Support

Admin Tools

#19602 Flood protection question

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by mirphi on Monday, 17 March 2014 12:55 CDT

mirphi
 Is there no way in AdminTools to mitigate flood attacks. I have a site that is getting tons of POST requests. I cannot possibly block out each IP by hand though I started to but this is from hundreds (or even thousands) of IPs. I turned on the geographic blocking for Asia and Africa but it doesn't seem to have much impact at all. Site is otherwise up to date, admin folder password protected, .htaccess in place, caching turned on. Yet this nuisance is still really messing up the server with so much traffic. Any suggestions?

dlb
There is not much you can do to stop the attacks at the source, all you can do is prevent them from being successful in breaching your site.

Permanently banning the IP addresses is usually not effective. Hackers don't use their own IP addresses. Banning by country or region is ineffective for a similar reason, they just use a proxy service in a country that isn't banned. What may be of some use is the auto ban feature. When a particular IP address creates X number of attacks in Y minutes, ban that IP for Z length of time. This stops the hacker from using that IP address for a while, but avoids the permanent ban, which will eventually ban legitimate traffic to your site.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

mirphi
Thank you for your swift reply. The auto ban isn't catching any of them unfortunatelly. The IP addresses are strategically staggered and varied. I see that all of the unwanted traffic are POST requests so I added some custom code to .htaccess but it doesn't seem to be making any difference.

RewriteCond %{REQUEST_METHOD} POST
# allow the server to POST to itself
RewriteCond %{REMOTE_ADDR} !127.0.0.1
# allow POST from trusted users
RewriteCond %{REMOTE_ADDR} !123.456.789.123
# send all other post requests to 403
forbidden RewriteRule ^ / [F]

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!