Support

Admin Tools

#19665 Block ip immediatly on some attacks

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Monday, 24 March 2014 09:15 CDT

Chabi01
 Hi,
I have many different attacks on my websites.
With these attacks, i have some mistakes from visitors when they log in.
To protect the sites, I block ip after 3 errors.
The problem is the following : when it's real attack, it's fine, but when it's a visitor, I have to unblock the ip manually (as the system cannot know what is a real hacker and what is a mistake).

However, some blocked attemps are always attacks, for example, the uploadshield, DFI, etc..

Is there a way to immediatly block the ip from some kind of attacks but leave for example 3 chances for people who can make mistake when they try to login ?

tampe125
Akeeba Staff
Hello Xavier,

I'm sorry but there isn't a block limit based on attack type ;(

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chabi01
So, do you have a alternate solution for this matter ? Even outside AdminTools ?
It's very very annoying thing (i'm polite...) and take me a lot of time to sort good and bad...
Thanks :)

tampe125
Akeeba Staff
Well, if the only problem is the login failure, you can play with the settings.
First of all, do you really need them?
Usually attackers will try to login as Super Users in the backend, so you can protect it with a secret param and disable access on frontend to Super Users.
However, if you still need this feature, you can try to raise the number of attempts and/or the timespan: automatic attacks are performed in a very fast succession, so you should be able to filter them out.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chabi01
Hi again,
Well, i don't see exactly how to do what you say..
When users are blocked, that's from the frontend login (for example, on a Virtuemart account).
My admin is protected with an htaccess-htpassword.
I don't see how to put in place what you are writing with e "timespan".
I have attempt from real hackers from different ip and some are very closed and some are made with several minutes of distance.
As i block the admin access, they cannot attack by guessing the admin password and login, so now they try with file inclusion...

tampe125
Akeeba Staff
In the WAF configuration page you have and option called Block after, where you can set the number of attackd required in a period of time to ban the IP.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Chabi01
Ok, thanks.
I previously set up on "3 attacks in 1 hour". I will try shorter delay.
If you hear about a way to block an ip on some kind of attack, please email me : it's in fact a very important needs (for all the websites i have to manage)
Thanks for the help :)

tampe125
Akeeba Staff
You're welcome!

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!