Support

First make sure that the GeoIP database is up to date. Go to Admin Tools, Web Application Firewall, Geographic Blocking and click on "Update GeoIP.dat". If the automatic update does not work please follow the manual instructions in our documentation under "Getting or updating the IP database". Then please make sure that Ukraine and Russia are selected in the Countries list in the Geographic Blocking page of Admin Tools.

Please note that some user login related security exceptions will still show up in your log from geoblocked countries. These security exception are triggered by the user login events which can be processed by Joomla! before triggering the main application initialisation complete event which is captured by Admin Tools and used to run the rest of its security checks. In layman's terms, the login related exceptions are processed before anything else. This means that you may get several (even thousands) of security exceptions regarding failed user logins. This is nothing to worry about; even if the hackers did guess the correct login information the GeoBlock would then kick in and block them from accessing your site – and they would still have no idea that they found the correct login info to your site.

As I explained in my previous reply, which you should please read very carefully, login attempts are triggered BEFORE the Geographic IP blocking.

One very important thing you seem to be oblivious of. You do not need to be able to see the login form / login page to perform a login attempt against a site. In fact, you do not even need to have a site with a publicly visible login page or form. All you need to know is which URL to submit the form to. This URL is fixed and very easy to determine if you know or guess that the site is using Joomla!. This means that an attacker can do blind login attempts, hoping to hit the correct username / password combination. There is no human sitting in front of a computer in Russia typing usernames and password. No, sir. It is a bot (a computer program with a specific purpose) running on a machine located in Russia, trying to log in to your site with a list of typical usernames and passwords. As I explained very thoroughly, the login event (which is caught by the failed login security exception handler of Admin Tools) is triggered by Joomla! before the onAfterInitialise event (which,among other things, runs the GeoBlocking in Admin Tools). As a result these bot's failed login attempts show up in your log. Even if the bot manages to guess the username and password the attacker will still not know they hit the jackpot as Admin Tools' GeoBlock will be immediately triggered.

I know this is way over your head. Can you please at least trust me that I understand how Joomla! works and know how to build a solid security extension? If you get too anxious about those security exceptions just turn off the option to log failed logins as security exceptions. See? Nothing now goes past the GeoBlock. BUT! Now the attacker knows when they have found a correct username / password combination as Joomla! will happily send them a login cookie before GeoBlock has the chance to kick in. Your site is pwned, but you get to feel "safe" as you don't see the warnings. Is this what you want? It's exactly what I tried to prevent with the introduction of the feature that treats failed logins as security exceptions.

I suck big time at all sports. I'm not just "not an expert", I am even less than a complete newbie. When someone tells me how skydiving, snowboarding or mountain climbing works I take their word for it. I will never double guess my instructor because I know what I don't know. My motto is what Socrates said in his Apology: "Ἅ μὴ οἶδα, οὐδὲ οἴομαι εἰδέναι" ("What I don't know, I don't think I know it either").

You misjudged my intentions. I was trying to explain to you exactly what is going on from receiving a request to handling it. I also tried to explain exactly why I made certain decisions while building this software. You thought I was condescending. I apologise. So let me rephrase my reply. Here is my revised reply, to be read in lieu of my previous post:

Please refer to the second paragraph of our previous reply. It sufficiently explains why what you are experiencing is normal and does not indicate any malfunction in the Geographic Blocking feature. If you do not wish to receive such security exceptions you can disable the "Treat failed logins as security exceptions" in the Web Application Firewall page, therefore leaving only the features running during Joomla!'s onAfterInitialise (IP-based blocking features being the first to run). This is done at the expense of your site's overall security as Admin Tools is no longer able to mislead malicious users trying to log in to your site by posting data blindly to Joomla!. The consequence is that they will be able to understand when they have found a correct username/password combination. However, in no case do they see the login page or are able to proceed past a successful login because the Geographic Blocking is already enabled and working properly.