Thank you.

James

I just upgraded to 2.0 RC2 and now every time I try to get to the site I get the Banned Message. I can get to the Administrator Login and the Anti-Hacker Login pages and log into each. Any clues about what has happened. My site is http://www.indymensa.org

James

Never mind.... The default security level was set at the highest level. Once I started bringing the level down the site worked fine.

James

Hi James,

I see you are using the RocketTheme template Vertigo and some Extensions from them.

It's a great site and a great developer team. But you have to add some strings to the whitelist first:

http://www.opensource-excellence.co.uk/ ... 0form#p991

Please try it and than set the security level at 7.

Best wishes,

Alex

To Alex, thank you!

To James, although bringing the security level down can solve the problem, I always recommend to set the security level to at Level 7 or above.

If you have set it to lower than Level 7, please let me know, and I will help you improve the security level.

Best wishes,
Helix

At first I had to set it to 5 just to submit news articles. After I added the whitelist items that you suggested I put the level up to 7 and all seems to be working.

Now I'm getting hundreds of the following messages from my own IP here at work:

A Suspicious injection exploit attempt was logged on .

IP Address: 10.255.255.79
URL:
Referer (if any):
Query String:
Violation:
__________________________
Open Source Excellence Antihacker Alert

In this case, please whitelist your IP, then you will not receive this anymore.

Hope this helps.
Helix

Hi James,

in addition to which Helix says please try the following attempts:

1. Please check if you are using Joomla! CMS 1.5.14 and the RocketTheme Template Vertigo 1.5.2!

If not, please update!

2. Please double check, if you have the current >> default_whitelist_02062009.zip << installed with the updater manager!

If not, please update it with the updater manager!

Don't forget to press then the Upgrade button on the Updater Manager's site!

3. Please check in your data base, if there are any entries in the >> jos_anti_hacker_iptable << after you have entered the following URL as a test in your browser: http://www.indymensa.org/?cmd=

If not, please reinstall (uninstall and then install) only the >> com_anti_hacker_030809.zip << with the Extension Manager.

Don't forget to press then the Upgrade button on the Anti Hacker Blacklist's site!

4. Please empty the folder /cache and /tmp and /administrator/cache

Best wishes,

Alex

I tried to whitelist my IP and it says it did it but it doesn't show up under the Whitelist section. I've uninstalled and reinstall ed Anti-Hacker with the new version and when I pressed on "Update" it says it failed. I purged all of the cache. I'm still getting all of the messages along with a new one:

An injection exploit attempt was logged on 2009-08-05 15:16:38.

IP Address: 10.255.255.79
URL: http://www.indymensa.org/ahacker/admini ... /index.php
Referer (if any): http://www.indymensa.orghttps://www.ind ... nti_hacker
Query String: REQUEST.__utmz=85203393.1239021889.1.1|||||.||u||t||m||c||s||r||=(direct)|utmccn=(direct)|utmcmd=(none)
Violation: Layer 2 Protection [Violation of Rules: 23; ] __________________________ Open Source Excellence Antihacker Alert

This is getting frustrating....

James

Hi James,

please add to the Whitelist Strings:

REQUEST.__utmz

This is caused by a cookie from a tracking program in java script, perhaps Google Analytics?

Best wishes,

Alex

Alex,

Woo Hoooo.... That seems to have taken care of all those messages finally and it has stopped banning me everytime I try to get to the site!! I still have to upgrade the template but I will probably get that tomorrow.

Thanks for all your help and Helix's help!

James