| Current File : /home/pacjaorg/.trash/administrator/components/com_admintools/sql/xml/mysql.xml |
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ @package admintools
~ @copyright Copyright (c)2010-2020 Nicholas K. Dionysopoulos / Akeeba Ltd
~ @license GNU General Public License version 3, or later
-->
<schema>
<!-- Metadata -->
<meta>
<!-- Supported driver types -->
<drivers>
<driver>mysql</driver>
<driver>mysqli</driver>
<driver>pdomysql</driver>
</drivers>
</meta>
<!-- SQL commands to run on installation and update -->
<sql>
<!-- Create the #__admintools_acl table if it's missing -->
<action table="#__admintools_acl" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_acl` (
`user_id` bigint(20) unsigned NOT NULL,
`permissions` mediumtext,
PRIMARY KEY (`user_id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_adminiplist table if it's missing -->
<action table="#__admintools_adminiplist" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_adminiplist` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`ip` varchar(255) DEFAULT NULL,
`description` varchar(255) DEFAULT NULL,
UNIQUE KEY `id` (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_badwords table if it's missing -->
<action table="#__admintools_badwords" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_badwords` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`word` varchar(255) DEFAULT NULL,
UNIQUE KEY `id` (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_customperms table if it's missing -->
<action table="#__admintools_customperms" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_customperms` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`path` varchar(255) NOT NULL,
`perms` varchar(4) DEFAULT '0644',
UNIQUE KEY `id` (`id`),
KEY `#__admintools_customperms_path` (`path`(100))
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_filescache table if it's missing -->
<action table="#__admintools_filescache" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_filescache` (
`admintools_filescache_id` bigint(20) NOT NULL AUTO_INCREMENT,
`path` varchar(2048) NOT NULL,
`filedate` int(11) NOT NULL DEFAULT '0',
`filesize` int(11) NOT NULL DEFAULT '0',
`data` blob,
`checksum` varchar(32) NOT NULL DEFAULT '',
PRIMARY KEY (`admintools_filescache_id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_ipautoban table if it's missing -->
<action table="#__admintools_ipautoban" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_ipautoban` (
`ip` varchar(255) NOT NULL,
`reason` varchar(255) DEFAULT 'other',
`until` datetime DEFAULT NULL,
UNIQUE KEY `#__admintools_ipautoban_ip` (`ip`(100))
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_ipblock table if it's missing -->
<action table="#__admintools_ipblock" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_ipblock` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`ip` varchar(255) DEFAULT NULL,
`description` varchar(255) DEFAULT NULL,
UNIQUE KEY `id` (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_log table if it's missing -->
<action table="#__admintools_log" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_log` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`logdate` datetime NOT NULL,
`ip` varchar(40) DEFAULT NULL,
`url` varchar(10240) DEFAULT NULL,
`reason` enum('other', 'admindir', 'awayschedule', 'adminpw','ipwl','ipbl','sqlishield','antispam','tpone','tmpl','template','muashield','csrfshield','badbehaviour','geoblocking','rfishield','dfishield','uploadshield','xssshield','httpbl','loginfailure','securitycode', 'sessionshield', 'external', 'nonewadmins', 'nonewfrontendadmins', 'configmonitor', 'phpshield', '404shield') DEFAULT 'other',
`extradata` mediumtext,
UNIQUE KEY `id` (`id`),
KEY `#__admintools_log_logdate_reason` (`logdate`, `reason`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_redirects table if it's missing -->
<action table="#__admintools_redirects" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_redirects` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`source` varchar(255) DEFAULT NULL,
`dest` varchar(255) DEFAULT NULL,
`ordering` bigint(20) NOT NULL DEFAULT '0',
`published` tinyint(1) NOT NULL DEFAULT '1',
`keepurlparams` tinyint(1) NOT NULL DEFAULT '1',
UNIQUE KEY `id` (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_scanalerts table if it's missing -->
<action table="#__admintools_scanalerts" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_scanalerts` (
`admintools_scanalert_id` bigint(20) NOT NULL AUTO_INCREMENT,
`path` varchar(2048) NOT NULL,
`scan_id` bigint(20) NOT NULL DEFAULT '0',
`diff` mediumtext,
`threat_score` int(11) NOT NULL DEFAULT '0',
