Support

Admin Tools

#28576 Security exception reason

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 08 November 2017 17:17 CST

Friday, 06 October 2017 10:08 CDT

user93357
Hi,

I installed AdminTools Pro on one of our website yesterday and configured everything to greatly increase the security.

But since this moment I only get the reason "Bad words filtering" on any security exception in the logs, the only entries configured in the bad words are "money" and "$$$" right now.

Some of them doesn't appear to be bad words filtering... or I may be wrong.

ex with our ip : 2017-10-06 14:50:07 UTC W.XY.Z Bad Words Filtering https://www.gem2b.fr/fr/?start=54

Can you confirm if it could be a bug ?

Thank you in advance for your answer.

I can provide details for helping purpose or access.

Best regards.

Julie

Friday, 06 October 2017 10:22 CDT

nicholas
No, it's not a bug. It just happens that you are currently only getting this kind of attacks.

Please remember that the majority of bad word filtering is done on POST content. POST content does not appear in the URL. It's something sent to the URL. Basically, you are fighting off stupid spammers. Just bear with it. They will eventually figure out they are getting blocked and move elsewhere.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 06 October 2017 10:27 CDT

user93357
Ok, that seemed strange because it raised exception based on my own navigation and it wasn't matching my bad words entries.

Thank you for your quick response.

Is there a way to submit ideas or improvements perhaps, for example I wasn't able just to hide the generator tag instead of obfuscating it ?

Anyway thank you again for your great work and support.

Best regards.

Julie

Saturday, 07 October 2017 03:01 CDT

nicholas
I can tell you as a certainty that there is NO WAY WHATSOEVER that you get the wrong kind of security exception. This is why we have automated tests which are run against five different Joomla! version families before each release.

What is very likely to happen is that you are matching something very generic, like money and $$$, which are likely to be used in POST variable names that you do not see. Therefore you are correctly being blocked.

Is there a way to submit ideas or improvements perhaps, for example I wasn't able just to hide the generator tag instead of obfuscating it ?


No, you cannot completely remove the generator tag because of the way the Joomla! API handles it.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 08 October 2017 11:53 CDT

user93357
Thank you for all your answers.

Julie

Wednesday, 08 November 2017 17:17 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2017-11-08 17:17 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!