Support

Admin Tools

#17963 Hacking attack

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Friday, 01 November 2013 08:15 CDT

Thursday, 24 October 2013 23:45 CDT

user11300
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 3.0.3
PHP version: 5.3.3-7+squeeze15
MySQL version: 5.1.66-0+squeeze1
Host: Debian personal server
Admin Tools version: 2.5.8

Description of my issue:
I've been subject to a severe hacking attack that was stopped by admin tools - well done!
I now have a massive log file of IP addresses that I wish to block and there does not appear to be a way to of doing this without clicking on each and every IP in the Exceptions Log. Also, when I look at the exceptions log there isn't an option to display more than about 20 entries anymore. This is very frustrating.

What I would like to be able to do is block all the IP addresses and also purge the log when this is finished. Is there a way of doing this without having to manually block the 1,000's of IPs and then purge the hundreds of pages of log entries?

Many thanks for your help.

Friday, 25 October 2013 03:22 CDT

tampe125
Hello Michael,

you can show more logs using the pagination options at the end of the page.
Moreover, you can delete old entries using the Admin Tool plugin.
You can find more info in our documentation

However, please remember that attackers use the same ip only for few ours, so a temporary ban of a couple of days should be enough.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 30 October 2013 17:48 CDT

user11300
Thank you for your reply.

The problem that I'm finding is there isn't any option at the bottom of the page to display more than 20 records at a time. In previous versions on "Admin" you could do this. What would be good would be to download the log file into excel, change the state of the IP ban and then reload the file back up.....it would be much quicker when the site is actually experiencing an attack.

I've now set the plugin up to delete records in the log file......can I suggest that a cron tab may be better than running a plugin.....just a thought.

Michael

Friday, 01 November 2013 08:15 CDT

tampe125
Are you sure about the pagination problem?
I just tested it and everything is working fine...

Regarding the cronjob, yes, it would be better.
However not every hosting support them out of the box (maybe you have to upgrade), moreover it could be a little "tricky" for the average user.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!