`acknowledged` tinyint(4) NOT NULL DEFAULT '0',
PRIMARY KEY (`admintools_scanalert_id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_scans table if it's missing -->
<action table="#__admintools_scans" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_scans` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`comment` longtext,
`scanstart` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
`scanend` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00',
`status` enum('run','fail','complete') NOT NULL DEFAULT 'run',
`origin` varchar(30) NOT NULL DEFAULT 'backend',
`totalfiles` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `idx_stale` (`status`,`origin`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_storage table if it's missing -->
<action table="#__admintools_storage" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_storage` (
`key` varchar(255) NOT NULL,
`value` longtext NOT NULL,
PRIMARY KEY (`key`(100))
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_wafexceptions table if it's missing -->
<action table="#__admintools_wafexceptions" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_wafexceptions` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`option` varchar(255) DEFAULT NULL,
`view` varchar(255) DEFAULT NULL,
`query` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<action table="#__admintools_wafblacklists" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_wafblacklists` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`option` varchar(255) NOT NULL,
`view` varchar(255) NOT NULL,
`task` varchar(255) NOT NULL,
`query` varchar(255) NOT NULL,
`query_type` varchar(1) NOT NULL,
`query_content` varchar(255) NOT NULL,
`verb` varchar(6) NOT NULL,
`application` enum('site','admin','both') NOT NULL DEFAULT 'site',
`enabled` TINYINT(3) NOT NULL DEFAULT 1,
PRIMARY KEY (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Create the #__admintools_profiles table if it's missing -->
<action table="#__admintools_profiles" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_profiles` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`description` varchar(255) NOT NULL,
`configuration` longtext,
`filters` longtext,
PRIMARY KEY (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<action table="#__admintools_waftemplates" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_waftemplates` (
`admintools_waftemplate_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`reason` varchar(255) NOT NULL,
`language` varchar(10) NOT NULL DEFAULT '*',
`subject` varchar(255) NOT NULL,
`template` text NOT NULL,
`enabled` TINYINT(3) NOT NULL DEFAULT 1,
`email_num` tinyint(3) unsigned NOT NULL,
`email_numfreq` tinyint(3) unsigned NOT NULL,
`email_freq` enum('','second','minute','hour','day') NOT NULL DEFAULT '',
`created_on` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`created_by` bigint(20) NOT NULL DEFAULT '0',
`modified_on` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified_by` bigint(20) NOT NULL DEFAULT '0',
PRIMARY KEY (`admintools_waftemplate_id`),
UNIQUE KEY `#__admintools_waftemplate_keylang` (`reason`(100),`language`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<action table="#__admintools_ipautobanhistory" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_ipautobanhistory` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`ip` varchar(255) NOT NULL,
`reason` varchar(255) DEFAULT 'other',
`until` datetime DEFAULT NULL,
PRIMARY KEY `id` (`id`)
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<action table="#__admintools_cookies" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_cookies` (
`series` varchar(255) NOT NULL,
`client_hash` varchar(255) NOT NULL,
`valid_to` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
PRIMARY KEY (`series`(100))
) DEFAULT COLLATE utf8_general_ci;
]]></query>
</action>
<!-- Insert into #__admintools_profiles if id=1 is not there -->
<action table="#__admintools_profiles" canfail="1">
<condition type="equals" operator="not" value="1"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_profiles` WHERE `id` = 1;
]]></condition>
<query><![CDATA[
INSERT IGNORE INTO `#__admintools_profiles`
(`id`,`description`, `configuration`, `filters`) VALUES
(1,'Default PHP Change Scanner Profile','','');
]]></query>
</action>
<action table="#__admintools_redirects" canfail="1">
<condition type="missing" value="keepurlparams"/>
<query><![CDATA[
ALTER TABLE `#__admintools_redirects` ADD COLUMN `keepurlparams` tinyint(1) NOT NULL DEFAULT '1' AFTER `published`;
]]></query>
</action>
<action table="#__admintools_log" canfail="1">
