Support

Hello Bernhard,

There is a reason why we have a very small message which is not rendered as an HTML page. When someone's IP is blocked (blacklisted manually or automatically, blocked by GeoIP restrictions, Project HoneyPot etc) they are supposed to be a hacker, spammer or another nefarious type with a great level of certainty. They are also very likely to be trying numerous attacks in a small amount of time. You want to block them spending the least amount of time possible, otherwise their barrage of attacks will result in denial of service for your site. This explains quite a few choices we made with regards to this feature:

• There is no tracking of how many attacks a blocked IP has attempted in a period of time. Doing so would require writing and retrieving big amounts of information from the database which would amplify the CPU usage on your server and result in a denial of service. This leads to all access attempts from a blacklisted IP to be treated the same.
• For the same reason you do not receive emails or any other kind of notifications when a blocked IP tries to access your site. Sending an email is really slow and would result in a denial of service really quickly.
• Rendering a full HTML page can take between 300 to 5000 msec, depending on the extensions installed on your site. Rendering a stark message and terminating the application immediately takes less than 50 msec. That's one to three orders of magnitude faster, therefore it allows your server to handle a bigger number of access attempts from blocked IPs before risking a denial of service.

If we allowed you to render an HTML message like you asked it would partially beat the purpose of blocking IPs. If there was a legitimate reason to block those IPs your site would have suffered a self-inflicted denial of service. So much for protection, right?

At best you can create a small message pointing the users to a static HTML page on your site. For example:

Access denied for your IP. <a href="http://www.example.com/blockedip.html">Click here for more information</a>.

Where www.example.com is to be replaced with your own site's domain name. The blockedip.html is a static HTML file placed in your site's root with your message in multiple languages. If a real human bumps into the message they will click on the link and see the static HTML page with the lengthier explanation. Bots and hackers won't bother, therefore saving you server resources in the case of real attacks while offering a more user friendly experience to legitimate users inadvertently blocked.

If you are wondering why this would work: Static HTML pages are served directly by your web server without going through Joomla!. Since Admin Tools only runs inside Joomla! it won't block access to the static HTML pages.

You're welcome :)

Oops, that's a bug in the current stable of Admin Tools. Please use this developer's release: https://www.akeebabackup.com/download/developer-releases/admin-tools-professional/revb651745.html I've tested my instructions for the custom message and now it works exactly as it should. Sorry for having you hit a bug!

Ugh, I only committed the code to fix the security exception message, not the IP block message. Let me try again. New dev release https://www.akeebabackup.com/download/developer-releases/admin-tools-professional/rev2e50e68.html

Hello Barnhard,

I have not changed the email templates since they were first introduced :) I think you may have accidentally changed these email templates when trying to solve the problem the past weeks and just forgot about it?