Support

Admin Tools

#13710 IP upon login

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 01 October 2012 11:43 CDT

Monday, 01 October 2012 10:29 CDT

user39895
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.7
PHP version: 5.4.x
MySQL version: 5.?
Host:Bluehost
Admin Tools version: 2.3.2

Description of my issue:
I love how I can track a person trying to log into the admin side and keep their ip. I also see in the WAF that I can save their ip upon "sign-up". My guess is by sign-up you mean registration?

How about a way to save their ip every time they log in?

Thank you.

Monday, 01 October 2012 10:31 CDT

nicholas
Yes, sign-up is their registration.

Saving the IP of every log in would result in a humongous table. Even worse if I actually create a user note.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 01 October 2012 10:42 CDT

user39895
I guess what I am looking for is to see what kind of use the site is getting. I can make a report based on ip related use for the owner. Also, if I have a login ip, when the person makes an add in the classifieds, I will know "where" they were logged in from.

Yes, I do know that an ip can be spoofed.

Monday, 01 October 2012 10:44 CDT

nicholas
It's still a lot of data to collect. You'd get something in the thousands of rows per month. Within a year the table would grow so big as to become too sluggish to be practical.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 01 October 2012 10:46 CDT

user39895
OK. I would hope that this site can get a login related ip track that would climb to thousands per month! This is just starting so I highly doubt we would approach that. However, I understand where you are coming from.

Thanks.

Monday, 01 October 2012 10:49 CDT

nicholas
Yes, the thing is that every feature I implement has to work on all sites Admin Tools is expected to be installed. From that perspective the login IP log is a no-go. For small sites it would be OK, I guess, but this still means it can't be implemented in Admin Tools. A quick search in JED shows that nobody has tried implementing something like that either.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 01 October 2012 10:54 CDT

user39895
A quick search in JED shows that nobody has tried implementing something like that either.

oh yeah?

http://extensions.joomla.org/extensions/site-management/analytics/visitors/8946

:).....

I do understand how it would get huge though. I am just toying with the notion at this point. I think that showing users that you do have their ip could be a way of showing the possible classified users (in this case) that you are making an attempt to help protect them.

Monday, 01 October 2012 10:58 CDT

nicholas
Ah, the magic of using the correct search terms :D

I think that showing users that you do have their ip could be a way of showing the possible classified users (in this case) that you are making an attempt to help protect them.

Um, not really. I mean, for each and every request made to your site you have the URL and the IP logged by Apache. Tracking the request down to the point when the user logged in allows you to guess with a great deal of accuracy which IP belongs to which user. This is, after all, what we use when we have a compromised site and try to identify the IP of the attacker.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 01 October 2012 11:02 CDT

user39895
I will have to go learn more about how the Apache side does this.

Is that what you are using when you track the ip of an attempted log in to the administrator side? Just curious.

Monday, 01 October 2012 11:05 CDT

nicholas
When someone attempts to log in to the administrator Admin Tools sends you an email and if it's not successful also logs a security exception. Let's not confuse user login with administrator login.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 01 October 2012 11:06 CDT

user39895
No confusion here, I understand the admin part of it. I have been testing it to make sure I know how it works. I was just curious how your system does it. That's all.

Monday, 01 October 2012 11:17 CDT

nicholas
Administrator logins and failed logins are a special case. They can be logged (based on your WAF settings). The idea is that you are not going to have the same volume of admin or failed logins as successful frontend user logins every day. Lower volume means that there is no serious adverse effect logging this information. In fact, it is used by the IP auto-block feature, preventing a large volume of failed logins from accumulating in a short amount of time.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 01 October 2012 11:21 CDT

user39895
Ok, you must not be understanding what I am saying. I understand why it has what it does, and I am not questioning that in any way.

I was just curious what method the code uses to capture the ip. You mentioned the accuracy of Apache to capture timeline and ip. This made me wonder if that was possibly what you were using.

I know that there is no possibility of you adding the user login ip track feature to the product and I am beyond asking for that. Your reasoning behind that makes sense, and I do not need any sort of explanation on it.

Monday, 01 October 2012 11:43 CDT

nicholas
Aaaah! Now I understand the question. You are confusing different things. Admin Tools uses the REMOTE_ADDR server variable to get the visitor's IP address. It only logs the following in the database:
- Failed administrator logins (as security exception)
- Failed front-end logins (optional - as security exception)
- New account registration (optional – as user notes)

We could, of course, analyse the Apache log files but there is no need for that. You should only need to use Apache log file analysis if you are trying to establish a timeline of events, which usually is necessary after a hack. I was just making the point that having a login IP tracking feature should not make your visitors feel any safer, simply because the raw information (their IP address) is already present in the access log, no matter if you have Joomla! extension logging it or not. The Apache log file was only used as an example to dispel the argument that logging the login IP has any impact on security.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!