Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes IP blacklisting and Security Exceptions Log
Joomla! version: 2.5.14
PHP version: 5.3.13
MySQL version: 5.0.37-standard
Host: phpwebhosting.com
Admin Tools version: 2.5.8
Description of my issue: I am having occasions where admintools emails me multiple warnings (50 or more sometimes, on a few occasions over 100 times) notifying me of failed administrator access. I have the .htaccess set for the administrator log in, as well as the WAF set to automatically block an IP that offends repeatedly (5 times in 10 minutes) and to block that IP for 30 minutes. The emails would indicate that this offender (same identical IP) is attempting every 30 to 60 seconds. If I log in and manually put this IP in the blacklist, it stops, but I thought that Admin Tools would stop it automatically if trying at that rate. Also, if the .htaccess is working, how are they getting to the admin log in screen unless they've guessed my htaccess log in credentials. I've never given them to anyone. I am the only admin for this site. The IPs are usually Ukrainian. I don't know anyone from the Ukraine and this site doesn't serve anyone internationally.
I am changing passwords and usernames as a response to this, but just wanted to know if there is a way to block these more effectively in the future.
Thanks
Eric
Have I read the related troubleshooter articles above before posting (which pages?)? yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes IP blacklisting and Security Exceptions Log
Joomla! version: 2.5.14
PHP version: 5.3.13
MySQL version: 5.0.37-standard
Host: phpwebhosting.com
Admin Tools version: 2.5.8
Description of my issue: I am having occasions where admintools emails me multiple warnings (50 or more sometimes, on a few occasions over 100 times) notifying me of failed administrator access. I have the .htaccess set for the administrator log in, as well as the WAF set to automatically block an IP that offends repeatedly (5 times in 10 minutes) and to block that IP for 30 minutes. The emails would indicate that this offender (same identical IP) is attempting every 30 to 60 seconds. If I log in and manually put this IP in the blacklist, it stops, but I thought that Admin Tools would stop it automatically if trying at that rate. Also, if the .htaccess is working, how are they getting to the admin log in screen unless they've guessed my htaccess log in credentials. I've never given them to anyone. I am the only admin for this site. The IPs are usually Ukrainian. I don't know anyone from the Ukraine and this site doesn't serve anyone internationally.
I am changing passwords and usernames as a response to this, but just wanted to know if there is a way to block these more effectively in the future.
Thanks
Eric