<condition type="index" value="idx_admintools_log_logdate_reason" />
<query><![CDATA[
ALTER TABLE `#__admintools_log` DROP KEY `idx_admintools_log_logdate_reason`;
]]></query>
</action>
<action table="#__admintools_log" canfail="1">
<condition type="index" value="#__admintools_log_logdate_reason" operator="not" />
<!-- Keep top 1000 rows for performance reasons (we are going to regenerate the indices) -->
<query><![CDATA[
DELETE FROM `#__admintools_log` where ID < (
SELECT CAST(`AUTO_INCREMENT` AS SIGNED) - 1000
FROM (
SELECT `AUTO_INCREMENT`
FROM INFORMATION_SCHEMA.TABLES
WHERE `TABLE_SCHEMA` = DATABASE() AND `TABLE_NAME` = '#__admintools_log'
) a
);
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_log` ADD KEY `#__admintools_log_logdate_reason` (`logdate`, `reason`);
]]></query>
</action>
<action table="#__admintools_log" canfail="1">
<condition type="true"/>
<query><![CDATA[
ALTER TABLE `#__admintools_log` CHANGE `reason` `reason` ENUM(
'other','adminpw','ipwl','ipbl','sqlishield','antispam', 'wafblacklist',
'tpone','tmpl','template','muashield','csrfshield','badbehaviour',
'geoblocking','rfishield','dfishield','uploadshield','xssshield',
'httpbl', 'loginfailure', 'securitycode', 'external', 'awayschedule', 'admindir', 'sessionshield',
'nonewadmins', 'nonewfrontendadmins', 'configmonitor', 'phpshield', '404shield');
]]></query>
</action>
<action table="#__admintools_waftemplates" canfail="1">
<condition type="equals" value="0"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_waftemplates`;
]]></condition>
<query><![CDATA[
INSERT INTO `#__admintools_waftemplates` (`admintools_waftemplate_id`, `reason`, `language`, `subject`, `template`, `enabled`, `email_num`, `email_numfreq`, `email_freq`, `created_on`, `created_by`, `modified_on`, `modified_by`)
VALUES
(NULL, 'all', '*', 'Security exception on [SITENAME]', '<div style=\"background-color: #e0e0e0; padding: 10px 20px;\">\r\n<div style=\"background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;\">\r\n<p>Hello,</p>\r\n<p>We would like to notify you that a security exception was detected on your site, [SITENAME], with the following details:</p>\r\n<p>IP Address: [IP] (IP Lookup: [LOOKUP])<br />Reason: [REASON]</p>\r\n<p>If this kind of security exception repeats itself, please log in to your site\'s back-end and add this IP address to your Admin Tools\'s Web Application Firewall feature in order to completely block the misbehaving user.</p>\r\n<p>Best regards,</p>\r\n<p>The [SITENAME] team</p>\r\n</div>\r\n<p style=\"font-size: x-small; color: #667;\">You are receiving this automatic email message because you are an administrator in <em>[SITENAME]</em>. <span style=\"line-height: 1.3em;\">Do not reply to this email, it\'s sent from an unmonitored email address.</span></p>\r\n</div>', 1, 5, 1, 'hour', '2014-04-14 14:36:34', 800, '2014-04-14 14:42:38', 800),
(NULL, 'user-reactivate', '*', 'User account temporarily blocked on [SITENAME]', '<div style=\"background-color: #e0e0e0; padding: 10px 20px;\">\r\n<div style=\"background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;\">\r\n<p>Hello,</p>\r\n<p>We have detected several failed attempts to log in with user account [USER] on our site [SITENAME]. As a result, our system has automatically put a temporary block on the user account on [DATE].</p>\r\n<p>If you believe that you are getting this message in error, i.e. it was you who accidentally tried logging in with the wrong password, please click on the following link to lift the temporary block from your user account again:<br /><a href=\"[ACTIVATE]\">[ACTIVATE]</a></p>\r\n<p>Best regards,</p>\r\n<p>The [SITENAME] team</p>\r\n</div>\r\n<p style=\"font-size: x-small; color: #667;\">You are receiving this automatic email message because you have a user account in <em>[SITENAME]</em>. <span style=\"line-height: 1.3em;\">Do not reply to this email, it\'s sent from an unmonitored email address.</span></p>\r\n</div>', 1, 0, 0, '', '2014-04-24 14:44:49', 800, '0000-00-00 00:00:00', 0);
]]></query>
</action>
<action table="#__admintools_waftemplates" canfail="1">
<condition type="equals" value="0"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_waftemplates` WHERE `reason` = 'adminloginfail';
]]></condition>
<query><![CDATA[
INSERT INTO `#__admintools_waftemplates` (`reason`, `language`, `subject`, `template`, `enabled`, `email_num`, `email_numfreq`, `email_freq`, `created_on`, `created_by`, `modified_on`, `modified_by`)
VALUES
