Support

Admin Tools

#13407 Server IP gets blacklisted

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Friday, 28 September 2012 18:00 CDT

Monday, 27 August 2012 13:46 CDT

tablemountain
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? yes (maybe not all 64 pages!)
Have I read the documentation before posting (which pages?)? yes
Joomla! version: 1.5.26
PHP version:
MySQL version: (unknown)
Host: Rackspace Cloud Sites
Admin Tools version: 2.2.10

Description of my issue:

Hi, my problem is with WAF. Whenever there is a hack attempt it just registers the servers IP address and not the actual hackers ip. This then blacklists the server and the site stops working. I have whitelisted the servers IP so this doesn't happen - but then hackers aren't blacklisted.

How can I get around this? I saw elsewhere you mentioned this was an issue with nginx server, but Rackspace Cloud Sites are running on Apache

Thanks

Monday, 27 August 2012 14:13 CDT

nicholas
The only this can happen is using a reverse proxy and getting the IP of the proxy instead of the user. Perhaps you are using Apache as your web server but there is Varnish or NginX in front of it acting as a reverse proxy?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 28 August 2012 04:18 CDT

tablemountain
Hi Nicholas, thanks for the response - I've followed up with Rackspace who have directed me to this page

http://www.rackspace.com/knowledge_center/article/why-does-every-visitor-to-my-cloud-sites-website-have-the-same-ip-address

Perhaps you could point me in the right direction where to use this code. I presume its somewhere in the pro.php file in plugins/system/admintools

Thanks

Tuesday, 28 August 2012 04:21 CDT

nicholas
Right now you can't change that, because the HTTP header is referenced in many different places. I am working on a solution for the next version of Admin Tools. If you can wait a day or two I'll finish up my workaround and give you instructions for testing it.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 28 August 2012 04:22 CDT

tablemountain
Wow, that was quick!

Great, thanks very much

Tuesday, 28 August 2012 05:34 CDT

nicholas
I have just uploaded a dev release which includes the workaround. After installing it, please go to Admin Tools, Web Application Firewall, Administrator IP Whitelist and click on New. Above the editor you should see a label reading "Your current IP is" and next to it an IP address in red letters. Check it against the IP reported by http://whatismyip.org/. They should match. If the match, I just solved the issue. If they don't match, please tell me.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 28 August 2012 05:55 CDT

tablemountain
Have given it a bash, but getting installation error on this 1.5 site

I've tested it on a 2.5 site which has the same issue and its working great, excellent!

Is there any way to include this workaround on admin tools 2.2.10? (the last Joomla 1.5 supported version)

Thanks very much

Tuesday, 28 August 2012 06:13 CDT

nicholas
OK, that's good news. The new version if for Joomla! 2.5 only, so there's no wonder why it didn't work in Joomla1 1.5 :) For Admin Tools 2.2.10 you will have to manually find all instances of REMOTE_ADDR and change them to HTTP_X_FORWARDED_FOR

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 29 August 2012 06:32 CDT

tablemountain
Working perfectly on 2.2.10.

Thanks very much for your assistance

Wednesday, 29 August 2012 07:25 CDT

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 28 September 2012 18:00 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!