Support

Admin Tools

#10235 Safe to turn off Auto-ban Repeat Offenders?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 20 January 2012 01:49 CST

Thursday, 19 January 2012 16:18 CST

user40634
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the forum before posting? yes
Have I read the documentation before posting (which pages?)? yes
Joomla! version: (1.7.3)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)


Description of my issue:

I have a problem with my customers using several different mobile devices to access their admin panels. They are constantly auto-banned because their mobile IP addresses aren't added to the admin whitelist. They have asked me to disable the auto-ban feature. Will disabling the auto-ban jeopardize their site? Even after disabling, how will they be able to access the admin panel with their mobile devices? Any suggestions?

Thursday, 19 January 2012 16:20 CST

user40634
They said that they aren't able to give me a range of IP addresses because the mobile IPs are unpredictable. So, I can't add ranges.

Thursday, 19 January 2012 16:23 CST

nicholas
Do something simpler for now. Tweak the auto ban settings. Set it to auto ban after 4 exceptions in 1 minute, for 5 minutes. This is enough to keep bots out (that's what auto ban was designed to do) and is nigh impossible for so done to block himself. Even if he does, it is only for 5 minutes, which is not a big deal.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 19 January 2012 16:24 CST

user40634
But how will they be able to access the admin panel on their mobile devices without giving me their IPs every time?

Thursday, 19 January 2012 16:32 CST

nicholas
You will have to disable the Administrator IP Whitelist feature. In fact, this feature should only be used if you are accessing your admin panel from a STATIC IP address. Otherwise it is completely pointless and should be disabled.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 19 January 2012 16:50 CST

user40634
If I disable it, will anyone be able to access the admin panel?

Thursday, 19 January 2012 17:09 CST

nicholas
If you mean the administrator login page, yes. That's why we have the administrator secret URL parameter.

Before asking anything further, please read the fine manual.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 19 January 2012 17:27 CST

user40634
Sorry, I'm confused. What am I supposed to disable? The "Allow administrator access only to IPs in Whitelist"?

And by disabling this, anyone can go to the admin panel? But they can't get to the admin panel if there is a secret key?

Please advise.

Thursday, 19 January 2012 17:35 CST

nicholas
>> What am I supposed to disable? The "Allow administrator access only to IPs in Whitelist"?
Yes, exactly.

>> And by disabling this, anyone can go to the admin panel?
Yes, anyone can see that administrator log in page

>> But they can't get to the admin panel if there is a secret key?
Yes, exactly. Try accessing https://www.AkeebaBackup.com/administrator and you'll see that it's redirecting you to the main page. That's because I have set up a secret key. No secret key, no admin login page.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 19 January 2012 18:05 CST

user40634
Ok, thanks. I understand now.

Thursday, 19 January 2012 18:08 CST

user40634
Should I set "IP blocking of repeat offenders" to "NO" ?

Friday, 20 January 2012 01:49 CST

nicholas
It's indifferent to what you're trying to achieve. I'd say keep it enabled.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!