('adminloginfail', '*', 'Failed administrator login for user [USER] on [SITENAME]', '<div style=\"background-color: #e0e0e0; padding: 10px 20px;\">\r\n<div style=\"background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;\">\r\n<p>Hello,</p>\r\n<p>We would like to notify you that user <strong>[USER]</strong> did <strong>not</strong> log in successfully to the administrator back-end area of your site, [SITENAME]. <span style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">Further information:</span></p>\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">Username: [USER]<br />IP address: [IP] ([LOOKUP])<br />Country*: [COUNTRY]<br />Continent*: [CONTINENT]<br />Browser User Agent string: [UA]</p>\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">* Country and continent information availability and accuracy depend on the GeoIP database installed on your site.</p>\r\n<p>If this is expected you do not need to do anything about it. If you suspect a hacking attempt, please log in to your site\'s back-end immediately and activate Admin Tools\' Emergency Off-Line mode at once.</p>\r\n<p>Best regards,</p>\r\n<p>The [SITENAME] team</p>\r\n</div>\r\n<p style=\"font-size: x-small; color: #667;\">You are receiving this automatic email message because you are an administrator in <em>[SITENAME]</em>. <span style=\"line-height: 1.3em;\">Do not reply to this email, it\'s sent from an unmonitored email address.</span></p>', 1, 5, 1, 'hour', '2015-07-27 13:52:45', 800, '2015-07-27 13:58:31', 800),
('adminloginsuccess', '*', 'User [USER] logged in on [SITENAME] administrator area', '<div style=\"background-color: #e0e0e0; padding: 10px 20px;\">\r\n<div style=\"background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;\">\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">Hello,</p>\r\n<p>We would like to notify you that user [USER] has just logged in to the administrator back-end area of your site, [SITENAME]. Further information:</p>\r\n<p>Username: [USER]<br />IP address: [IP] ([LOOKUP])<br />Country*: [COUNTRY]<br />Continent*: [CONTINENT]<br />Browser User Agent string: [UA]</p>\r\n<p>* Country and continent information availability and accuracy depend on the GeoIP database installed on your site.</p>\r\n<p>If this is expected you do not need to do anything about it. If you suspect a hacking attempt, please log in to your site\'s back-end immediately and activate Admin Tools\' Emergency Off-Line mode at once.</p>\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">Best regards,</p>\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">The [SITENAME] team</p>\r\n</div>\r\n<p style=\"font-size: x-small; color: #667;\">You are receiving this automatic email message because you are an administrator in <em>[SITENAME]</em>. <span style=\"line-height: 1.3em;\">Do not reply to this email, it\'s sent from an unmonitored email address.</span></p>', 1, 5, 1, 'hour', '2015-07-27 13:58:08', 800, '0000-00-00 00:00:00', 0),
('ipautoban', '*', 'Automatic IP blocking notification for [IP] on [SITENAME]', '<div style=\"background-color: #e0e0e0; padding: 10px 20px;\">\r\n<div style=\"background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;\">\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">Hello,</p>\r\n<p>We would like to notify you that the IP address [IP] is now blocked from accessing your site, [SITENAME]<span style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">, with the following details:</span></p>\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">IP Address: [IP] (IP Lookup: [LOOKUP])<br />Reason: [REASON]<br />Banned until: [UNTIL]</p>\r\n<p>If this is your own IP address and you can no longer access your site please <a href=\"http://akee.ba/lockedout\">follow our instructions</a> to temporarily disable Admin Tools\' Web Application Firewall and clear the automatic IP ban.</p>\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">Best regards,</p>\r\n<p style=\"font-size: 12.1599998474121px; line-height: 15.8079996109009px;\">The [SITENAME] team</p>\r\n</div>\r\n<p style=\"font-size: x-small; color: #667;\">You are receiving this automatic email message because you are an administrator in <em>[SITENAME]</em>. <span style=\"line-height: 1.3em;\">Do not reply to this email, it\'s sent from an unmonitored email address.</span></p>', 1, 5, 1, 'hour', '2015-07-27 14:20:00', 800, '0000-00-00 00:00:00', 0);
]]></query>
</action>
<!-- Upgrade to UTF8MB4 -->
<action table="#__admintools_customperms" canfail="1">
<condition type="utf8mb4upgrade" />
<query><![CDATA[
ALTER TABLE `#__admintools_customperms` DROP KEY `path`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_customperms` ADD KEY `#__admintools_customperms_path` (`path`(100));
]]></query>
</action>
