Support

Admin Tools

#16761 Geoblocker

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 16 July 2013 13:47 CDT

Monday, 15 July 2013 13:28 CDT

user67386
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.23
PHP version: 5.2.17
MySQL version: 5.5.23-55
Host: hostgator
Admin Tools version: 2.2

Description of my issue: I have a content developer in Singapore who I've been using for years, and want to continue to work with. Recently, our site has been plagued by spam from overseas, so we set up Admin Tools pro with Geoblocker. This solved our spam problems but also blocked my contractor's ability to access or even view the site. We unchecked the Singapore field in Geoblocker, added her IP to the whitelist, and included her IP in the "never block these IP's" field. I checked everywhere to confirm her IP was not on any blacklist, including in htaccess. And I contacted Project Honeypot to make sure her IP was not on their list of spammers. Still, she could not access the site, front or backend, and received the error message "you are a smammer...". I even modified the Admin Tools settings to try to get her access, but the only fix was to completely disable the app via file access, per your instructions. We also noted that another contractors' IP, in Brazil, was also being blocked and whitelisting them was unable to solve the problem.
I need geoblock to deal with the increasing amount of overseas generated spam, but need to give access to my contractors. Why does whitelisting not do it? Please help! I've attached copies of my WAF settings page.

Monday, 15 July 2013 13:38 CDT

nicholas
Go to Components, Admin Tools, Web Application Firewall and click the Exceptions Log button. Delete all records with her IP address. Then, go back to Web Application Firewall and click on the Auto IP Blocking Administration button. Select the record showing her IP address and click on the Delete button to delete the block.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 15 July 2013 14:21 CDT

user67386
Thanks for the quick response. Her IP is not posted in either of the sections you mentioned, so there was nothing to delete.. When configuring WAF, I had not set up any Exceptions because I didn't have the technical expertise to do so. I followed the instructions in your knowledge base "Admin Tools Web Application Firewall(WAF) locked you out of your site" although it wasn't me locked out, it was the overseas contractor. Modifying the components as suggested did not unblock her, and we could tell it was Admin Tools causing the block because, when I changed the error message via the WAF cpanel, she could see the new wording I used. In addition, when I used the main.disable.php file mod she was able to access the site and log in.
If I add her IP to the htaccess file as a whitelisted IP, will that override the Admin Tools blocks? Hers is the only IP I wish to give access to outside of the US, Canada, and Britain, because we don't serve customers from other regions.

Monday, 15 July 2013 15:14 CDT

nicholas
The message you mentioned she is seeing is only presented to people in the automatic IP ban list. If her IP is not in that list that message is not displayed. Something in your description doesn't add up. You can't both see the message and her IP not be in the auto banned IP list. These are mutually exclusive.

Regarding the whitelist, please note that it only works if you have enabled the IP whitelisting feature in the Configure WAF page. Otherwise it is ignored. If you do enable it please remember that only IPs in that list will be able to access the back-end of your site.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 15 July 2013 16:30 CDT

user67386
As I mentioned, her IP is not listed in the automatic ban list, which had only 8 IP's in it (I could easily visually check it). However, I did delete those 8 so we can test to see if any of them had an impact. It is possible she has a dynamic IP, or that her ISP is using some type of proxy, I suppose. But I can confirm the IP she gave me (using the whatismyIP website) is not in our list. We do have thousands of listings in our Geo block list, so all I could do was a field search, which did not locate her IP.
As for the whitelist info, that clears it up because I had not activate the whitelist feature at the top of the configuration page. I did not realize it was connected with the list at the bottom of the page. Since the 3 of us who work on the site occasionally work from remote locations, I didn't want to limit the ability to login to a small number of IP's. The problem we want to control is spam, not an extreme lock down of out cpanel. If we do active the whitelist feature, would that override any other IP bans in Admin Tools?
I've deleted all the IP's in the auto ban list. I will have her attempt a login this evening when she is back at work (Singapore time.)

Monday, 15 July 2013 16:44 CDT

nicholas
> We do have thousands of listings in our Geo block list

Are we still talking about Admin Tools? GeoBlock only allows you to select which continents and/or countries to block. There are a few hundreds options in total, but thousands they are not. And they are certainly not IPs and not searchable. I am confused. What are you talking about?

> As for the whitelist info, that clears it up because I had not activate the whitelist feature at the top of the configuration page. I did not realize it was connected with the list at the bottom of the page.

I am not sure we're talking about the same thing. Whitelist is what you define in the IP Whitelist page of Admin Tools. There are also two fields for allowed IPs in the Configure WAF page, but these two fields are not linked with the whitelist and do not require turning on the whitelist feature.

> If we do active the whitelist feature, would that override any other IP bans in Admin Tools?

