Support

Admin Tools

#40171 Should I add spammy 404 links to Admin tools?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 22 January 2024 11:55 CST

Friday, 19 January 2024 16:36 CST

UglyEoin

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

 

No matter the site I'm constantly getting spammy 404s in Joomla redirects.  It's a bit of a chore to manage them when real redirects may need to be created.  They are often things like /wp-admin which I see is taken account of in Admin Tools. 

 

I was wondering if it was worth adding these links to Admin Tools in your opinion?  They are things like /oldsite /newsite /test.php /demo.php and various other well thought out names that people would commonly use when they start out developing. 

 

My main reason for asking is to reduce the chance of being hacked, reduce server load, reduce redirect admin and I was wondering if there would be an SEO benefit.

 

So  my next question would be if it is worth doing, is there an easy way to copy and paste these hundreds of links into Admin Tools rather than one at a time?

 

Also whilst I'm asking the question I have a common list of files that I allow access to in the .htaccess maker, is there an easy way to add them all in bulk from one site to the next?

Monday, 22 January 2024 02:36 CST

nicholas

As to whether it makes sense: I would say no, it does not. I would just write .htaccess RewriteRules to return a 403 when these spammy URLs are being accessed. There is no point wasting resources to handle what's a simple probe for forgotten stuff on your site.

The reason we treat the WP URLs differently is that, if you've noticed, they're all URLs which can take parameters that perform actions in WordPress. There's more than a decent chance that someone accessing those WP URLs is not just probing for something forgotten on your site, but actively trying to attack it. Therefore, it makes sense to spend some resources to block them entirely, confusing them in the process as to what kind of site they were trying to attack.

As to whether there's any SEO benefit from blocking spammy URLs: none, whatsoever. These are 404s anyway. They don't participate in search engine results.

Now, about importing.

There is no easy way to import hundreds of URLs into 404Shield. Its configuration is part of the WAF configuration which is a JSON document stored in the #__admintools_storage table under the key cparms. Depending on the MySQL / MariaDB version you have you could create an UPDATE query targeting the $.404shield array in the JSON document.

Likewise, there is no easy way to import anything to the .htaccess Maker for the same reason.

You can, however, export all your Admin Tools settings to a JSON file and edit that file. Remove all the keys you don't want to be modified. Update the keys you do want to modify. Now import the resulting file into another Admin Tools installation and these keys from the file are immediately replaced by the contents of the file. Therefore, you get what you asked for, just a bit indirectly. This is what I am doing when updating dev sites across a fairly large number of environments (there are a lot of physical machines, live hosts, and containerised installations I use for development, validation, and debugging). We even expose those things in the CLI to make automated deployments, e.g. using Ansible, Chef, Puppet, etc possible.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 22 January 2024 08:54 CST

UglyEoin

Awesome, that solution could work, thanks, appreciate you taking the time to give me a solution.

Monday, 22 January 2024 11:55 CST

nicholas

You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!