<action table="#__admintools_ipautoban" canfail="1">
<condition type="utf8mb4upgrade" />
<query><![CDATA[
ALTER TABLE `#__admintools_ipautoban` DROP KEY `ip`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_ipautoban` ADD UNIQUE KEY `#__admintools_ipautoban_ip` (`ip`(100));
]]></query>
</action>
<action table="#__admintools_storage" canfail="1">
<condition type="utf8mb4upgrade" />
<query><![CDATA[
ALTER TABLE `#__admintools_storage` DROP PRIMARY KEY;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_storage` ADD PRIMARY KEY (`key`(100));
]]></query>
</action>
<action table="#__admintools_waftemplates" canfail="1">
<condition type="utf8mb4upgrade" />
<query><![CDATA[
ALTER TABLE `#__admintools_waftemplates` DROP KEY `admintools_waftemplate_keylang`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_waftemplates` ADD UNIQUE KEY `#__admintools_waftemplate_keylang` (`reason`(100),`language`)
]]></query>
</action>
<action table="#__admintools_cookies" canfail="1">
<condition type="utf8mb4upgrade" />
<query><![CDATA[
ALTER TABLE `#__admintools_cookies` DROP PRIMARY KEY;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_cookies` ADD PRIMARY KEY (`series`(100));
]]></query>
</action>
<action table="#__admintools_wafblacklists" canfail="1">
<condition type="missing" value="enabled" />
<query><![CDATA[
ALTER TABLE `#__admintools_wafblacklists` ADD COLUMN `enabled` TINYINT(3) NOT NULL DEFAULT 1 AFTER `verb`;
]]></query>
</action>
<action table="#__admintools_wafblacklists" canfail="1">
<condition type="missing" value="application" />
<query><![CDATA[
ALTER TABLE `#__admintools_wafblacklists` ADD COLUMN `application` enum('site','admin','both') NOT NULL DEFAULT 'site' AFTER `verb`;
]]></query>
</action>
<!-- WAF Blacklist rule: Joomla! SQLi vulnerability, October 2015 -->
<action table="#__admintools_wafblacklists" canfail="1">
<condition type="equals" operator="not" value="1"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_wafblacklists` WHERE `option` = '' AND `view`='' AND `task`=''
AND `query`='list[select]' AND `query_type`='E' AND `verb`='';
]]></condition>
<query><![CDATA[
INSERT IGNORE INTO `#__admintools_wafblacklists`
(`option`, `view`, `task`, `query`, `query_type`, `query_content`, `verb`, `enabled`)
VALUES ('', '', '', 'list[select]', 'E', '!#^[\\p{L}\\d,\\s]+$#iu', '', 1);
]]></query>
</action>
<!-- WAF Blacklist rule: Joomla! user registration vulnerability, October 2016 -->
<action table="#__admintools_wafblacklists" canfail="1">
<condition type="equals" operator="not" value="1"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_wafblacklists` WHERE `option` = 'com_users' AND `view`='' AND `task`=''
AND `query`='user[groups]' AND `query_type`='P' AND `query_content`='' AND
`verb`='';
]]></condition>
<query><![CDATA[
INSERT IGNORE INTO `#__admintools_wafblacklists`
(`option`, `view`, `task`, `query`, `query_type`, `query_content`, `verb`, `enabled`)
VALUES ('com_users', '', '', 'user[groups]', 'P', '', '', 1);
]]></query>
</action>
<!-- WAF Blacklist rule: SQL injection probe into Feed display -->
<action table="#__admintools_wafblacklists" canfail="1">
<condition type="equals" operator="not" value="1"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_wafblacklists` WHERE `option` = 'com_content' AND `view`='category' AND `task`=''
AND `query`='type' AND `query_type`='R' AND `query_content`='!#^[a-z][a-z\\-_0-9]{2,}$#i' AND
`verb`='';
]]></condition>
<query><![CDATA[
INSERT IGNORE INTO `#__admintools_wafblacklists`
(`option`, `view`, `task`, `query`, `query_type`, `query_content`, `verb`, `application`, `enabled`)
VALUES ('com_content', 'category', '', 'type', 'R', '!#^[a-z][a-z\\-_0-9]{2,}$#i', '', 'site', 1);
]]></query>
</action>
<!-- WAF Email Template for Configuration Monitor -->
<action table="#__admintools_waftemplates" canfail="1">
<condition type="equals" value="0"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_waftemplates` WHERE `reason` = 'configmonitor';
]]></condition>
<query><![CDATA[
INSERT INTO `#__admintools_waftemplates`
(`reason`, `language`, `subject`, `template`, `enabled`, `email_num`, `email_numfreq`, `email_freq`, `created_on`, `created_by`, `modified_on`, `modified_by`)
VALUES('configmonitor', '*', 'Configuration options for [AREA] modified on [SITENAME]', '<div style="background-color: #e0e0e0; padding: 10px 20px;">
<div style="background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;">
<p>Hello,</p>
<p>We would like to notify you that the configuration options for [AREA] on your site, [SITENAME], have been modified by user [USER]. More details about the origin of this change as follows:</p>
