Support

 Having a problem when auto banning is enabled with it kicking us out on the first offense if we get auto logged out of the site in the background but then click something in Joomla.

So like if you leave the admin in up for a bit and then go back and click something but you';re logged out.

It almost always bans us.

We are also using the "Administrator secret URL parameter" if that matters.

settings: http://prntscr.com/6i5h2f

Any ideas besides whitelisting our IP?

Your session is expiring, that is what is logging you out. You can increase the leangth of your session to reduce the problem. Normally, auto ban gives you more chances than one. You set the number of "attacks" that need to happen within the time frame in the WAF setup screen.

If you already have auto ban set to more than one, note that you must clear the blocked IP address from the Security Exceptions Log when you unban it. If you don't clear the log, you'll just get banned again. You can search by IP then delete all the records.

Thats what i mean, it does it on first offense, why would it do that?

I think I'm reporting a bug?

1. Under Web Application Firewall, WAF Configuration, on the Auto-ban Repeat Offenders tab, what values do you have in the Block After line?
2. You need to clear the banned IP address from the Auto IP Blocking Administration list and you need to delete the IP from the Security Exceptions Log. Did you do both of these?

http://prntscr.com/6i5h2f thats the link I posted with my settings above.

Says 3 attacks in 1 hour

i have emptied the security expceptions log, I hadnt before in case you needed to see it and also they werent from within an hour.

here'[s a screenshot of them before I deleted them

http://prntscr.com/6il3t5

You can add this IP to the "Never ban these IPs" list and make it all go away.

Some of these are timeout errors, you can reduce that by increasing the session timeout in Global Configuration, on the System tab, increase the Session Lifetime setting.

The Login Failures are obvious, they are mistyping their password. That's (almost) a good thing, you don't mistype "123456". If that is an ongoing problem, using a simple password in combination with a YubiKey might be a solution.

I can't identify the ones that end in "token=directive". That seems to be something unique to your site.

The ban occurs when an exception happens and Admin Tools looks at the log and finds two other exceptions within the one hour period that you have configured. If you unban the IP and there is another exception, Admin Tools looks at the log again and decides again. That's why you have to clear the log, you can't just clear the IP from the ban list. I can see several cases where there were more that three exceptions within the hour time limit.

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.