Support

Admin Tools

#27468 COM_ADMINTOOLS_LBL_SECURITYEXCEPTION_REASON_ ???

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 04 May 2017 17:17 CDT

Monday, 03 April 2017 04:43 CDT

crazyhorse
 Over a period of less than 45 seconds We receieved 1341 error messages like this:

2017-03-03 12:20:45 xx.xxx.196.123 COM_ADMINTOOLS_LBL_SECURITYEXCEPTION_REASON_ http://xxx.com/index.php/register-for-an-account?task=reset.request

Probably a problem with my site biut what can I make of the admin tools error message : COM_ADMINTOOLS_LBL_SECURITYEXCEPTION_REASON_

What is the reason?
Β Old and mostly in the way

Monday, 03 April 2017 07:51 CDT

nicholas
There's a missing reason in the security exceptions log. Try installing Admin Tools again, without uninstalling, to make sure that the table is up to date. Moreover, are you using MySQL as your Joomla! database server or something else? There's a reason I am asking.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 03 April 2017 08:17 CDT

crazyhorse
Ok, will do. Will that indicate reasons in retrospect?

The only reason for using MqSQL rarther than MySQLi would be stupidity. Can I change it on the live site? Or do i need to backup and restore to a different place.

Also as Admin tools had recorded a security exception why doidid it not automatically blok teh IP address after three like it does for other atacks?
Β Old and mostly in the way

Monday, 03 April 2017 11:02 CDT

nicholas
Will that indicate reasons in retrospect?


No. It will give me more clues as to what is going on.

The only reason for using MqSQL rarther than MySQLi would be stupidity.


I agree :) It would also make some things break in Admin Tools, that's why I asked.

Can I change it on the live site? Or do i need to backup and restore to a different place.


No in both cases. You either start a site with MS SQL or MySQL. You can't switch between different database technologies.

Also as Admin tools had recorded a security exception why doidid it not automatically blok teh IP address after three like it does for other atacks?


It depends on when they came and which IP addresses are from. If they are from different IP addresses then they wouldn't be blocked (of course). If they come from the same IP address or an IP cluster but all appear on the same few seconds they might have been part of a concurrent attack. Since all the requests are being handled at the same time Admin Tools doesn't see the other blocked requests. Future requests WILL get blocked, though. Finally, it also depends on your settings (how many attacks in how much time must occur for someone to be blocked?).

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 03 April 2017 12:04 CDT

crazyhorse
Unfortunatley I am out of the country tomorrow until the 15th so I am not going to have any time to deal with this before I go and I may not have sufficent internet to do much when i am away.

Sorry for teh confusion

I am using MySQLi not MySQL so I can recover for being totally stupid. Fat fingers typing I thought we were talking about the difference between MySQL and MySQLi - I wouldn't touch MS (spit) unless I had to. I think I have changed between MySQL ands MYSQLi in restoring backups.

All the attacks came from one IP address (62.232.196.123) making 1341 calls to that same url -- http://xxx.com/index.php/register-for-an-account?task=reset.request -- in less than 40 seconds.

Is it connected with the fact that I have thses entries in Extensions / Manage / Manage
Status Name Location Type Version Date Author Folder ID
X
Site COM_INSTALLER_TYPE_ N/A 10175
X
Site COM_INSTALLER_TYPE_ N/A 10138
X
Site COM_INSTALLER_TYPE_ N/A 10157
X
Site COM_INSTALLER_TYPE_ N/A 10136
X
Site COM_INSTALLER_TYPE_ N/A 10194
X
Site COM_INSTALLER_TYPE_ N/A 10192
X
Site COM_INSTALLER_TYPE_ N/A 10193
X
Site COM_INSTALLER_TYPE_ N/A 10191
X
Site COM_INSTALLER_TYPE_ N/A 10139
X
Site COM_INSTALLER_TYPE_ N/A 10137

Will get back on this when I return to the UK. Thanks for your help so far.
Β Old and mostly in the way

Tuesday, 04 April 2017 01:19 CDT

nicholas
MySQLi, MySQL and PDOMySQL all use the same underlying database architecture: MySQL. The driver used to access MySQL is not a problem in the context of the issue we're handling.

All the attacks came from one IP address (62.232.196.123) making 1341 calls to that same url -- http://xxx.com/index.php/register-for-an-account?task=reset.request -- in less than 40 seconds.


OK, now we know why they were not blocked. What really happened is that all of the requests came at the same second, it just took Apache nearly a minute to process them. That's not bad considering just the volume of requests. The problem is that by the time Admin Tools was asking the database if there are any security exceptions from that IP address the table was not updated yet due to the way MySQL prioritizes work.

Is it connected with the fact that I have thses entries in Extensions / Manage / Manage


No, that's a different issue. In both cases something is missing from the database but the two issues are not linked in any way.

When you get back please take a look at the #__admintools_logs table. Find a row with the IP address 62.232.196.123 and please send me a copy or a screenshot of its contents. I would like to see what the database table has in the reason field for these entries.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 04 May 2017 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2017-05-04 17:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!