Support

Admin Tools

#39728 regular attack

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.4
PHP version
8.1.13
Admin Tools version
7.4.2

Latest post by HDcms on Tuesday, 31 October 2023 06:37 CDT

Monday, 30 October 2023 09:31 CDT

HDcms

Hi

1/ A site manager informs me that a site regularly suffers attacks; I think the site is well protected, however I wonder about the seriousness and what additional measures should be taken. View emails received approximately once/week:

IP Address: 54.74.221.122 (IP Lookup: https://ip-lookup.net/index.php?ip=54.74.221.122)
Reason: phpshield

IP Address: 2.59.188.25 (IP Lookup: https://ip-lookup.net/index.php?ip=2.59.188.25)
Reason: template

IP Address: 109.234.36.107 (IP Lookup: IP Lookup)
Reason: 404 Shield

IP Address: 2.59.188.25 (IP Lookup: https://ip-lookup.net/index.php?ip=2.59.188.25)
Reason: adminpw

IP Address: 165.22.50.209 (IP Lookup: IP Lookup)
Reason: 404 Shield

2/ is it possible to keep receiving emails only if the attack could pose a significant and urgent problem? otherwise the risk is to deactivate these numerous alerts

3/ to replace this email alert, where can I find the attack history?

 

Regards

Monday, 30 October 2023 10:22 CDT

nicholas

Let Admin Tools do its job and turn off all the emails about blocked requests.

Seriously, Admin Tools is there to block requests which are suspicious. When there are a lot of requests coming from the same IP, which means they are likely trying to attack you, it blocks that IP address for a while. If that keeps happening, they get the IP address permanently banned. That's what Admin Tools does. Let it do what it's meant to do. Don't try to interfere.

To remove the temptation of interfering, turn off emails about blocked requests. You can always see the history of blocked requests in Admin Tools, Web Application Firewall, Blocked Requests Log.

Tell your client that the entire reason of having a security solution is that you cannot control who, when, and how hard will try to attack you. Its job is to block these attacks, and it already does. He seems to be under the impression that having a security solution will result in no attacks taking place. That's an unrealistic expectation. 

You may also want to disable the graphs which appear by default on the right hand side of Admin Tools' main page. This setting is in the component's Options page. Remember what I have documented about these graphs:

The graphs on the right hand side display the number of blocked requests logged (potential attacks Admin Tools Professional has protected you against), their distributions by type and a few statistics about them, e.g. how many requests were blocked in the last year, month, week, day and so on. Please note that the number of requests blocked IS NOT MEANT TO BE USED AS A MEASURE OF HOW WELL ADMIN TOOLS PROTECTS YOUR SITE. The number of requests blocked depends on EXTERNAL FACTORS, namely how many attacks were launched against your site in a period of time. Most sites will experience a great variance of this metric over time. It is perfectly normal and very common to see just a handful or no attacks for days or months at a time, then a short but sudden burst of hundreds to thousands of blocked requests over the span of a few hours to a few days. The idea behind the graphs is to make you aware of these spikes which indicate that a malicious showed an interest on attacking your site. The graph showing the types of attacks is a good indication of what they tried to use when probing or attacking your site. That's all there is to it. These are not Key Performance Indicators (KPIs), they are just a quick glance at the information you could extract by poring over the blocked requests log yourself.

https://www.akeeba.com/documentation/admin-tools-joomla/using-the-component.html#control-panel

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 31 October 2023 06:37 CDT

HDcms

Ok Thanks

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!