<p>IP Address: [IP] (IP Lookup: [LOOKUP])<br />User Agent: [UA]</p>
<p>If this change was not made by you or an administrator user you trust please review your site immediately as this would be an indication of hacking activity.</p>
<p>Best regards,</p>
<p>The [SITENAME] team</p>
</div>
</div>', 1, 0, 0, '', '2016-12-15 10:46:00', 800, '2016-12-15 10:46:00', 800);
]]></query>
</action>
<!-- WAF Email Template for Critical Files Monitoring-->
<action table="#__admintools_waftemplates" canfail="1">
<condition type="equals" value="0"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_waftemplates` WHERE `reason` = 'criticalfiles';
]]></condition>
<query><![CDATA[
INSERT INTO `#__admintools_waftemplates`
(`reason`, `language`, `subject`, `template`, `enabled`, `email_num`, `email_numfreq`, `email_freq`, `created_on`, `created_by`, `modified_on`, `modified_by`)
VALUES('criticalfiles', '*', 'Critical file modified on [SITENAME]', '<div style="background-color: #e0e0e0; padding: 10px 20px;">
<div style="background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;">
<p>Hello,</p>
<p>We would like to notify you that one or more critical files have been modified on your site, [SITENAME]. The list of files modified on your site is as follows:</p>
[INFO]
<h3>Should I be worried?</h3>
<p>Critical files, in the context of this email, are the files most usually targeted by hackers upon successful hacking of a site. These files can also be modified for legitimate reasons, for example when you save your site\'s Global Configuration or when you update Joomla! or one of its templates.</p>
<p>You should NOT worry if you received this email after you, or another administrator you trust, performed any of the following changes on your site:</p>
<ul>
<li>Restored the site from a backup</li>
<li>Modified the Global Configuration</li>
<li>Updated Joomla!</li>
<li>Updated a site template</li>
</ul>
<p>If this message was not sent to you as the result of such a desirable and expected change please review your site immediately as this would be an indication of hacking activity.</p>
<p>Best regards,</p>
<p>The [SITENAME] team</p>
</div>
</div>', 1, 0, 0, '', '2017-04-05 13:15:00', 800, '2017-04-05 13:15:00', 800);
]]></query>
</action>
<!-- WAF Email Template for Super User Monitoring-->
<action table="#__admintools_waftemplates" canfail="1">
<condition type="equals" value="0"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_waftemplates` WHERE `reason` = 'superuserslist';
]]></condition>
<query><![CDATA[
INSERT INTO `#__admintools_waftemplates`
(`reason`, `language`, `subject`, `template`, `enabled`, `email_num`, `email_numfreq`, `email_freq`, `created_on`, `created_by`, `modified_on`, `modified_by`)
VALUES('superuserslist', '*', 'Super Users were added to [SITENAME]', '<div style="background-color: #e0e0e0; padding: 10px 20px;">
<div style="background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;">
<p>Hello,</p>
<p>
We would like to notify you that we detected the suspicious addition of one or more Super User accounts to your site, [SITENAME]. These new Super User accounts do not seem to have been created through the regular means, i.e. Joomla\'s “Users” page. Therefore they have been blocked. The new Super User accounts detected <strong>and blocked</strong> are:
</p>
[INFO]
<p>
<h3>Do I need to worry?</h3>
<p>
Super User accounts have full access to your site. They can modify all content, without any restriction. They can also install software which can access or modify every aspect of your site, including arbitrary files, database content and configuration settings. Only grant Super User access to people you trust.
</p>
<p>
If you are receiving this email it means that these Super User accounts were created outside Joomla\'s “Users” page. Typically this means that a hacker found a way to bypass your site\'s or your server\'s security and tried to surreptitiously create Super User accounts for themselves. For this reason these accounts were blocked, i.e. they cannot be used to log into your site.
</p>
<p>
It is possible, however, that you do receive this email in error: if you or another Super User did intend to create these Super User accounts and used a third party tool to do that. If this is the case then do not worry. Just log in to your site\'s administrator backend with your own Super User account, go to the Users page, edit the users listed further above in this email and unblock them.
</p>
<p>
If you or another Super User did NOT intend to create these Super Users we recommend auditing your site and your server for any other signs of anomalous activity.
