Support

** OOPS!! ** I found the whitelist when I went to turn off the bad behavior monitor. Doh! [Homer Simpson slap to forehead]

Well, this is interesting. We have sucuri monitoring all sites now. It ran into Admin Tools today. Admin Tools interpreted "bad behavior", blocked sucuri.net and asked me if I wanted to add the IP to the blacklist.

Actually, I would like to add them to a whitelist, but I do not see a whitelist (except for Admin access).

My custom message for bad behavior block was delivered in a 403 page to Sucuri, who then forwarded it to me as blocked by them (the 403 page is blocked).

Hmmmm... what to do, except to turn off the block for bad behavior? Temporarily?

Thanks. We have been on steep learning curve. A site (not one of mine) was compromised. They had not yet implemented the firewall. Some of the firewall options look like they could have prevented (insertion into PHP files to send SPAM).

So we are cranking up the Admin Tools settings now on all sites. More reading of the manual, etc.

my 2 cents randy, admin tools is a great compliment and for any joomla sites invaluable, IMHO.

However having a properly locked down and optioned server is equally as important, and this aint a 5 minute job. Things like a strong custom mod security rule set will block most if not all php and sql injection attempts.

Hi, Slaes: The problem here would be "strong custom mod security rule set" ...

I do not have the skills to do that.

that's cool man, do a little research on it and you will be fine, its all very easy. as a start, make sure your box has the latest version of mode security. You can ask your host (if they are any good) to install something like atomi corp rule set, its very good. next, go through your server step by step and make sure crap like globals isnt on and etc, have faith in your abaility and google is definately your friend which will answer most things for you. you can do it !!

Thank you, Slaes and Nicholas. I appreciate it!

"the latest version of mode security"
What is that? Where do I get it?

"atomi corp rule set"
Thanks. I will look into that. My host will not be told what to do. They know everything.

"make sure crap like globals isnt on and etc"
What is "globals"... and what is "etc"... remember, we do not know this stuff. There are other areas you could ask me about, and your mind would go numb if I explained fine points and details, BUT I WOULD EXPLAIN THEM until you understood them. Ask me about the billion micro-organisms in a teaspoon of soil. Then make a pot of coffee while we explore that.

what kind of server do you have? If your running a shared hosting account, then all above is irrelevant and your controls are limited. Your basically at the mercy of other users on that box. Simply put, if someone else on the servers account is compromised due to their poor security, nothing aside from backups, will save you.

Some may agree or disagree, however IMHO if your serious about security, you need a dedicated server and a premium web host. Simple as that.

Premium Web Host = A host who own and operate their own data centers, have 24/7 365 phone support and answer that phone each and every time within 60 seconds. Simply put, you get exactly what you pay for.

I have dealt with doezens of hosts and none even come close to comparing to, http://www.liquidweb.com/
Dont take my word for it, google them, see for yourself. The support structure is insane. They own 3 data centers worth 100 od MIL each.

Once you have a top notch host, then your ready to learn about apache, mod_sec among other things.

Hi, Slaes: Yes, I have a shared hosting account on a famous host.

I am not a server manager. What would the world do without my contribution if I were to spend my time learning to run a server.

This is NOT what I do. I cannot do what I do do and also learn what you do.