Support

Admin Tools

#41042 I recieve still emails "Do not send email notifications for these reasons"

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.4.7
PHP version
8.2
Admin Tools version
7.5.4

Latest post by nicholas on Wednesday, 28 August 2024 02:41 CDT

Tuesday, 27 August 2024 12:34 CDT

digiwide

I have in Configure WAF under Logging and reporting standing:

Do not send email notifications for these reasons: 404shield; login faillure.

Also now under "Do not log these reasons"

But I get still emails with Login Faillure.

What must I do to stop those emails? A bug perhaps?

 

Hello,

We would like to notify you that a security exception was detected on your site, divbio science europe, with the following details:

IP Address: 136.144.245.247 (IP Lookup: https://ip-lookup.net/index.php?ip=136.144.245.247)
Reason: loginfailure

If this kind of security exception repeats itself, please log in to your site's back-end and add this IP address to your Admin Tools's Web Application Firewall feature in order to completely block the misbehaving user.

Best regards,

The divbio science europe team

 

Edited by digiwide on 2024-08-27 12:35 CDT

Wednesday, 28 August 2024 02:41 CDT

nicholas

You are confusing two very different features with very different reasons of existence. I understand why that happened, and I will try to explain it to the best of my ability.

The “Login failure” reason corresponds to the “Treat failed logins as a reason for blocking the request” feature. Emails and logging for this reason can be suppressed by adding “Login failure” into “Do not send email notifications for these reasons” and “Do not log these reasons” respectively. I retested it manually just now, verifying that it does work as it should.

However, there is another feature which can send you an email on a failed login. It's the “Email this address on failed backend login” under Logging & Reporting. This will send you a (slightly different) email whenever someone fails to log into the backend (administrator area) of your site. This is not a blocked request, and nothing is logged. As a result, the aforementioned “Do not send email notifications for these reasons” and “Do not log these reasons” have no effect on it. The only way to suppress these emails is, naturally, to remove the email address from the “Email this address on failed backend login”.

The login failure feature is designed to elevate failed logins (in the frontend OR the backend) to blocked requests. As a blocked request, it will count towards the metrics which result in automatic temporary and permanent IP bans. The “Email this address on failed backend login” feature is a purely information feature. It is there just to send you an email if someone failed to log into the backend of your site. It's there to help you catch situations where someone has gone past your first line of defense (administrator directory password protection, secret URL parameter, …) and is now trying to do a brute force or credentials stuffing attack on your site. It will also catch the situation where a member of your staff keeps having trouble logging into the site because they keep trying their username or password wrong. That's why these are separate features even though at first glance you might think they are overlapping.

Now, if you look at the very bottom of your screenshot you will see that you do have an email address in the “Email this address on failed backend login” option. Remove it, and you will no longer receive emails about failed administrator logins.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!