Support

Admin Tools

#31401 Backend Edit Admin User & Frontend Edit Admin User blocking

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Monday, 22 July 2019 17:17 CDT

trogladyte
have a site which is having these blocking errors appearing. The client is logging in to use EasyBlog and is getting hit with this. What setting (I looked and couldn't see what) do I need to adjust to stop this? Thanks.

dlb
Go to Web Application Firewall, Configure WAF, to the Hardening Options tab. The two settings that are causing you problems are "Disable editing backend users' properties" and "Disable creating / editing backend users from the frontend".

The intent of the first one is to keep users from changing their own settings - including escalating their privileges.

The second one is to stop privilege escalation from the front end.

Your blog extension is writing something back to the user account, which violates these two settings. You're going to have to disable both settings in order to use the blog extension.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

trogladyte
Thanks for the reply Dale.

I have disabled both so we'll see how it goes. Interestingly, I use EasyBlog on multiple sites and this is the only time I've ever had this issue (though that could be due to both recently being updated). I had also, prior to writing, added com_easyblog to the WAF Exceptions list, but, unlike I expected, this did not bypass the blocking. Am I incorrect in expecting adding to this area makes Admin Tools ignore that particular extension?

dlb
I can tell that EasyBlog is trying to write something to the users table. I'm not familiar with EasyBlog, so I don't know what it's trying to write. It is possible that the other installations are configured differently and do not try to write to the users table. That would explain why only this one has the problem.

The WAF Exception was a good idea. In this particular case it didn't override the security settings on on the users table. Admin Tools ignored where the change was coming from and enforced the table protection.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

trogladyte
OK thanks for the explanation. I'll write to StackIdeas (who publish EB) and see what they say. I suspect the write that's happening is that, when a new post (or edit too I guess) is done, EB assigns it's ownership to an Author. I bet it's this interaction that is triggering Admin Tools.

Cheers

dlb
You're welcome!


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!