Support

Admin Tools

#33959 main-disable.php doesn't work and I get regularly locked out whilst completing admin tasks

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 26 November 2020 20:17 CST

Tuesday, 27 October 2020 18:10 CDT

UglyEoin

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

 

I've been getting a weird issue where I'm happily working and then I suddenly get locked out.  I'm pretty sure it's the secure word/query in the admin URL, but when you're using Joomla that secure word stops being used, it's only there for the login page.  So it's a bit frustrating for me, and for other less technical users they can't understand it at all, they just blame me for being a bad dev or Joomla! for being a crap system. 

 

To further add to my dismay, I've renamed main.php to main-disable.php and nothing has changed, I'm still a spammer, hacker or otherwise bad person.  By the way that's a very aggressive message, if it's a hacker, the chances are it's a bot or a kiddie script and they won't be reading the message.  Far better to put a message for users such as "you have been locked out due to a security exception, please contact your web master" or something. 

 

Can you think of any reason why I would be consistently getting locked out whilst already logged into the backend?  It didn't give me 3 chances like I'm supposed to get in the WAF rules, it's just once chance banned. 

 

And can you think of any reason why renaming it wouldn't work.  I understand at that point it's not your system at fault, but why wouldn't it fix the problem, can you think of anything obvious server wise?

Tuesday, 27 October 2020 20:20 CDT

dlb

You're probably getting kicked out because your session times out.  You can significantly reduce the problem by increasing the session life in the Joomla! Global Setting screen.

Compounding that problem is your browser.  You know those cute little screen shots of the recent pages you've visited?  The browser sneaks around in the background and takes the screen shot.  And when it tries to screen shot your back end login screen it doesn't use the secret URL.  Admin Tools considers that Strike 1 for you.

You're 100% right about most of the lockouts being bots and script kiddies.  You can change that message in Admin Tools, Configure WAF.

My guess for the failure of the rename to work is that main.php is still in cache.  Until the cache expires or is manually cleared, it doesn't recognize the main-disable.php.



Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Thursday, 26 November 2020 20:17 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2020-11-26 20:17 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!