Support

Admin Tools

#40852 User blocked on fontend

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.4.3
PHP version
8.2.13
Admin Tools version
7.4.8 pro

Latest post by nicholas on Friday, 21 June 2024 09:58 CDT

Friday, 21 June 2024 06:30 CDT

Alfano

A work partner that usually navigates on the website frontend has been blocked by AT, with the message "You're a bad person" etc...

I am, of course, sure that no dangerous behavior has been done by this user.

Checking the blocked request log, I've seen his IP blocked for the reason "suspicious core parameter". The URL is a non-sef address, this:Β https://www.lalineascritta.it/component/search/?layout=j51_jasmine:alternative&id=101&Itemid=592&format=opensearch

That is very strange, since the site has only SEF URL's, and he navigates regularly going from homepage to other pages using menus, and did not use the search component.

I unblock and put in whitelist his IP when the problem occurs, but the issue keeps repeating apparently every time he changes IP (that it is not permanent=.

Can you please help?

Thanks

Marco

Friday, 21 June 2024 08:47 CDT

nicholas

The layout=j51_jasmine:alternative seems to be the problem. Can you try disabling the Suspicious Core Parameter feature and tell me if that stops this person from getting blocked?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 21 June 2024 09:19 CDT

Alfano

Did it, and it will probably solve the issue (I'll let you know).

But remains the question: how did this happen? What is the problem? Should the disabilitation of this parameter create more vulnerability over the site?

Thanks

Marco

Friday, 21 June 2024 09:58 CDT

nicholas

I believe that the problem is something I have already fixed quite a long time ago. Do note that you are a few versions behind; the current version is 7.5.4 and I could not reproduce this issue. I wanted to make sure this is the case on your site as well, and not a weird use case I have not encountered in the past. If you get no problems with this feature disabled the problem most likely is that you are a few versions behind.

In this case, I would recommend upgrading Admin Tools, and re-enabling the Suspicious Core Parameter feature. This feature is an additional check against potential bugs in extensions which shouldn't be a vulnerability vector but sometimes are (when a developer tries to handle these core parameters directly instead of letting Joomla do its own thing). Think of it as an additional safety net.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!