I manage 100+ sites with admin tools installed, since many of the sites on same IP address I can see often the same offending IP address reports of CSRF Shield Security exemptions on 20+ sites, one thing that would be nice is rather than letting the same hacker attempt to hack all my clients sites until he is luck a shared IP ban / blacklist that they can all add to and access, adding to the overall security of the group of sites. Im not sure if this is a good idea or easy to implement or not.
#19900 feature request: multisite shared IP blacklist
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by tampe125 on Thursday, 24 April 2014 09:59 CDT
Wednesday, 23 April 2014 10:26 CDT
user80935
Thursday, 24 April 2014 04:20 CDT
tampe125
Akeeba Staff
Hello Ryan,
There are practical reasons why this kind of feature is not implemented:
If you observe the same IPs attacking your sites, you can simply use your server's Apache configuration file or your server's iptables firewall to block these IPs.
In fact, blocking at the firewall level means that you also gets far lower load on your server as Apache, PHP, Joomla!, MySQL and Admin Tools do not have to run in order to block an attacker.
There are practical reasons why this kind of feature is not implemented:
- Security model. It's really hard to make an API that's efficient and secure for exchanging IP blocking information. If someone manages to circumvent the chosen security model they can lock out the admin and unlock the access to their own attack bots.
- DDoS. If a site is under attack by a botnet it will generate too many requests to the other sites, ending up in the server going down. Essentially, the security solution will become the server's Achilles Heel
If you observe the same IPs attacking your sites, you can simply use your server's Apache configuration file or your server's iptables firewall to block these IPs.
In fact, blocking at the firewall level means that you also gets far lower load on your server as Apache, PHP, Joomla!, MySQL and Admin Tools do not have to run in order to block an attacker.
Davide Tampellini
Developer and Support Staff
🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thursday, 24 April 2014 09:52 CDT
user80935
that makes sense, thank you so much for the detailed solution.
Thursday, 24 April 2014 09:59 CDT
tampe125
Akeeba Staff
You're welcome!
Davide Tampellini
Developer and Support Staff
🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!