Support

1. The overlaps are due to bugs in the chart library we use. You wouldn't know how hard it is to find a reliable JavaScript chart library which does not have requirements that cause conflicts with existing sites or a distribution license which requires charging for it unless you start looking for one. Since it only happens on very specific window sizes we decided to live with it.

Regarding the legend of the chart I'll have to take a look. Per the library's documentation there should be a color legend next to each item. I'll fix that for the next release.

2. This is correct and has always been the case. The attacker sent a spoofed, malicious string as their IP address. This is what triggered the MUAShield. This has been the case since Christmas 2015 when me and Davide fixed that Joomla security issue and included the detection code we developed during the development of said fix in Admin Tools. It can't work any other way. Remember, the problem in the first place is that the IP address Joomla sees is a spoofed, malicious string. So, not a bug.

3. Same as #2.

I had asked if there was a way to edit/view the entire MUA Shield string/message being sent FROM the administrator UI.

Go to Web Application Firewall, Security Exceptions Log and look at the IP address column. Or look at the email you received about this attack (if you have enabled the emails feature). I know that it looks like line noise or something missing, especially since it starts with a closing curly brace. I can assure you that it's a legitimate attack string and nothing is missing. I looked at your screenshots yet again, I can see the entire attack string.

Would it be possible to change that click (for MUA Shield) to show (on an 'edit screen') the entire string instead of going to the separate tab?

No. The link is generated by the IP lookup service configured in the Configure WAF page and the IP address of the attack. There is no logic in that step and adding some would be a massive performance issue, especially if you are viewing more than 10-20 records at a time. Also note that this would be completely unnecessary as you can already see the attack string in the IP address column.

Now, a quick update regarding 2 and 3. The chart library we use (jQPlot) makes an assumption about the font sizes and CSS properties of various elements. Unfortunately, its CSS is not very specific and only worked by accident in the previous versions. In Admin Tools 5 the CSS properties of the graph's elements -like size and borders- were normalized with the rest of the interface. This doesn't site very well with jQPlot which proceeds to rendering everything out of whack. I am addressing this by enforcing the old jQPlot CSS - until we replace it with something more modern.

So, next week's release will have workable charts again. Thank you for the bug report which prompted this debug session!