Admin Tools

#28666 Ip not listed

Posted in ‘Admin Tools for Joomla! 4 & 5’

This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version

n/a

PHP version

n/a

Admin Tools version

n/a

Latest post by dlb on Thursday, 26 October 2017 12:17 CDT

Thursday, 26 October 2017 11:24 CDT

2EZZgZcQlt6YfNlJCEXx

Ip is not listed on a few mew security exceptions Instead I see the attached.

Thursday, 26 October 2017 12:06 CDT

dlb

This is an attack on Joomla! versions 3.4.5 and prior. Your up to date version of Joomla! is not vulnerable and Admin Tools is stopping it anyway. The attack works by putting executable code in the from IP field and tricking the old version of Joomla! into executing it. We've seen a rash of these attacks over the past two weeks.

Dale L. Brackin
Support Specialist

English: native

Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Thursday, 26 October 2017 12:09 CDT

2EZZgZcQlt6YfNlJCEXx

Should I click the red flag on these to turn them green or just leave them?

Thursday, 26 October 2017 12:17 CDT

dlb

This particular attack is no threat to your site. Permanently blocking IP addresses is ineffective. Hackers don't use their own IP addresses. They use a dynamic IP, proxy server or a compromised computer. In almost all cases, you're just blocking an IP address that may be used by a legitimate visitor at some point in the future.

Temporary blocks are a different matter. It will stop a bot simply going through a list of IP addresses from attacking you. An IP blacklist is trivial for a human attacker to bypass, they just use another IP in their collection. The temporary ban stops the hacker from using that IP for the duration of the ban without blocking future legitimate users.