Support

Admin Tools

#31402 Frontend login attempts

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Monday, 22 July 2019 17:17 CDT

Wednesday, 29 May 2019 20:36 CDT

Doomster
I am so sorry for this ticket. Not what I wanted to do.
My Frontend logins are ridiculous and I was trying to find out how to block these from the same IP but everything is old that I have found. Set logins as exceptions also 3 in 1 but it does not seem to catch them to autoban. Don't know why in this last year people try to do this so much. Did not see that Joomla had a login vulnerability.
I must be doing something wrong. Any help would be appreciated.
Thank you.

Thursday, 30 May 2019 00:07 CDT

nicholas
Go to Admin Tools, Web Application Firewall, Configure WAF and set "Treat failed logins as security exceptions" to No. Alternatively, if you want to stop the emails but still log these attempts and auto-block them find the "Do not send email notifications for these reasons" option and add "Login Failure" to it.

Please note that an increased number of failed login attempts DOES NOT IN ANY WAY mean that there is a vulnerability on your site. These are brute force attacks, i.e. idiots trying a large number of usernames and passwords hoping that they will guess a combination right. They will try that on every site. It does not say anything for your site or the software it's running on.

The auto IP block does work. However, you need to know how Joomla works. The login events are processed before onAfterInitialize (the earliest entry point where third party plugins can hook into). This means that a failed or successful login is processed first. Then, Joomla runs onAfterInitialize. We hook on the failed login event to record the failed login attempt. In the next millisecond Joomla runs the onAfterInitialize, we see that the IP is blocked and we block that access. Because of the order of the events the login event is ALWAYS logged, even from autoblocked or manually blacklisted IPs. There is nothing we can do about it as I have explained multiple times over the last 9 years :)

So, all good with your site. Don't worry.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 22 July 2019 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2019-07-22 17:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!