Support

Support is part of Event Gallery Extended.

Please get a subscription if you need support. Feel free to use the ticket system or the contact form for reporting defects or pre-sale questions. Make sure you're logged in in order to be able to create a new ticket.

For general information you can also jump to the manual.

Subscribe now!

#3406 – Akeeba Admin Tools .httaccess frontend protection

Posted in ‘Event Gallery Extended’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Saturday, 12 January 2019 17:45 UTC
dpollez
Hi
I experience some potential problems on my sites where an url to an non-existing file or folder results in the display of the home page instead of the 404 error page.
I can prevent this using Akeeba Admin Tools .htaccess feature by setting Server protection/Frontend protection to ON.
But then, the eventgallery images are no longer displayed.
Again, I managed to solve this by adding the “components/com_eventgallery” folder to the “Allow direct access, including .php files, to these directories” list.
But I doubt that this is a good approach.
Can you enlighten me?
Thanks a lot.
Didier.

Custom Fields

Event Gallery Version 3.10.10 (build 059d908)
Joomla Version 3.9.1.
URL  
PHP Version 7,1
 
Saturday, 12 January 2019 18:08 UTC
sbluege
Hi,

To deliver images as fast as possible, the script image.php is used. It lives in the components folder. But it only serves cached files. If an image is not cached, index.php will calculate it. Whatever you do, I recommend to leave image.php executable.

A 404 is thrown if the folder or file does not exist. Do you have an example URL?

I guess you use locally stored files?
 
Saturday, 12 January 2019 19:49 UTC
dpollez
Thanks!

By adding “components/com_eventgallery/helpers/image.php” to “Allow direct access to these files“, eventgallery worked again.

Yes, I work with local files.

Some more information:
On my Joomla websites, some URL’s to non-existing files or folders result in displaying an existing page, mostly the Home page, just add the following to your website url :

/components/com_5starhotels/5starhotels.xml
or
/modules/mod_3dcloud/3dcloud.xml

or even parts of these.

(e.g. www.website.com/components/com_5starhotels/5starhotels.xml)

These directories do not exist, these extensions are never installed, there is no reference to such extensions nor folders in the databases, etc. I found these folder names via a friend who did some pentests, see info below

https://www.exploit-db.com/exploits/33566
https://www.exploit-db.com/exploits/7575

Didier.
 
Sunday, 13 January 2019 06:38 UTC
sbluege
Those are normal scans. I see them daily, too. Using Admin Tools I'm able to sort them out automatically and add another layout of protection.
 
Sunday, 13 January 2019 10:29 UTC
dpollez
Yes, Admin tools and Akeeba back-up are really essential tools, just as Event Gallery :-)
Thanks for your always great support.
Didier.
 
Sunday, 13 January 2019 14:19 UTC
sbluege
You're welcome.
 
This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.