Support

Admin Tools

#27768 Feature Request: daily email summary of events

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 17 May 2017 04:10 CDT

Tuesday, 16 May 2017 19:01 CDT

teamtmedia
 As we all know the first time you switch on Admin Tools we are captivated for a while by the numerous emails. Then we reduce them down. It would be remiss not to know about IP blocks as that is your own personal definition of "bad visit". For me, as an administrator of a number of client sites, this information can get a bit annoying, particularly during larger scale bot activity.

It would be nice to receive an email at a given interval with a summary instead of individual emails (naturally with certain incident types given the ability to send email individually).

"For this given period site xxxxxx.com has experienced:

39 Honeypot events
12 IP blocks
etc

As a furtherance to this we would be able to define a longer period to send out to customers to demonstrate the worth of our solutions. If my customers understood quite how many attempts happened on their site each month (even though the majority are weak) it would add value to what we do.....and as we know that is the best way to keep our customers happy and paying.

As always, thanks for the amazing and completely indispensable extensions!

Wednesday, 17 May 2017 01:36 CDT

nicholas
There's a reason we didn't implement that.

First of all, not all exception records are kept in the database. Older records are removed automatically, per the plugin's settings, to avoid filling up your database tables. Even a single day's result would be inaccurate if you are under attack.

Moreover, not all blocks are (or should be) logged. When a repeat offender is detected their IP is blocked. When the retry to access your site they are blocked and no event is recorded. This lowers the number of attacks recorded and it's exactly what you are striving for. You want to catch repeat offenders fast and block them. If you were to start recording blocked IPs you are performing a Denial of Service on your site which is counterproductive at best.

Then again, what is "the last day"? Is it midnight to midnight? Is it defined by working hours? Is weekend a singe day? Whose midnight (your midnight in the UK and mine in Cyprus are two very different absolute times)?

Also, how is that sent? Well, obviously by email, but how is that email generated? Do you set up a CRON job? Do you use a plugin and hope that there's enough traffic around the time of the day you roughly expect the report to be generated?

Finally, such a metric is utter nonsense. I would rather see ZERO attacks in my WAF log. Why? Because that means that my server administrators are doing their job properly, catching most attacks either at the OS level (e.g. iptables) or at the web server level (e.g. mod_security2 with a carefully groomed rule set). By the time a potentially malicious request has reached my web application I know that the server defenses have failed and I'm down on my last line of defense (or dealing with a false positive or an emerging threat). If I see my last line of defense being bombarded, day in and day out, especially with low priority attacks which are easily filtered out at the web server level, I know that I am on a low quality host.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 17 May 2017 03:25 CDT

teamtmedia
Fair enough. As always you know this arena better than anyone and I am glad to have your expertise on my side. I'm surprised to hear that you think this is a low quality host. I am hosted by the foremost Joomla hosting option. I'll feed this back to them.

Wednesday, 17 May 2017 04:10 CDT

nicholas
I think you missed some of my points. If you see several hundreds to thousands (I did say "bombarded"!!!!!!) of low priority attacks which can be caught by a web server level firewall daily, per site, then you have a problem with your host. From what I see you are getting a tiny amount of attacks. My sites also get a few dozen attacks per day, attacks which cannot be blocked by a web server level firewall (they depend on knowing the application state). God forbid I took that to mean that SiteGround and Rochen -the hosts I'm using- are low quality!

Please use common sense and try to read what I say, not what you think I said. They are two diametrically opposite things! Also kindly link your comments to your host to what I HAVE ACTUALLY SAID so that they know that the idiot comments do not come from me. Thanks.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!