Admin Tools User's Guide Nicholas K. Dionysopoulos Admin Tools User's Guide Nicholas K. Dionysopoulos Publication date December 2011 Abstract This book covers the use of the Admin Tools site security component, module and plugin bundle for Joomla!™ - powered web sites. Both the free Admin Tools Core and the subscription-based Admin Tools Professional editions are completely covered. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the appendix entitled "The GNU Free Documentation License". Table of Contents 1. Getting Started ............................................................................................................................... 1 1. What is Admin Tools? ............................................................................................................. 1 1.1. Disclaimer ................................................................................................................... 2 1.2. The philosophy ............................................................................................................ 3 2. Server environment requirements ............................................................................................... 4 3. Installing Admin Tools ............................................................................................................ 5 3.1. Normal installation ....................................................................................................... 5 3.2. Manual installation ....................................................................................................... 5 4. Quick Setup ........................................................................................................................... 6 2. Using Admin Tools ......................................................................................................................... 8 1. The Control Panel ................................................................................................................... 8 2. Updating Joomla! ................................................................................................................... 9 3. Fixing the permissions of files and directories ............................................................................ 12 3.1. Configuring the permissions of files and directories .......................................................... 13 4. Emergency Off-Line Mode ..................................................................................................... 14 5. Protect your administrator back-end with a password ................................................................... 17 6. The .htaccess maker ............................................................................................................... 18 6.1. Basic Security ............................................................................................................ 20 6.2. Server protection ........................................................................................................ 21 6.2.1. How to determine which exceptions are required .................................................... 24 6.3. Custom .htaccess rules ................................................................................................. 28 6.4. Optimisation and utility ............................................................................................... 28 6.5. System configuration ................................................................................................... 29 7. Web Application Firewall ....................................................................................................... 30 7.1. Configure .................................................................................................................. 31 7.1.1. Help, I have been locked out of my site's administrator area! .................................... 39 7.2. Exceptions ................................................................................................................. 40 7.3. Administrator IP Whitelist ............................................................................................ 41 7.4. Site IP Blacklist ......................................................................................................... 42 7.5. Anti-spam Bad Words ................................................................................................. 43 7.6. Security Exceptions Log .............................................................................................. 43 7.7. Geographic blocking ................................................................................................... 44 8. Database tools ...................................................................................................................... 45 9. Changing your database table prefix ......................................................................................... 46 10. Changing your database collation ........................................................................................... 47 11. Changing your Super Administrator ID ................................................................................... 47 12. The PHP File Scanner .......................................................................................................... 50 12.1. How does it work and what should I know? ................................................................... 51 12.2. Configuration ........................................................................................................... 53 12.3. Scanning and administering scans ................................................................................ 54 12.4. Reading the reports ................................................................................................... 54 12.5. Automating the scans (CRON jobs) .............................................................................. 56 13. SEO and Link Tools ............................................................................................................ 57 14. URL Redirection ................................................................................................................. 59 15. Cleaning your temporary files directory ................................................................................... 60 16. Protecting Admin Tools with a password ................................................................................. 61 17. Access Control .................................................................................................................... 62 17.1. Joomla! 1.5 .............................................................................................................. 62 17.2. Joomla! 1.6/1.7 and later ............................................................................................ 63 18. The "System - Admin Tools" plugin ....................................................................................... 63 A. GNU General Public License version 3 ............................................................................................ 66 iii Admin Tools User's Guide B. GNU Free Documentation License .................................................................................................. 76 iv Chapter 1. Getting Started 1. What is Admin Tools? Admin Tools is a software bundle composed of a Joomla! component, a module and a plugin with the main objective to enhance the security and performance of your site, as well as make the site administrator's life a bit easier by automating common tasks. Admin Tools uses a native Joomla! component and plugin and is 100% compatible with Joomla! 1.5, Joomla! 1.6, Molajo and Nooku Server. No need to touch php.ini files, no need to perform any kind of server-side configuration and no need to modify or move core Joomla! files. In a nutshell, Admin Tools has the following features: • Joomla! core updater [updating-joomla], to keep your Joomla! installation up-to-date. If you have Akeeba Backup 3.1 or later installed, it can automatically backup your site before updating it. An icon in your administrator's control panel page will make sure that you will never forget an update. • Permissions fixer [fixing-permissions], so that you are never caught with files or directories with 0777 permissions. You can even customize the permissions per directory or even per file. • Administrator password protection [admin-pw-protection], to add an extra layer of password protection before any- one can access your administrator area • Administrator query string protection, so that your administrator area is only visible if someone uses a secret URL parameter, i.e. http://www.example.com/administrator?secret (Professional release only, part of the Web Applica- tion Firewall [web-application-firewall]) • .htaccess maker [htaccess-maker], allowing you to tailor a .htaccess file for your site which enhances your site's security and blocks out virtually all fingerprinting and the most common exploit attacks (Professional release only). • Emergency Off-Line Mode [emergency-offline-mode], which really puts your site off-line, unlike Joomla!'s off- line feature which simply hides the component output. • PHP File Change