</p>
<p>Best regards,</p>
<p>The [SITENAME] team</p>
</div>
</div>', 1, 0, 0, '', '2017-04-06 9:50:00', 800, '2017-04-06 9:50:00', 800);
]]></query>
</action>
<!-- WAF Email Template for Rescue URL -->
<action table="#__admintools_waftemplates" canfail="1">
<condition type="equals" value="0"><![CDATA[
SELECT COUNT(*) FROM #__admintools_waftemplates WHERE reason = 'rescueurl';
]]></condition>
<query><![CDATA[
INSERT INTO `#__admintools_waftemplates`
(`reason`, `language`, `subject`, `template`, `enabled`, `email_num`, `email_numfreq`, `email_freq`, `created_on`, `created_by`, `modified_on`, `modified_by`)
VALUES('rescueurl', '*', 'Rescue URL requested on [SITENAME] for [USER]', '<div style="background-color: #e0e0e0; padding: 10px 20px;">
<div style="background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;">
<p>Hello,</p>
<p>We would like to notify you that user [USER] has requested a Rescue URL for your site, [SITENAME]. If you made that request yourself please click on the following link, or copy and paste the URL to your browser. This will let you log in to the administrator backend of your site where you can modify unblock yourself and / or change Admin Tools'' configuration. The Rescue URL is:</p>
<p><a href="[RESCUEURL]" rel="alternate">[RESCUEURL]</a></p>
<p>The information towards the end of this email lets you know what to do once you are logged into your site''s backend.</p>
<h3>I have no idea why I''m receiving this email</h3>
<p>Look under "What is the Rescue URL" further down. You <strong>DO NOT</strong> need to take any action and you <strong>DO NOT</strong> need to worry.</p>
<h3>Who requested the Rescue URL?</h3>
<p>Username: [USER]<br />IP Address: [IP] ([LOOKUP])<br />User Agent: [UA]</p>
<p> </p>
<h3>What is the Rescue URL?</h3>
<p>Sometimes an overzealous Admin Tools configuration can result in accidentally blocking you, a Super User from the site. Normally that would require you to rename the file of Admin Tools'' system plugin to unblock yourself. This is a bit complicated and susceptible to errors.</p>
<p>The Rescue URL feature works around that. By accessing a special URL when you are blocked out of the site you are sent this email. The URL in this email is only valid for the same browser and IP address that made the request and only for a limited amount of time. Accessing it will get you to a <em>temporarily</em> unblocked administrator login page. This lets you access the administrator backend of your site to unblock yourself and / or modify Admin Tools settings.</p>
<p>By default, this feature is enabled on all installations of Admin Tools. Moreover, a message about accessing the Rescue URL is displayed by default when someone gets blocked UNLESS you set up a "Custom message" in the Configure WAF page of Admin Tools. If you have no idea why you received this message it''s probably because someone saw the default IP blocked message and guessed your Super User email correctly. Don''t worry though, what they did is completely useless since they would also need access to your email account and your Super User password to access your site, i.e. they would need to have already hacked you. As it''s already documented, we strongly recommend that you change the "Custom message" to make it less obvious that your site is protected by Admin Tools. If you do not wish to use the Rescue URL feature -and are OK manually renaming files per the documentation when you get blocked- go to Extensions, Plugins and edit the options of the Admin Tools system plugin. You''ll see an option for Rescue URL. Set it to No to disable this feature.</p>
<h3>What to do after logging in?</h3>
<p>If your IP is blocked by Admin Tools go to Components, Admin Tools and click the big Unblock My IP button at the top of the page.</p>
<p>If you keep getting your IP blocked without you doing anything suspicious to the best of your knowledge, the IP blocked is always the same but different than the one reported by <a href="http://www.ip-adress.eu/">http://www.ip-adress.eu/ </a><em>and</em> <a href="https://www.whatismyip.com/">https://www.whatismyip.com/</a> then your site might be behind a CDN or a reverse proxy. In this case, additionally to the instructions above, please go to Components, Admin Tools, Web Application Firewall, Configure WAF, click on the Basic Protection Features tab. Set the "Enable IP workarounds" option to Yes - no matter what the automatically detected recommendation is.</p>
<p>If, however, your real IP address as reported by the two tool listed above keeps getting banned you should troubleshoot the reason of the ban. Go to Components, Admin Tools, Web Application Firewall, Security Exceptions Log and check the Reason and Target URL for the entries which have your IP address in the IP address field. If you are not sure what that means, please <a href="https://www.akeeba.com/support/admin-tools.html" rel="alternate">file a support ticket</a> remembering to copy the information from the Security Exceptions Log. Kindly note that you need to have an active subscription to receive support.</p>
<p>If you have forgotten your Administrator Secret URL parameter go to Components, Admin Tools, Web Application Firewall, Configure WAF, click on the Basic Protection Features tab and find the "Administrator secret URL parameter" option. Change or remove all of the text in that box to reset or unset, respectively, this feature.</p>
