Support

Admin Tools

#14099 Multiple security exceptions from ip-lookup.net

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 12 November 2012 14:32 CST

Monday, 12 November 2012 14:03 CST

gmoore

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes - speciifcally the section on configuring the firewall
Have I searched the tickets before posting? yes - but since my quetion is about ip-lookup I get a huge number of results
Have I read the documentation before posting (which pages?)? yes- about configuring the firewall
Joomla! version: Joomla! 3.0.2 Stable [ Ember ] 08-November-2012 14:00 GMT
PHP version: 5.3.14
MySQL version: (unknown)
Host: Rochen LTD
Admin Tools version: 3.0.2

Description of my issue: Multipe security exceptions from ip-lookup.net

the site is groundschool.org - nothing much is going on there - i'm just playing around with the new Joomla version 3.

I'm getting multiple 10-15 a day - that look like this....

We would like to notify you that a security exception was detected on your site, groundschoolORG, with the following details:

IP Address: 177.43.160.197 (IP Lookup: http://ip-lookup.net/index.php?ip=177.43.160.197)
Reason: Admin Query String

I've tried putting the IP address in the black list - but they just come up with a new one.  I'm guessing this isn't a serious problem - just annoying with all the emails.  Should I do anything about it??

 

thanks

Monday, 12 November 2012 14:30 CST

nicholas

You are reading the report wrong.

In the example you posted here the attack comes from IP address 177.43.160.197. This doesn't tell you much, huh? Me neither. THat's why Admin Tools tries to make your life easier by giving you a link to look up the IP, i.e. http://ip-lookup.net/index.php?ip=177.43.160.197 Visiting that URL you will see that the IP comes from Brazil.

As to the reason of the security exception, Admin Tools tells you that it is Admin Query String. Remember the secret URL parameter setting in Admin Tools? That's what we're talking about. Someone tried to access your site's backend without giving this secret URL parameter.

Since you are toying around with Joomla! 3.0, please note that this may be a false positive. When you administrator session expires and you try to visit your site's administrator section again you will get kicked out to the site's main page, raising exactly this security exception on Admin Tools. If the IP address belongs to you this is what happened. If the IP address does not belong to you then someone is trying to break into your site and Admin Tools is blocking him.

In any case you do not need to do anything,

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 12 November 2012 14:31 CST

gmoore

Excellant update!  I really appreciate your time and our products....

Monday, 12 November 2012 14:32 CST

nicholas

You're welcome and thank you for your kind words!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!