Support

Admin Tools

#22167 Trusted ip gets blocked

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Friday, 27 February 2015 08:49 CST

Friday, 27 February 2015 08:12 CST

oorzaak
Hi Nicholas,

One of my customers gets blocked from their own site by AdminTools repeatedly. After that I've put them on the whitelist so this will not happen again. But I would like to find out why this happened. When viewing the security exceptions log I see login failure as the reason. IP blocking is set to block after 3 attacks in an hour. Is one login failure considered as an attack?

Kind regards, Frits

// some editing done to make my question more clear
Edited by oorzaak on 2015-02-27 08:13 CST

Friday, 27 February 2015 08:15 CST

tampe125
Hello Frits,

if you have enabled the option Treat failed logins as security exceptions, then yes, they will be considered an attack and then you could be blocked if you fail to provide the correct access details.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 27 February 2015 08:18 CST

oorzaak
Hi Davide,

So 1 login failure = 1 attack?

I mean I have no clear idea of the definition of an attack.


Frits

Friday, 27 February 2015 08:33 CST

tampe125
So 1 login failure = 1 attack?
Yep, if that option is enabled this is how they are treated.

Instead of attack, we call it "security exceptions".
What's a security exception? Well, that's up to you to enable different protections using the WAF configuration page. You can block several things, please take a look at the documentation for further details on how configure Admin Tools

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 27 February 2015 08:39 CST

oorzaak
Ok thanks. They are working in a large office with many users who all share the same ip - though I don't think many of them are supposed to (try to) log into the Joomla back end.

I think I should leave "Treat failed logins as security exceptions" engaged as this would also block brute force attacks, wouldn't it? Maybe I could just set the threshold a bit higher.

Frits

Friday, 27 February 2015 08:49 CST

tampe125
Yes, that's a good idea.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!