Admin Tools

#18868 Hundreds of Security Exception notifications at once

Posted in ‘Admin Tools for Joomla! 4 & 5’

This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version

n/a

PHP version

n/a

Admin Tools version

n/a

Latest post by dlb on Sunday, 26 January 2014 17:33 CST

Tuesday, 21 January 2014 10:59 CST

slomas

Hello,

We have received hundreds of the "Security Exception due to login failure" notifications overnight. Based on the frequency (1 per second at one point) and the random IP addresses, this must be automated. Blocking IP addresses with Admin Tools > Web Application Firewall > Site IP Blacklist has only seemed to increase the volume and frequency.

It seems the traffic is all coming from outside the US.

Any thoughts about what to do? Thanks in advance. -SL

Steve Lomas | Idea Mechanic | MojoMediaPros

Tuesday, 21 January 2014 11:38 CST

dlb

Keep in mind that hackers don't use their own IP addresses. Blacklisting the IPs won't help much to end the attack and those IP addresses may be used by real customers in the future.

The auto-ban feature is better for this situation. You can ban an IP address that creates X exceptions in Y minutes for Z amount of time. So the ban will automatically expire and not block future customers.

If the IP addresses used in the attack are truly random and are not repeating, there is very little you can do.

Dale L. Brackin
Support Specialist

English: native

Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Sunday, 26 January 2014 14:16 CST

slomas

Thanks Dale! That's a great idea. I'll try that out. -SL

Steve Lomas | Idea Mechanic | MojoMediaPros

Sunday, 26 January 2014 17:33 CST

dlb

You're welcome!