Support

Admin Tools

#28824 site ip blacklist

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by gere0818 on Tuesday, 05 December 2017 05:59 CST

Monday, 04 December 2017 18:39 CST

gere0818
I originally thought that the geographic blocking was not working, and then read the ticket where you explained the process very well. When we get an e-mail about an attempt on the admin query string, it tells us to do the following.

If this kind of security exception repeats itself, please log in to your site's back-end and add this IP address to your Admin Tools's Web Application Firewall feature in order to completely block the misbehaving user.

I have done this so often, I'm now getting a warning about too many entries in the site ip blacklist causing possible performance issues.

Is there a way to determine that the geographic blocking is working? If so, can I delete the entries in the site ip blacklist? What would you recommend.

Thanks in advance for your advice. I greatly appreciate your help.

Tuesday, 05 December 2017 01:22 CST

nicholas
Let's read the suggestion you are receiving in the email together. If you get too many (hundreds!) of messages from the same IP in a short amount of time (minutes) then you might want to manually block the IP address. It does NOT (let me stress this: absolutely NOT) tell you to go ahead and start blacklisting IPs manually.

IP blacklisting should ideally be temporary and automated. This is something that Admin Tools has been able to do for the last 7 years, through the automatic IP banning. Since the last two years it's also able to automatically manage the permanent IP blacklist. I would recommend deleting the entries in your IP blacklist and let Admin Tools handle it.

Regarding your point about Geographic IP Blocking, it's irrelevant to what we're discussing. The attempts you see come from countries other than the ones blocked by GeoIP blocking.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 05 December 2017 05:59 CST

gere0818
I will delete as you suggested. I have all countries blocked except the United States, and Canada. We are a small church focused on our area of the world. Recently we were hacked, and I upgraded everything on our site to help harden it. I really appreciate the new .htaccess tool in the admin tools. It should really help.

Almost all the attempts to access the wrong admin url resulting in "Admin Query String", template= in URL, MUA Shield, SQLi Shield, etc from countries that are blocked in our configuration. Which is why I asked. I did not see the "(hundreds!)" in the automated notices in my e-mail since the upgrade. I will see if I can add that for future admins.

Thanks for your help again, please close this ticket.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!