Support

Admin Tools

#19239 Auto Ban Repeat Offender Strategy

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by dlb on Wednesday, 19 February 2014 08:52 CST

Tuesday, 18 February 2014 20:01 CST

theralph
Greetings & Hallucinations,

Wondering if the following set up makes sense to you.

I have user registration turned off. I manually set up the users. I also have "Treat Failed Logins as security exceptions" set to NO. I do have Project Honeypot enabled.

Would it be feasible to set the Auto Ban Repeat Offender settings as follows:

Block after 1 attack in 20 seconds
Block for this long 2 days

Or would that cause too much strain on my web site. I do have more than 25,000 articles.

Tuesday, 18 February 2014 20:42 CST

dlb
In this case, the time value doesn't make any difference because you are banning the IP after just one "attack". I'm worried that a legitimate user may get banned because of a typo, but I can't think of an example of how that could happen. I would be more comfortable with two attacks in forty seconds or three in a minute.

Try it. There is no one right answer. If it works for your site, then that's fine. Keep in mind that if one legitimate user tracks you down and asks why they are banned from your site, there are ten more that didn't bother. At that point, you know you have to loosen it up a bit.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Wednesday, 19 February 2014 06:48 CST

theralph
Thanks Dale.

Remember I have Treat Failed Logins as Security Exceptions set to NO. Doesn't that mean that any legitimate user who makes 10 typos while trying to login will not be banned? Even though I have Auto Block set to after 1 attempt?

You are right about trying it out and seeing what happens but I want to make sure I understand that Auto Block will not trigger a failed login attempt.

Wednesday, 19 February 2014 07:53 CST

dlb
You are correct, a failed login should not trigger the auto ban the way you have it set up. That is why I couldn't think of an example of how it could go wrong. :-)


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Wednesday, 19 February 2014 08:44 CST

theralph
While I have you here, is there a limit to how many redirects I can do in the URL Redirection feature? Do you think it is better performance-wise to do the 301's in the htaccess file? Should I open a new ticket for this question? :-)

Wednesday, 19 February 2014 08:52 CST

dlb
That one is a little outside my comfort zone. The best I could do with it would be to go find my Magic 8 Ball. If you start a new ticket, one of the other guys will pick it up. Thanks.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!