Support

Admin Tools

#28689 Duplicate Security Exception Notification

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 03 December 2017 17:17 CST

Friday, 03 November 2017 06:37 CDT

aschuch
Hi,
my Admin Tools Pro is running smoothly, however, I am getting security exception mails on a regular basis. The problem is that I always get it twice. Two mails with the same content (see below).

I looked everywhere, but I don´t know, where to change it to one time only. Any idea?

Thanks a lot,
Al




Hello,
We would like to notify you that a security exception was detected on your site .... with the following details:
IP Address: 77.43.144.123 (IP Lookup: IP Lookup)
Reason: Admin directory
If you are the administrator of this site and have blocked yourself on accident please visit ...... is the email address of your (Super User) account.
If this kind of security exception repeats itself, please log in to your site's back-end and add this IP address to your Admin Tools's Web Application Firewall feature in order to completely block the misbehaving user.
Best regards,
.....

Friday, 03 November 2017 06:50 CDT

tampe125
Hello,

if you take a look at the Security Exception page, do you see one or two entries for the same IP and exception type?
Which addresses did you set in the Configure WAF page?

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 03 November 2017 07:10 CDT

aschuch
Thanks for quick reply, David.


Just looked up the security exceptions log - indeed: all exceptions are twice there as well. Like this:
2017-11-03 12:34:26 CET 188.32.245.134 Admin directory https://www.MYDOMAIN.com/administrator/
2017-11-03 12:34:26 CET 188.32.245.134 Admin directory https://www.MYDOMAIN.com/administrator/


For these features, I used exactly the same eMail address, to answer also your second question:
Email this address on security exceptions
Email this address on successful backend login
Email this address on failed administrator login


Thanks, Al

Friday, 03 November 2017 09:04 CDT

tampe125
Ok, so that's the expected behavior: the attacker is performing a bruteforce attack on your backend login page (most likely trying different password).
This means that he sends several requests at the same time, that are blocked by Admin Tools and you get the same email.
So nothing to worry about, Admin Tools is doing its job :)

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 03 November 2017 10:15 CDT

aschuch
OK - thanks for info! Hope this attacker stops one day, but I guess its an automated attack...

Sunday, 03 December 2017 17:17 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2017-12-03 17:17 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!