Support

Admin Tools

#29870 Cloaking & redirect

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 26 July 2018 17:17 CDT

Monday, 25 June 2018 16:10 CDT

b8fish
I have been using the native Joomla URL Components/Redirects.

Since the native Joomla Redirect feature is recording vast numbers of attempted penetrations via presumably vulnerable <extension>.php access attempts I was looking to add some to the Admin Tools cloaking list.

However, I still get 404 and not cloaked responses to these access attempts of these files - including the default files for wp-login etc.

Does the Admin Tools redirect work better with cloaking in that regard?

If so, can Redirected URLS from the native Joomla interface be imported into Admin Tools redirects?

Any other benefit to using Admin Tools' URL Redirect feature?

Tuesday, 26 June 2018 04:21 CDT

nicholas
Joomla's redirection component will hijack all 404 requests. If there is a redirection in place it will redirect you. When there is none set up it will record the URL accessed and how many times it was accessed.

Our feature will only work when there is an unhandled 404. If the file they are trying to access is something in the configured list instead of throwing a 404 error page we record a security exception.

Since Joomla's redirection plugin does not let any 404s pass through (in order to record unhandled URLs) it masks our 404Shield feature.

You can edit the System - Redirect plugin and set Collect URLs to False. This will prevent Joomla from collecting all unhandled URLs. However, this means that you no longer see records in your database about the attempts to access non-existent .php files. On the other hand, this lets our 404Shield feature work, therefore you get better protection against what is most definitely an attack on your site.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 26 July 2018 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2018-07-26 17:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!