<h3>What to do if I still cannot log in to my site?</h3>
<p>There are two cases where the Rescue URL feature, or renaming the Admin Tools system plugin''s file, will not help you. These are the two cases where Admin Tools has created a <em>server</em> configuration file, meaning that you are blocked by <em>your server</em>, not Admin Tools.</p>
<p>The first is the <strong>Administrator password protection</strong> feature. Please delete the files named <code>.htaccess</code> and <code>.htpasswd</code> from your site''s <code>administrator</code> directory. </p>
<p>The other case is when you''ve used the <strong>.htaccess Maker</strong> feature of Admin Tools. In this case there''s a <code>.htaccess</code> file in your site''s root. You may want to replace its contents with the <a href="https://raw.githubusercontent.com/joomla/joomla-cms/staging/htaccess.txt" rel="alternate">default Joomla! .htaccess file content</a>.</p>
<p>In both cases you should not that the files have names beginning with a dot. That makes them <em>hidden</em>. You will need to enable the display of hidden files to edit / delete those files. If you are unsure how to do that please ask your host and tell them that you need to edit/delete <em>hidden</em> files. Usually they will point out an option in their hosting control panel''s file manager. </p>
<p>In any other case your issue is unrelated to Admin Tools. Do you have another security plugin on your site? If you do, check its settings. If not, check with your host. More often than not hosts have their own server security systems which can block you out of your site.</p>
</div>
</div>', 1, 1, 1, 'minute', '2017-06-20 09:50:00', 800, '2017-06-20 09:50:00', 800);
]]></query>
</action>
<action table="#__admintools_log" canfail="1">
<condition type="true"/>
<query><![CDATA[
ALTER TABLE `#__admintools_log` CHANGE `url` `url` varchar(10240) DEFAULT NULL;
]]></query>
</action>
<!-- WAF Email Template for Critical Files Monitoring-->
<action table="#__admintools_waftemplates" canfail="1">
<condition type="equals" value="0"><![CDATA[
SELECT COUNT(*) FROM `#__admintools_waftemplates` WHERE `reason` = 'criticalfiles_global';
]]></condition>
<query><![CDATA[
INSERT INTO `#__admintools_waftemplates`
(`reason`, `language`, `subject`, `template`, `enabled`, `email_num`, `email_numfreq`, `email_freq`, `created_on`, `created_by`, `modified_on`, `modified_by`)
VALUES('criticalfiles_global', '*', 'Critical file modified on [SITENAME]', '<div style="background-color: #e0e0e0; padding: 10px 20px;">
<div style="background-color: #f9f9f9; border-radius: 10px; padding: 5px 10px;">
<p>Hello,</p>
<p>We would like to notify you that one or more critical files that you decided to monitor have been modified on your site, [SITENAME]. The list of files modified on your site is as follows:</p>
[INFO]
<p>If this message was not sent to you as the result of such a desirable and expected change please review your site immediately as this would be an indication of hacking activity.</p>
<p>Best regards,</p>
<p>The [SITENAME] team</p>
</div>
</div>', 1, 0, 0, '', '2017-04-05 13:15:00', 800, '2017-04-05 13:15:00', 800);
]]></query>
</action>
<action table="#__admintools_tempsupers" canfail="0">
<condition type="missing" value=""/>
<query><![CDATA[
CREATE TABLE `#__admintools_tempsupers` (
`user_id` bigint(20) NOT NULL,
`expiration` datetime NOT NULL,
PRIMARY KEY (`user_id`)
) DEFAULT COLLATE utf8_general_ci
]]></query>
</action>
<action table="#__admintools_scans" canfail="1">
<condition type="index" value="idx_fullstatus" />
<!-- Keep top 1000 rows for performance reasons (we are going to regenerate the indices) -->
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP KEY `idx_fullstatus`;
]]></query>
</action>
<action table="#__admintools_scans" canfail="0">
<condition type="missing" operator="not" value="description"/>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `description`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `type`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `profile_id`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `archivename`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `absolute_path`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `tag`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `backupid`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `filesexist`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `remote_filename`;
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` DROP COLUMN `total_size`;
]]></query>
</action>
<action table="#__admintools_scans" canfail="0">
<condition type="missing" value="scanstart"/>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` CHANGE COLUMN `backupstart` `scanstart` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00';
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` CHANGE COLUMN `backupend` `scanend` TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00';
]]></query>
<query><![CDATA[
ALTER TABLE `#__admintools_scans` CHANGE COLUMN `multipart` `totalfiles` int(11) NOT NULL DEFAULT '0';
]]></query>
</action>
</sql>
</schema>