Support

Admin Tools

#32234 Suggestion / Feature request : Security report

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by Ch3vr0n on Thursday, 09 January 2020 10:17 CST

Wednesday, 08 January 2020 10:25 CST

Ch3vr0n
I'm using both AAT en AB to protect several client sites. Recently one's been wondering if maintenance they're paying for, is actually worth it, and paying off. Obviously to me it is, but telling that to clients isn't always easy.

Now this made me think, would it be possible to perhaps add a feature under "Tools" perhaps for a "Monthly/Yearly security report" and "'detailed report" that could be exported to PDF? Wouldn't have to be something fancy for my needs.

Just perhaps a configurable logo with contact info for the person in charge (maybe also required by the GDPR for anyone with access to the website backend?), The URL and site name for the protected site and the amount of intrusions prevented per detected category?

Kinda like the "Exceptions graph", "Exceptions per type" and "(detailed) statistics", but then on paper (or rather PDF, that can be turned into paper)

Having physical evidence would make it a whole lot easier to prove to clients they're getting what they're paying for.


Just wondering.

Thursday, 09 January 2020 04:15 CST

nicholas
There's a reason I will never implement such a feature. Nothing you do has a deterministic effect on the number of attacks your site receives.

Attacks are not like page views. There's a correlation between page views and the site's popularity. Therefore an SEO consultant can plausibly say that an increase in page views correlates with an increase in the site's popularity which correlates with their work. Therefore they can use the number of page views as a key performance indicator (KPI).

Attacks have nothing to do with a site's popularity. I've seen a half-forgotten site getting hammered with attacks by a stupid bot that wouldn't take a clue. I've seen popular sites receiving a fraction of that number of attacks. Evaluating your performance in securing a site using a number that's random and unrelated to your work is at best futile, at worst an exercise in futility.

The attack graph you see in the Control Panel page is not meant to be a performance indicator. It's a visualization of the trend of attacks. The reason it's there is that most attacks come in waves. I want to be able to tell at a glance if we're in the middle of a wave of attacks. Moreover, the breakdown per block category gives me useful insight in what attackers do and whether I have a problem I haven't seen. For example, if I see Admin Query String attacks on a site I have password protected the administrator I want to troubleshoot why the password protection didn't work in these cases. If I see a massive spike in DFIShield right after I install / update a frontend extension I suspect its developer is doing something stupid and I have to investigate. In other words these trend visualizations are only useful for troubleshooting, not as a performance indicator.

The only reasonable performance indicator for security is "how many times have you been hacked" and "how serious was the hack". If you can keep both indicators to 0 you're doing a stellar job – or you're lucky. You can't know which. If you did get hacked then your performance depends on how soon you found out, how bad was it, how fast you responded, whether you collected enough information to put adequate protections in place (instead of destroying all evidence in a crazed fit of sheer panic) and whether it happened again. In short, security calls for quantitative, not quantitative, performance indicators. It's like trying to come up with performance indicators for an R&D department.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 09 January 2020 10:17 CST

Ch3vr0n
No worries, was just a question. Thanks for the response! Guess they'll have to settle with what i give them then

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!