Support

Admin Tools

#18031 Enhancement: Add time delay for admin page redirect

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 01 November 2013 15:48 CDT

Friday, 01 November 2013 12:50 CDT

tabletguy
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Not relevant
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (unknown) 2.5.14
PHP version: (unknown) 5.3
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown) current

I'm seeing a lot of "front page" activity, to the point where the hosting provider blocked the site due to a 88% CPU utilization for a while.

I don't really know what the issues are, and am not asking about that. However, one item that I was thinking about is that I have a secret word configured for administrator page access. If a user doesn't know that, they get redirected to the front page (of course).

So, I want to propose one or two enhancements, and see what you think:
a) Able to have a time delay in seconds before going to the front page. A sort of "time out", similar to honeypotting them.
b) Able to redirect to a separate page, or a series of other pages. Not sure if I would use this, but it might be another way to confuse the issue. Especially if it's a bot attack. The reason for multiple pages in the redirect list would be to avoid easy recognition by a bot.

c) Would be nice to be able to specifically count these separately on the Admin exceptions graph/report as well.

Thanks for your time,
Stephan

Friday, 01 November 2013 15:48 CDT

nicholas
a. No, that's a terrible idea. I used to add a random amount of delay (up to 5 seconds) when someone would trip the automatic IP block. The end result was that the CPU usage was insanely increased to the point of the server going down. I have already removed that feature and the users with this problem have reported that CPU usage has dropped back to normal levels. You are asking me to kill your site, driving your CPU usage over 100%. Sorry, I won't do that.

b. No. It's a bad idea from a security point of view. If a bot sees a redirection and still tries to log in in the back-end it's a badly coded bot, it's not intentionally trying to work around the secret word.

c. They are already logged per security exception reason. If you want to count "bot attacks" separately... good luck :) If that was possible the corollary would be that identifying bot attacks with 100% precision is possible. The corollary to that would be that blocking them before they hit the server is possible. The corollary to that is that counting them would be unnecessary as we'd have already stopped them. You see where this is going?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!