Support

Admin Tools

#28516 dmin Tools detected security exceptions from 'private network' IP addresses.

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 26 October 2017 17:17 CDT

Tuesday, 26 September 2017 04:50 CDT

Graemezee
Hi Got This messages and checked with my hosting company they say the server is not behind CDN, reverse proxy, external firewall

They say I should not enable it.

I have been under a sustained attack people registering on the site every hour or sometimes a little more frequently I Have cleared the site and reinstalled several times I have in the past manually removed rouge files and since installing your tools I have cleared more files and implemented all your security options including the spam features but these spammers are relentless I run the PHP file scanner very often and have not found any more suspicious files.

But continue to get this message from your tools any idea as to why this might be. could it be as the result of some of the spammer's activity?

Tuesday, 26 September 2017 06:35 CDT

nicholas
If they are 100% positive that they do not use a CDN, reverse proxy (even NginX), cache (such as Varnish) or firewall then an attack from an internal IP address means that their network is compromised, i.e. another server is trying to attack yours. However, this is extremely unlikely since that'd require your site to be served over HTTP through the internal network IP address which is extremely unlikely.

Here's what to do. Set the "Enable IP workarounds" to Yes. You will see that the internal network IPs go away and are replaced by the actual IPs which are causing the security exceptions. Share that information with your hosting provider and demand to speak with second level support / engineers who actually know how their servers are set up so they can confirm exactly what in their stack is using X-Forwarded-For HTTP headers.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 26 October 2017 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!