Support

Admin Tools

#28394 Admin Query String

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Saturday, 14 October 2017 17:17 CDT

Wednesday, 06 September 2017 15:55 CDT

Hadschi
Hi
The last few days my site is attacked by "Admin Query String". They change the IP very often. I already disabled different countries (the most of them are Brazil and east of Europe). Still I have different European countries (e.g. Italy, Greece) or USA. What else can I do to avoid this? I aleady changed the administrator URL after they tried to enter there.
Thanks a lot
András

PS: I'm happy to have admin tools!

Wednesday, 06 September 2017 16:07 CDT

dlb
András,

If they are hitting the Security Exceptions Log, they aren't getting in. You don't have to do anything.

Using the Secret URL Parameter is one way of hiding the login page and making it nearly impossible for them to try to log in. I think that is what you already did. The other thing is to password protect the /administrator folder. This will ask for an additional user ID and password before the Joomla! login screen appears. This works at the server level and is a little more "heavy duty" than just hiding the login screen.

Note that when you use the Secret URL Parameter, you still get entries in the log because they tried to access the administrator login screen. It doesn't mean that they guessed the secret.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Thursday, 14 September 2017 15:54 CDT

Hadschi
Thanks a lot, is it not possible, that akeeba uses Blacklists like https://www.myip.ms/browse/blacklist/1/lastblacklistID/50 ?

András
Edited by Hadschi on 2017-09-14 15:55 CDT

Thursday, 14 September 2017 16:10 CDT

dlb
Hackers don't use their own IP address. So when you block an address, you are blocking a stolen IP, a dynamic IP, a proxy server, etc. The hacker just moves on to the next IP in their collection.

You can user GeoIP blocking, and that may stop some of the bots, but it is trivial for a human to bypass a GeoIP block. They just use a proxy server in an allowed country.

If you get too many IPs blocked, you will start to affect the speed of your site. Every IP takes time to check and see if it's in the block list. Not much time, but it all adds up.

Yes, you may be able to come up with a blacklist rule that will block them, but there are reasons why you shouldn't.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Saturday, 14 October 2017 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!