Support

Admin Tools

#18789 Feature Request

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 13 January 2014 14:54 CST

pyrovespin
 It would be very helpful if the Security Exceptions Log had a Blacklist selected option for the IP ADDRESS's I'm currently cleaning up one of my websites after a botnet brute force attack.. the website didn't get compromised but there was over 25000 entries in the SEL and there are 100's if not 1000's of different ip address's that I'm trying to block.. doing them 1 by 1 takes a long time.

nicholas
Akeeba Staff
Manager
This has been asked before (repeatedly) and I have explained that permanently blocking IPs is a Very Bad Idea. You will end up bogging down your site (too many IP blacklist rules take ungodly amounts of time and memory to process) and blocking legitimate users (a hacker used 25000 compromised machines to attack you, these IPs do NOT belong to hackers, they are dynamically assigned and will end up being assigned to legitimate users with non-compromised machines). You are essentially asking me for a machine gun to shoot your feet. Sorry, I too care too much about you and my other clients to do that. It would be irresponsible.

What is responsible and sane is auto-blocking repeat offenders. That's what the automatic IP ban does. If the attacker used a big bot network to launch too few and irregular attacks from each IP you can do nothing about it. The best thing you can do is blocking the malicious requests –which Admin Tools did– and make sure that you are using strong passwords and all protection settings in Admin Tools to prevent them from successfully brute forcing your administrator password.

Please stop obsessing with IP blacklisting. It is an architecturally incorrect way to handle security. IP blacklisting must be reserved for persistent attacks over a long period of time (over 12 hours) and should be revised (in plain English: deleted) every month at most. In any other case you do end up shooting yourself in the feet. Take this from the author of the security solution you are using, who has exactly 0 manually blacklisted IPs in his list across all of his sites.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!