Support

Admin Tools

#38342 php file scanner

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.2.6
PHP version
8.0.27
Admin Tools version
7.2.1

Latest post by nicholas on Tuesday, 17 January 2023 03:59 CST

Tuesday, 17 January 2023 03:24 CST

christianlocal

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

 

Greetings, I have recently started to look at the PHP file scanner. I have attached my latest scan. I am on a pretty decent Digital Ocean Droplet and a server company called server surgeon is managing it for me. However recently I have had many "strange" events happening. Permissions changing, menu items being deleted...etc.  Now most of it could be chalked up to me just overlooking things...maybe..others I am not sure. Please have a look at the attached file and give me your thoughts. Is this normal stuff? I am using Virtualmin for a management tool and have phpmyadmin module loaded separately also.  Thank you for your help. I must say out of all the components, custom or not, Admin tools is by far the most important one of all and has saved my butt numerous times. Thank you...

Tuesday, 17 January 2023 03:59 CST

nicholas

Since this is the initial scan we can't make a very good guess. Most of what I see I recognise and know they are very likely legit. Keep running scans on a schedule, following the instructions in the documentation on how to read and use the scans. It will help a lot with spotting changes in files.

Now, about your issues in Joomla, do make use of Joomla's User Activity Log. Enable all plugins in the "actionlog" group and the “System - User Actions Log” plugin. This will keep a log of everything you or anyone else logged into the site is doing. If you spot something on the site being off, take a look at the activity log. I am pretty sure it's a change you forgot you made, or a change you made by accident. It happens to all of us.

Also ask the management company if they are the ones changing permissions — I think they do, possibly on a schedule. If the changed permissions are a problem for you they will need to modify the web server configuration.

Regarding phpMyAdmin, I very strongly advise protecting its folder with a username and a password. Ask the management company to do that for you. It will basically be a slight variation of what you see in https://www.ionos.com/digitalguide/server/configuration/password-protect-a-directory-with-apache/ for example. This will make sure that an attacker couldn't just use phpMyAdmin directly.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!