Support

Admin Tools

#17619 Multiple Auto-Blacklist-Add Infos

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Thursday, 31 October 2013 18:00 CDT

Monday, 23 September 2013 05:50 CDT

raffaEl
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.14
PHP version: 5.3.6
MySQL version: 5.1.59 (?)
Host: superhost.pl
Admin Tools version: rev310A740

Description of my issue:

First of all I would like to give you Huge Thanks, because of your work with Admin Tools. It is great relief for me after endless problems with Jommla hacks. Now they're gone! I think many people are very thankfull for you but most info you're getting are tickets with problems ;) So, thank you again, and keep going!!!

Back to my question:

I've received three e-mails about automatic IP blocking of the same IP (69.197.189.39), sent form my server at times:

- 2013 IX 23; 10:11
- 2013 IX 23; 11:19
- 2013 IX 23; 11:36

How it is possible since I've set up auto IP blocking for more than 12 hours?

The reason of autoblocking is CSRF Shield.

Monday, 23 September 2013 07:50 CDT

tampe125
Hello Pawel,

thanks for your kind words :)
Now, going back to your problem: the email is sent before the IP block ultimately blocks the user. It's a small quirk of how Joomla! and Admin Tools works. That said, you are protected. Even if the attacker guesses the correct username/password they will still be denied access.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 23 September 2013 20:33 CDT

raffaEl
I understand that e-mails are sent before blocking user, but I'm wondering why IP blocked at 10:11 for 12 hours was able to do anything on site later and trigger auto-blocking again (at 11:19), and this happened twice (second time at 11:36).

Only after I've added this IP to blacklist manually, I've stopped receiving e-mails with autoblocking info.

Do I make myself clear? ;)

Wednesday, 25 September 2013 04:23 CDT

tampe125
Admin Tools will send out two different emails: one for the (failed) attack, another one for the autoban.
So, when your user is banned, you'll get only one email for the attack attemp.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 25 September 2013 04:34 CDT

raffaEl
That's correct.

But what I've got was three emails containing the same info - about automatic blocking the same IP with the interval of about 20 minutes.

That's my question - how could that happen?

I can paste e-mails text, but I've got Polish translation, so I'm not sure it'll be usefull for you.

I can forward these mails for you, too.



Edited by raffaEl on 2013-09-25 04:35 CDT

Wednesday, 25 September 2013 08:23 CDT

nicholas
The emails you got told you that the attack was blocked, not the IP. These are two completely different things. The email notifying you that an IP was blocked doesn't include a reason. Apparently the Polish translator wrote something confusing. If you are unsure, just uninstall the Polish translation of our component and you'll start receiving the English emails. It will then become clear what they mean.

Nicholas K. Dionysopoulos

Lead Developer and Director

๐Ÿ‡ฌ๐Ÿ‡ทGreek: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: excellent ๐Ÿ‡ซ๐Ÿ‡ทFrench: basic โ€ข ๐Ÿ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 26 September 2013 10:00 CDT

raffaEl
This is the text I've received it these three e-mails (differs only ban time) - strictly translated to English:

We would like to inform you that the IP address 69.197.189.39 has just been banned from the site (......) until 2013-09-24 8:10:48 GMT. If this is your own IP address, use an FTP client to rename plugins / system / admintools / pro.php or plugins / system / admintools / admintools / pro.php - depending on your version of Joomla! the pro.php.bak. Then log on to the site and its facilities - using the button Autoblokowane IP addresses in the web application firewall - remove autoblokowanie your IP address. Do not forget to remove all exceptions from logging your IP address in order not to block again. Then, restore the file name of pro.php.bak on pro.php and try to access the site.

Monday, 30 September 2013 04:22 CDT

nicholas
Can you please put the text of all the emails about the same IP (including their timespatemps) in a ZIP file and send it to me?

Nicholas K. Dionysopoulos

Lead Developer and Director

๐Ÿ‡ฌ๐Ÿ‡ทGreek: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: excellent ๐Ÿ‡ซ๐Ÿ‡ทFrench: basic โ€ข ๐Ÿ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 30 September 2013 05:07 CDT

raffaEl
Can you provide me info where I can find your e-mail adress?

Tuesday, 01 October 2013 03:12 CDT

nicholas
You are supposed to ZIP and attach the emails on your ticket. We do not provide direct support over email.

Nicholas K. Dionysopoulos

Lead Developer and Director

๐Ÿ‡ฌ๐Ÿ‡ทGreek: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: excellent ๐Ÿ‡ซ๐Ÿ‡ทFrench: basic โ€ข ๐Ÿ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 01 October 2013 05:30 CDT

raffaEl
OK, I'm attachng these emails with this message.

Tuesday, 01 October 2013 06:53 CDT

nicholas
I can't open those .msg files :( Is it possible to send them as plain text files?

Nicholas K. Dionysopoulos

Lead Developer and Director

๐Ÿ‡ฌ๐Ÿ‡ทGreek: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: excellent ๐Ÿ‡ซ๐Ÿ‡ทFrench: basic โ€ข ๐Ÿ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 01 October 2013 07:03 CDT

raffaEl
Here are 4 emails in one plain .TXT file.

Emails are in original Polish language.
I've translated this lately for you using Google Translator...

Edited by raffaEl on 2013-10-01 07:05 CDT

Tuesday, 01 October 2013 15:00 CDT

nicholas
I am not sure that the IPs are actually blocked for as long as you say they are. I suspect that you may have accidentally set it up to block them for 12 seconds instead of 12 hours. Either that or your server is not reporting the correct time to Joomla!.

Nicholas K. Dionysopoulos

Lead Developer and Director

๐Ÿ‡ฌ๐Ÿ‡ทGreek: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: excellent ๐Ÿ‡ซ๐Ÿ‡ทFrench: basic โ€ข ๐Ÿ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 31 October 2013 18:00 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!