Support

Admin Tools

#20033 Admin Tools Blocking Users IP

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 11 June 2014 18:00 CDT

Thursday, 08 May 2014 23:45 CDT

user69672
 I have a social networking website on which Admin tools detect and report dozens of security exceptions due to all the reasons the tools are designed for including ipwl, Admin IP Whitelist, and CSRF Shield everyday.

The down side is that for some reason the Admin tools is blocking the IP addresses of people who regularly log on the site for blogs, articles or images posts (note that most of these people work for me as the site is new and has a low number of visitors). I am able to delete these users' IP addresses from the blocked list and add them to the firewall's IP Whitelist.

However, my concern is that there are some false negatives that trigger these IP block and could be blocking my site's visitiors IP even-though some of these visitors are not the bad guys.
Is there anything I can do to make sure that the Admin tools are blocking the IP addresses of the bad guys?

Thanks

Friday, 09 May 2014 02:06 CDT

tampe125
Hello Oscar,

first of all we need to know the reason of the block.
In the log page, you will find the reason and the attacked URL. Can you please post them here?

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 09 May 2014 10:59 CDT

user69672
Hi Davide,
Please see attached the security breach log from my site.
Edited by user69672 on 2014-05-09 11:01 CDT

Friday, 09 May 2014 11:03 CDT

user69672
Davide,
Sorry, the attachment of the log files didn't work the first time. I am resending them again.
Please see them here attached

Monday, 12 May 2014 02:14 CDT

tampe125
Regarding the CSRF, Admin Tools injects an hidden field inside ever form, then, after submitting it, it checks if the field is not present inside the request.
Since it's an hidden field, only a bot scanning the HTML source can fill it, so the request is blocked.
However, I think something "strange" is happening to the page, most likely the extension you are using modifies the form before submitting.
I suggest you to create an exception for that component, so you can turn off WAF only for that extension.

Regarding the IP whitelist, when an user gets banned (and he shouldn't) it means that his IP changed.
You can only turn off this feature, since your users have dynamic IPs that change quite frequently.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 11 June 2014 18:00 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2014-06-11 18:00 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!