex passwords, two factor authentication, IP whitelist, admin password protection and administrator secret URL parameter). Simply put, it doesn't make sense to lock down the front door of your house and leave the kitchen window unlocked...

The temporary and incorrect fix is to disable this Admin Tools protection which leaves your site vulnerable. If you decide you accept the risk you may go to Admin Tools, Web Application Firewall, Configure WAF, Joomla! Feature Hardening Options and set "Disable creating / editing backend users from the frontend" to No. If you choose to do that please keep in mind that you are opening your site to a class of attacks we are aware of and which we are trying to protect you from.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 05 March 2017 17:17 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2017-03-05 17:17 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!