All addresses in the whitelist (if the whitelist feature is enabled) and all IPs in the allowed IPs pass through all the checks. Please note that the allowed IP fields only accept a comma separated list of single IPs, not IP ranges, CIDR blocks and netmasked addresses.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 15 July 2013 17:12 CDT

user67386
Yes, we are talking about Admin Tools. If i go to Admin Tools->WAF->Securities Exception Log I currently have 2320 entries of access attempts that have been blocked. Many of these have the "reason" listed as "Geo Block". I was not referring to the Geo Block page where I can select by country or continent, but to the Sec. log where it lists specific IP's which have been blocked. My point was my contractor's IP does not seem to be on this list, if the search function is working properly.

As for whitelisting, it is confusing. I assume most web administrators want the same thing I do, to guarantee that certain IP's are always able to access the site, and these would be listed in the whitelist. I could not find any instructions in your knowledge base telling me if the whitelist function in WAF (called Administrator IP Whitelist) is the same function as the whitelist function in the WAF Configuration page. There is also a field titled "Never block these IP's" which doesn't mention whitelist but seems to be an identical function. Am I misunderstanding these features?

I think you understand what I'm trying to do, guarantee myself and my contractors access at both our home IP's and occasionally from an internet cafe while travelling. How would you suggest we configure the whitelist features?

Tuesday, 16 July 2013 02:01 CDT

nicholas
I just realised that you're using Joomla! 1.5 with AdminTools 2.2. I know what the problem is with your version and it was changed a few months ago, for Joomla! 2.5, 3.0 and 3.1. It cannot be backported to Joomla! 1.5 as we've stopped supporting that version of Joomla! too long ago. Your only option is to disable GeoBlock and empty both the security exceptions log and the automatic IP ban administration list.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 16 July 2013 13:22 CDT

user67386
Problem solved! You were correct, although her IP was not listed in the Automatic Ban section it must have been a proxy, because when we cleared it she was able to log in. As for Joomla 1.5, yes, that is what we are using, and have Geoblock turned on without problems. I presume it is working because we've managed to eliminate much of our overseas spam, but not all of it.

Many thanks for your help, Admin Tools is a great product, even when used with the old Joomla 1.5. I haven't found a compelling reason to spend $3000 to upgrade to the latest version on Joomla (cost of development and all the plugins that we originally purchased, now have to be replaced if we upgrade). And that doesn't include the cost of retraining my employees who are very familiar with using 1.5.

Tuesday, 16 July 2013 13:47 CDT

nicholas
It's time for one of my infamous car analogies.

I have a car which is 20 years old. Its brakes are useless, it's chassis is rusty and falling apart, it can't do more than 50 mph and it can be lockpicked by an untrained monkey in thirty seconds flat. This car is the main vehicle which I use to conduct business. Without a car my business is gone. I do not see a compelling reason to spend a few grand to buy a faster, more economic, safer car (the cost of obtaining the original car and its customisations). And that doesn't include the cost of retraining* my employees who are very familiar with my rusty old car.

* Yes, newer cars have all those extra gizmos that require a minimum amount of training before you can actually say you can drive a car safely.

In so many words: you are using a Joomla! version which is not supported for a year. It can't even run reliably on PHP 5.4. PHP 5.3 has already gone end of life. This means that in the next 12-24 months you will have the option to stop having a site (unlikely), use an outdated server with outdated software (you'll get hacked) or rebuild your site. You will choose the latter option.

As most people do, you'll act emotionally and think that it's all Joomla!'s fault and you'll rebuild your site with an entirely different CMS. This will cost you 3x as much to build it (data migration costs a LOT) and require 20x as much training.

Or you could spend the 3 grand today. You can then factor in another grand per year or less for updates, renewals and so on. I hear you shouting "heresy! that's too expensive". Newsflash. No matter which CMS you choose (be it Joomla!, WordPress, or worse like Drupal and various proprietary CMS) you can either sit on the old unmaintained code until it rots and needs a bucketload of cash to rebuild everything or you can factor in the cost of maintenance. The latter allows you to have a secure, fast and usable site. This is true for any CMS.

And something more. Going from Joomla! 1.5 to 2.5/3.x is a HUGE job. Going from 2.5 to 3.x or from one 3.x version to another (e.g. 3.0 to 3.1) is an one click upgrade. All you need is the newer version of the extensions you use and minor changes in your template. Knowing the low prices of Joomla! extensions and that having over 50 extensions on your site leads to an unusable frankensite I think that you need less than a grand per year. Compare that with WordPress or Drupal where anything not strictly in the core requires customisation at $50-350 per hour.

Well. I guess 3 grand today is more expensive than the rushed upgrade that will cost way much more than that in 1-2 years.

PS: This site has gone through Joomla! 1.0, 1.5, 1.7 (OK, that version of the site wasn't live) and 2.5. I know all the issues involved. And I know very well why I spent my time upgrading the site and not sticking with, say, Joomla! 1.0.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!