Support

Admin Tools

#32998 Error 404: URL invalid

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 10 June 2020 17:17 CDT

mvasilescu
In the last two weeks our website receive lots of wrong pages requests from allover the world.
What's the best approach to deal with this kind of requests, beside the 404 No Page Fund redirect?

Thanks for your time and support.
Mark

dlb
Mark,

Take a look at the 404 Shield. What it does is make the 404 a security exception so your auto-ban settings will work against the IP address trying the attack.

Go to Web Application Firewall, Configure WAF, on the Cloaking tab. Note that 404 Shield needs to be activated with the switch. Then you can put partial URLs in the second field that will trigger the security exception. You can see several common WordPress URLs that should never be seen for a Joomla! website as samples.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

mvasilescu
Dale,

Thanks for comeback to me. In the Cloaking tab, the 404 Shield is CHECK and in the second 404 Shield field is ad one by one a partial requested address.

Even that, some of the added addresses like "wp-info.php", the 404 is triggered again by repeated requests.
Also, noticed that the same page request is generated from same and/or different country that have different IP address.

Did, I miss something or I have to do other think to block such behavior?

Thanks for your help and support
Mark

dlb
Mark,

The 404 Shield won't stop the 404 errors, they really are 404 errors. What it does is makes them a security exception so your auto-ban settings can ban the IP addresses if they meet the ban criteria. Depending on your auto-ban settings, that should reduce the number of 404 errors you see.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

mvasilescu
Dale,

I readjust the AUTO-BAN to :
Block after 1 attacks, in 1 Day / Block for this long 1 Day
Permanently blacklist IP after 1 automatic IP blocks.
Probably, this is drastic, But. I hope will stop the "COVID-19" :-))

Hope you and your are safe and well.

Thanks
Mark

mvasilescu
So, please advice about the Auto-Ban best settings.

Thanks.
Mark

dlb
Mark,

I think your auto-ban settings are too tight. That's going to ban folks who typo their password.

How about using Bad Words instead? Set up Covid as a bad word (wouldn't we all love to do that!) and let the Bad Words filter keep it out.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

mvasilescu
Dale,

Thank you for idea. I will implement and report back in few days about the result.

Until then, stay safe, and lovely.
Mark

mvasilescu
Hi Dale,

I implement the Bad Words filters and DO NOT WORK.
Definitely, this is an attack from hacker/crawling boot requesting inexistent pages ( NOT a bad links ) with spoofed IPs allover the world. Blocking the IPs will not serve any good and adding approx. 500 / day errors in 404 Shield field will not stop this kind of attack.

Any further idea how to prevent that?

Thanks
Mark

dlb
Mark,

Blocking the IPs for a short time will just make the bot use a different one. You're trying to annoy the hacker. Banning the IPs for a long term is definitely not productive. And you run the risk of banning the IP of a real visitor.

You can't really stop him. You have to wait until he gets bored and goes away. There are some heavy duty tools like CloudFlare that can stop a DDoS attack, but that is not trivial to set up.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

mvasilescu
Dale,

Base on your advise I add the 404 error links in 404 Shield and in Anti-spam Bad Words.
Now the 404 errors is intensifying, which cis clear indication of wrong approach from our part.
Any further thoughts will be welcome.

Thanks
Mark

dlb
Mark,

I don't think increasing your defenses is the wrong approach. The attacker has noticed that you're shoring up your defenses and has increased his efforts. What exactly he's trying to do is unclear. He doesn't appear to be probing anything. The level of attack is not really effective as a DDoS attack, there 's not enough traffic. It looks like it's just a script kiddie.

There is a write up in our documentation here.

And Nicholas' comments were:
Admin Tools is designed to BLOCK attacks. You cannot PREVENT attacks. Attacks are not under anyone's control except for the attacker's.

What he's doing right now makes sure that his site fends off the attacks. Exactly as it should.



Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

mvasilescu
Thank you guys for further enlighten.

All the best
Mark

dlb
You're welcome!


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!