Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes, all
Joomla! version: 2.5.8
PHP version: 5.3.20
MySQL version: 5.1.666
Host: bytewriter.com via Rochen
Admin Tools version: 2.4.4
Description of my issue: The Site Admin IP blacklist is huge -- 800 entries. I could shorten it by blocking IPs by range and moving it to .htaccess. In another ticket I read that you believe long term black listing is a waste of time, and I understand your reasoning. Were you referring to the blacklist in Admin Tools or .htaccess?
A lot of the exceptions were for unauthorized access to the backend, so I changed to a whitelist and will soon implement two-factor authentication. I think that is working very well so far and I haven't had any problems testing two-factor.
Most of the security exceptions I get are from non-U.S. IP addresses. I've blocked many of the suspect countries via the GEO IP blocking function, but I have yet to see Geo IP blocking show up in any of the security exception messages, but I'm no longer getting traffic from some of the "bad" countries.
Here are my questions:
1. By using the admin white list and two factor authentircation, do I need to worry about keeping those IPs in the blacklist or security exception log?
2. Realisitcally, how many entries should I keep in the security exceptions log? Mine goes back to 2012.
3. Even though I'm not getting GEO Ip exceptions in the exceptions log, I'm no longer getting attempts from countires I've blocked. Is it safe to assume that it is working? I keep the Maxmind file updated.
I've learned a huge amount about security reading the support tickets.
