Support

Admin Tools

#9758 .htaccess hijacked the my live site index.html to the test site index.php

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 22 April 2011 02:15 CDT

timbreese
I recently created and saved an .htaccess file on a test site that is running on the same server as the live one. Unfortunately rather than protect the test site it is now redirecting the live harrychapinmusic.com/index.html to harrychapinmusic.com/index.php which is the test site.

What is the best way to protect the test site while preserving the URL resolving to the live site?

Thanks!

nicholas
Akeeba Staff
Manager
I assume that you transferred the dev site to the live site using Akeeba Backup. In this case, there is a post restoration configuration step you have to follow on the live site:
1. Remove the .htaccess file
2. Log in to your site's back-end
3. Go to Admin Tools, .htaccess Maker
4. Expand the last slider ("System Configuration")
5. In the two hostname fields, enter the domain name of your live site.
6. Click on "Save and Create .htaccess"

Checkmate :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
Thanks! I will try that. So can I put http://harrychapinmusic.com/index.html as the domain name? Right now it is only the difference between html and php which differentiates the live and the test sites.

I have also had a lot of weirdness happen with VirtueMart when I turned on the .htaccess i.e. missing product photos in modules and when logging in to the admin area it removes all of the template CSS formatting and I get text and links.

Perhaps it is better to wait until the site goes live before turning on the .htaccess but I have had issues with viruses on other Joomla sites in the past.

nicholas
Akeeba Staff
Manager
Admin Tools does not redirect index.html to index.php, but Joomla! itself essentially does if you have a menu item with an alias of "index". You will, of course, need to have a .htaccess file and you must not have a real file named index.html in your site's root.

Regarding VirtueMart, you may need to follow the advice on this documentation page to figure out if you need any exceptions. You should also turn off the Referer Filtering option in .htaccess Maker - VirtueMart is a bit naughty with the way it handles URLs and my inadvertently trigger that protection if it's enabled.

Regarding the problems you had with viruses, prevention is the best approach. On top of using Admin Tools' .htaccess Maker and the Web Application Firewall you have to ensure that you follow some sane administrative procedures:
1. Make sure you are always using the latest Joomla! 1.5.x release. Anything less and your site can be hacked.
2. Make sure you are using the latest release of all of your extensions (components, modules, plugins and templates). Especially with templates, many webmasters ignore them. Joomla! templates have more PHP code than artwork and are susceptible to vulnerabilities. Template clubs provide updates constantly. For instance, RocketTheme provides updates for its templates once or twice per month. You must install them, otherwise your site may be vulnerable.
3. Follow Joomla!VEL which lists vulnerable extensions. If you have one of the affected versions follow VEL's advice. For example, when we launched Admin Tools 1.1.2 we reported that all previous releases was susceptible to medium priority XSS attacks. VEL added that information on a green row. Green means that the latest version published by the author fixes the issue. Red rows means that there is no known workaround and the extension must be uninstalled.
4. Backup, backup and backup. Use daily (or more frequent) backups to an off-site location. If something goes wrong it's easier to trash the site and restore from a backup than trying to unhack it. Backups are the airbag and seatbelt of your site. You shouldn't ride a site without them ;) There are a lot of backup solutions. There's manual backups, there's Akeeba Backup (obviously!), there's XCloner and, of course, some less featured solutions out there. Pick one that suits your needs.

These are 4 very simple steps that can help you keep your site hack-free for a very long time.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
"Regarding VirtueMart, you may need to follow the advice "how to determine which exceptions are required" to figure out if you need any exceptions. You should also turn off the Referer Filtering option in .htaccess Maker - VirtueMart is a bit naughty with the way it handles URLs and my inadvertently trigger that protection if it's enabled."

You may have changed the name for the Referer Filtering option in AdminTools. Do you mean "Redirect index.php to the site's root"?

nicholas
Akeeba Staff
Manager
Ah, I typed that one too fast. I meant go to .htaccess Maker, expand the Server Protection slider and set "Anti-leech protection for static resources outside images/stories" to No, then Save and Create .htaccess. The anti-leech protection does referer filtering, hence the wrong mention of the label.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

timbreese
I'm now taking my site live and I am getting a 403 error when I try to test a registration through VirtueMart. I tried to check it with GoogleChrome Developer tools, but it didn't give me a clue. I turned off the Anti-Leech Protection.

What else could it be?

Thanks, Tim

slaes
Be sure to check administrator/components/com_virtuemart/virtuemart.cfg.php

Line 34 and 35 MUST Reflect you exact site address ot this will happen.


They Should read exactly like below

define( 'URL', 'http://www.site.com/' );
define( 'SECUREURL', 'http://www.site.com/' );

forget the end / and it'll break.

Also Note if you htaccess file is redirecting non www to www, the above MUST be www or it'll all break.

timbreese
OK- I figured it out I think- anyway the registration is now working. My SSL is registered under www.harry... so I directed the non-www URLs and now it is working. I'm glad that I checked the difference in the URLs on the pages that weren't working!

slaes
virtuemrt is a very sensative bi%c*. it hates beeing installed in one dir and then being moved stound, includig moved by htaccess.

nicholas
Akeeba Staff
Manager
VirtueMart is "special" in more ways than one :) You will certainly need to add more exceptions to the .htaccess Maker (if you use it) to let VM work correctly. IIRC, VM is using direct access to files in the administrator section, even some PHP files, to complete various tasks such as: adding items to the cart using Javascript; removing items from the cart; processing postbacks from payment gateways such as PayPal. It takes a lot of trial and error to get it set up properly.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!