Support

Support is part of Event Gallery Extended.

Please get a subscription if you need support. Feel free to use the ticket system or the contact form for reporting defects or pre-sale questions. Make sure you're logged in in order to be able to create a new ticket.

For general information you can also jump to the manual.

Subscribe now!

#3406 Akeeba Admin Tools .httaccess frontend protection

Posted in ‘Event Gallery Extended’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Latest post by sbluege on Sunday, 13 January 2019 14:19 UTC

Saturday, 12 January 2019 17:45 UTC

dpollez
Hi
I experience some potential problems on my sites where an url to an non-existing file or folder results in the display of the home page instead of the 404 error page.
I can prevent this using Akeeba Admin Tools .htaccess feature by setting Server protection/Frontend protection to ON.
But then, the eventgallery images are no longer displayed.
Again, I managed to solve this by adding the “components/com_eventgallery” folder to the “Allow direct access, including .php files, to these directories” list.
But I doubt that this is a good approach.
Can you enlighten me?
Thanks a lot.
Didier.

Saturday, 12 January 2019 18:08 UTC

sbluege
Hi,

To deliver images as fast as possible, the script image.php is used. It lives in the components folder. But it only serves cached files. If an image is not cached, index.php will calculate it. Whatever you do, I recommend to leave image.php executable.

A 404 is thrown if the folder or file does not exist. Do you have an example URL?

I guess you use locally stored files?

Saturday, 12 January 2019 19:49 UTC

dpollez
Thanks!

By adding “components/com_eventgallery/helpers/image.php” to “Allow direct access to these files“, eventgallery worked again.

Yes, I work with local files.

Some more information:
On my Joomla websites, some URL’s to non-existing files or folders result in displaying an existing page, mostly the Home page, just add the following to your website url :

/components/com_5starhotels/5starhotels.xml
or
/modules/mod_3dcloud/3dcloud.xml

or even parts of these.

(e.g. www.website.com/components/com_5starhotels/5starhotels.xml)

These directories do not exist, these extensions are never installed, there is no reference to such extensions nor folders in the databases, etc. I found these folder names via a friend who did some pentests, see info below

https://www.exploit-db.com/exploits/33566
https://www.exploit-db.com/exploits/7575

Didier.

Sunday, 13 January 2019 06:38 UTC

sbluege
Those are normal scans. I see them daily, too. Using Admin Tools I'm able to sort them out automatically and add another layout of protection.

Sunday, 13 January 2019 10:29 UTC

dpollez
Yes, Admin tools and Akeeba back-up are really essential tools, just as Event Gallery :-)
Thanks for your always great support.
Didier.

Sunday, 13 January 2019 14:19 UTC

sbluege
You're welcome.