Support

Joomla 2.5.3
Admin Tools 2.2.1

1. Getting constant stream of security warning emails from AdminTools advising of a QueryString demand from an ip.

2. Have added ip to Blacklist but stream of warning emails continues.

3. Rate of emails from Admin security warnings has exceeded 500 per hour and blocked my e-mail account.

I'd be grateful of advice about how to recover this situation to: block this attack and prevent email warning swamping my email account.

Many thanks ...

Mercifully attack seems to have stopped and I have regained control of my email account. There were a flood of successive of AdminQueryRequests from an ip. I've 'blacklisted' the ip and informed the ip-owner-admin. This is the first time I've experienced this problem. The surprising think for me was that even though I added the ip to the 'blacklist' I continued to receive a stream of 'security exception' reports which swamped and locked out my email. What's the 'best practice' guidance for avoiding security reports locking out email but still getting warnings about security actions needing attention? Thank you.

Nicolas - many thanks for your lightening fast and helpful response - I've done as you suggested. I had done the 'Quick Setup' but didn't chose not to enable 'auto disallow ip' as I was worried about locking myself out (if I leave my site for more than a few minutes it seems to log me out which means when I go back to view another page it has logged me out and generates a security exception).

A question for clarification ... if an ip is 'blacklisted' (and or 'auto disallowed) does this just block back-end login or does it prevent the someone using the ip address from viewing the site? My reason for asking this question is that if you block an ip (in this case a 'dial-in temp ip' it could prevent someone who uses that ip correctly in the future from browsing the site. I know the likelihood of this occuring is small but it could be relevant.