Hi
First, thank-you for a great product which has earned its keep this weekend alone!
My question is not with a problem with your admin tools product, far from it, but with needing some further advice with what to do after an attack I have read some of your articles oponted to where others have written to you and learned a bit more about the tool and Joomla itself, most notably the emergency off line feature compared with the Joomla feature. A great tool and explanation.
This weekend I started to get hit with numerous AdminQuery String security exceptions, about 7 a minute. My email inbox went into overdrive. I am using the super administrator ID. I had enabled auto IP blocking after 3 attempts but, or course the ip addresses purported to come from many countries and are likely spoofed.I used the emergency off line feature and took the site down for a few hours, I also changed the admin username and password as a precaution. In all there were over 1100 attempts before I got the site down.
I've now put it back up but noticed more measured attempts. Instead of a battering of tries there are now 3 attempts from an IP address minutes or a couple of hours apart. After using the same address 3 times the ip changes.
My question is really one of advice, is there anything I should do after doing the look up of an ip address? Usually the domain name isn't available although on occasion it is. Should I be doing something once I look these things up? I have enabled the project Honeypot feature. Also can you tell me what settings you recommend in this situation in terms of how many times per hour / day / week to set for IP blocking and for what duration you recommend? At one point before I took the site down I blocked all countries except the UK to calm i down but the site does cater for overseas visitors so that's not really practical.
I'm no expert as you can tell but I suppose the plus side of this weekend is that I'm learning more about the benefit of Admin Tools and also about Joomla itself as I read your articles.
Again, thank you for any further advice.
First, thank-you for a great product which has earned its keep this weekend alone!
My question is not with a problem with your admin tools product, far from it, but with needing some further advice with what to do after an attack I have read some of your articles oponted to where others have written to you and learned a bit more about the tool and Joomla itself, most notably the emergency off line feature compared with the Joomla feature. A great tool and explanation.
This weekend I started to get hit with numerous AdminQuery String security exceptions, about 7 a minute. My email inbox went into overdrive. I am using the super administrator ID. I had enabled auto IP blocking after 3 attempts but, or course the ip addresses purported to come from many countries and are likely spoofed.I used the emergency off line feature and took the site down for a few hours, I also changed the admin username and password as a precaution. In all there were over 1100 attempts before I got the site down.
I've now put it back up but noticed more measured attempts. Instead of a battering of tries there are now 3 attempts from an IP address minutes or a couple of hours apart. After using the same address 3 times the ip changes.
My question is really one of advice, is there anything I should do after doing the look up of an ip address? Usually the domain name isn't available although on occasion it is. Should I be doing something once I look these things up? I have enabled the project Honeypot feature. Also can you tell me what settings you recommend in this situation in terms of how many times per hour / day / week to set for IP blocking and for what duration you recommend? At one point before I took the site down I blocked all countries except the UK to calm i down but the site does cater for overseas visitors so that's not really practical.
I'm no expert as you can tell but I suppose the plus side of this weekend is that I'm learning more about the benefit of Admin Tools and also about Joomla itself as I read your articles.
Again, thank you for any further advice.
