Support

Hello, how are you?
Recently I bought your AdminTools Pro component as I was suffering from constant hacker attacks. They were inserting files inside my sites and changing some files as well. And after that we saw a very big improvement. However I have some doubts regarding its configuration and its operation. Initially I just performed the quick setup as requested. Soon after that I saw that some ips tried to access my site, but I used the blacklist feature and the ability to block by countries and continents. So far so good!

The more I think for the security of my sites to be complete, I must do something more. Can you instruct me to make my sites safer?

I would also like you to explain to me in a simple and straightforward manner what these types of attacks are. For I did not understand their meanings.

These are:

MUA Shield
RFIShield
DFIShield
template = in URL
tmpl = in URL

What do these codes mean?
Were they able to enter my site? Or was this just a warning?


I'm sorry for so many questions.
God bless you!

Hackers don't use their own IP addresses. So when you use a permanent ban, you aren't banning the hacker, you're banning someone else's IP. Sooner or later you will ban the IP of a legitimate user. Hackers use dynamic IP services, proxy servers or compromised computers that they control.

Use the auto ban feature against these guys. It bans the IP for a short time, long enough that they have to move on or use another IP in their collection. If they reuse the IP over and over, you can set the ban so that it is permanent. You can't stop them from trying, the object is to make sure they don't succeed and to make the effort more trouble than it's worth. Make them go find a softer target. If you have too many blacklisted IP addresses, it will eventually slow your site down.

The GeoIP bans work against automated bots but they are trivial for a human attacker to bypass. They will just log in through ahttps://www.akeebabackup.com/documentation/admin-tools/waf-log.html#waf-log-reasons

The explanations for the codes used in the Security Exceptions Log can be found here: https://www.akeebabackup.com/documentation/admin-tools/waf-log.html#waf-log-reasons.

1 - You said that if you have many IP addresses in the black list, it will eventually slow down your website. What does that mean?

2 - How can I configure this feature of self prohibition more strictly?

3 - Because my site is very specific and with a small audience, I can do the blocking by countries or via continent. Leaving only my country, and I know that this is already enough. Now I ask for your opinion: Do you think it is a problem to make this type of block?

Regards,
Bruno Cotta.

Bruno,

1. For each request that comes into your site, Admin Tools has to check it against your IP Blacklist and the Auto-ban list. This takes time. Not a lot of time, but some. As the list grows bigger, the amount of time increases. At some point, the delay becomes noticeable by your users. So you don't want thousands of IPs in your blacklist.
2. You need to find a balance where your "all thumbs" users can mistype their password and not get locked out but you still catch the bad guys. At one point, I had mine set for three exceptions in thirty minutes to block. I looked at the exception log and saw that one IP was hitting my site every thirty-one minutes. So it's a game, there is no one right answer..
3. Using GeoIP blocking will reduce your attacks. But it is not hard for a human attacker to bypass these restrictions. In addition, you need to not block the United States if you want Google to find your site.