Support

Documentation

Security Exceptions Log

The Security Exceptions Log viewer page

A firewall is worth nothing if it can't log the attempts to override it. Most usually you will see that the same kind of attacks are coming from the same IP addresses over and over again. Using this log viewer facility you can dive into the log, spot those IPs and note them down so that you can ban them (put them in the Blacklist).

Below each IP there is a link reading Add to Black List or Remove from Black List. Clicking the former will add the IP address of the relevant record to the IP Black List and that IP will be denied access to your site. The latter removes the IP address from the black list.

[Note]Note

If you want to unblock someone who got their IP inadvertently blocked you will have to remove all records belonging to their IP address in FOUR (4) places: Site IP blacklist, Security Exceptions Log, Auto IP Blocking Administration and Auto IP Blocking History.

List of blocking reasons

The block reasons, listed in the log and optionally sent to you by email are the following. The "Code" is what you need to enter in the "Do not log these reasons" or "Do not send email notifications for these reasons" options in WAF configuration to prevent these security exceptions from being logged or trigger an email respectively.

404 Shield

Code: 404shield

See the Configure WAF page, 404 Shield. The request was blocked by Admin Tools.

Admin Query String

Code: ipwl

Someone tried to access your site's administrator section but he didn't provide the secret URL parameter. Admin Tools blocked him and prevented him from seeing the login page at all.

Admin IP Whitelist

Code: adminpw

Someone tried to access your site's administrator section but his IP was not in the Administrator IP Whitelist. Admin Tools blocked him and prevented him from seeing the login page at all.

Site IP Blacklist

Code: not applicable

Someone tried accessing the front- or back-end of your site but his IP is in the IP Blacklist. Admin Tools blocked him and didn't allow him to see the content of your site.

SQLi Shield

Code: sqlishield

See the Configure WAF page, SQLiShield protection against SQL injection attacks. The attack was blocked by Admin Tools.

Bad Words Filtering

Code: antispam

The request contains one of the Bad Words you have defined and was blocked by Admin Tools.

tp=1 in URL

Code: not applicable

Only for Joomla! 1.5, see the respective option in the Configure WAF page. The attack was blocked by Admin Tools.

tmpl= in URL

Code: tmpl

See the Configure WAF page, Block tmpl=foo system template switch. The attack was blocked by Admin Tools.

template= in URL

Code: template

See the Configure WAF page, Block template=foo site template switch. The attack was blocked by Admin Tools.

MUA Shield

Code: muashield

See the Configure WAF page, Malicious User Agent block (MUAShield). The attack was blocked by Admin Tools.

CSRF Shield

Code: csrfshield

See the Configure WAF page, CSRF/Anti-spam form protection (CSRFShield) . The attack was blocked by Admin Tools.

Bad Behaviour

Code: not applicable

See the Configure WAF page, Bad Behaviour integration. The attack was blocked by Admin Tools. NO LONGER PRESENT SINCE ADMIN TOOLS 2.5.3

RFIShield

Code: rfishield

See the Configure WAF page, Remote File Inclusion block (RFIShield). The attack was blocked by Admin Tools.

DFIShield

Code: dfishield

See the Configure WAF page, Direct File Inclusion shield (DFIShield). The attack was blocked by Admin Tools.

UploadShield

Code: uploadshield

See the Configure WAF page, Uploads scanner (UploadShield). The attack was blocked by Admin Tools.

XSSShield

Code: xssshield

(Only on older sites) Cross Site Scripting block (XSSShield). The attack was blocked by Admin Tools. This has been removed in Admin Tools 3.6.7 as it was throwing too many false positives (legitimate requests being blocked).

Geo Block

Code: geoblocking

Someone tried to access your site's front- or back-end but his IP belonged to a forbidden country or region as definite in the Geographical Blocking feature of Admin Tools.

Spammer (via HTTP:BL)

Code: httpbl

See the Configure WAF page, SQLiShield protection against SQL injection attacks. The attack was blocked by Admin Tools.

Login failure

Code: loginfailure

Someone tried to log in in the front- or back-end of your site with the wrong username and/or password.

Two-factor Auth Fail

Code: securitycode

Someone tried to log in the back-end of your site but provided the wrong Two Factor Authentication code. Please note that this feature has been removed since Admin Tools 3.5.0. If you see it, it probaby comes from an old version of Admin Tools.

Backend Edit Admin User

Code: nonewadmins

Someone tried to create or edit an administrator user from the backend of your site. In this context "administrator user" means any user who belong in one or more User Groups that gives them backend login privileges. In a default Joomla! installation these are the users belonging to the Manager, Administrator and Super User groups.

Frontend Edit Admin User

Code: nonewfrontendadmins

Someone tried to create or edit an administrator user from the frontend of your site. In this context "administrator user" means any user who belong in one or more User Groups that gives them backend login privileges. In a default Joomla! installation these are the users belonging to the Manager, Administrator and Super User groups.

Configuration Editing

Code: configmonitor

Someone tried to change either the Global Configuration of Joomla! itself or the configuration (Options) of a component. Please consult the additional information saved with this security exception to understand which configuration was attempted to be changed. The change may have originated from the backend or the frontend of your site.

Cookies Notification - Action required

This website uses cookies to provide user authentication and improve your user experience. Please indicate whether you consent to our site placing these cookies on your device. You can change your preference later, from the controls which will be made available to you at the bottom of every page of our site.