Support

Admin Tools runs inside your Joomla! site, not your mail server. Adding an IP to Admin Tools' blacklist will prevent that user from accessing your Joomla site. It will not prevent him from sending you emails, trying to connect to FTP, do a prt scan or anything else that does not go through Joomla.

There are multiple reasons I can think off:

- The blacklist feature must be enabled in the Configure WAF page. It is not sufficient to simply add an IP address to the blacklist. This is by design. The blacklist feature requires one more database query on every page load which makes no sense running unless you actually want to use this feature. Therefore this feature is disabled by default. Please refer to the WAF configuration documentation for more information.

- Make sure the IP address is entered correctly. IPv4 addresses follow the format 1.2.3.4 which is a number 0-255, followed by a dot, followed by a number 0-255, followed by a dot, followed by a number 0-255, followed by a dot, followed by a number 0-255. No spaces or other characters are allowed. You must make sure you are using a dot and not a comma (I've done that typo myself, it's hard to spot!). Also check that you have not left a space, newline or dot after the end of the IP address.

- Make sure you are indeed receiving spam from the same IP, not the just same e-mail or name. It is possible that a spammer will use the same e-mail address or name but a different IP address. The default Joomla! contact component does not record the IP address anywhere, so I have to wonder where do you see the IP address. Do note that the email header contains the IP address of your site's mail server, not the IP address of the user who sent the message. Blacklisting that IP makes no sense.

- The blacklist feature will only work when a request is routed through Joomla! itself. We have seen many third party components –including contact and generic form components– which implement their own entry point as a separate PHP file. Since that file is called directly and does not load Joomla! plugins, Admin Tools' plugin is not loaded. As a result Admin Tools is not running and, of course, its blacklisting feature won't work if it's not running.

> I am useing joomla module ChronoForms where they have feature you can get the ip number of the sender.

Make sure the IP you get is not the IP of your server or a CDN / reverse proxy you have in front of the site. In the latter case Admin Tools will "see" the correct IP of the remote client, unlike your forms component and will (correctly) not block the request.

> Is "Disallow site access to IPs in Blacklist" should be yes

Yes

> Need to know what WAF Exceptions is for?

No, it's irrelevant to what we're discussing here and can't have an effect.

There is an easy way to test it. Use a phone connected to the 3G network (not your WiFi) to try to raise a security exception repeatedly. The simplest way to do that is enabling the administrator secret URL parameter on your site and trying accessing the /administrator URL of your site without this parameter repeatedly. Once you reach the number of security exceptions in the time frame you have defined you will get your phone's IP blocked and see the IP block message (configurable).