Support

Admin Tools

#18768 front end logins disabled, yet getting login failure attempts via /users/?task=user.login

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by dlb on Friday, 10 January 2014 09:33 CST

myhpl501
 I do not allow logins to the front end of my site, and backend access is whitelisted to a few ip addresses. However, I am still getting login failure attempts in the exceptions log. What am I missing?

dlb
You are not missing anything.
login failure attempt = successful defense
If you figure out a way to get the bad guys to quit trying to hack your site, you can make a LOT of money selling it to the rest of us.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

myhpl501
I understand, but how and where are these people entering in their credentials in the first place when the login module is disabled in the front end?

dlb
First, it is not a person, it is a bot. It just goes from site to site trying to log into Joomla!, then makes another pass and tries to log into WordPress. All it has is time.

The login module does not need to be published to log into Joomla! You can do it from the url if you know how. Nicholas posted the actual command the other day, it was something like www.example.com?com_user=login. So the bot isn't even looking for the login module.

If you are concerned about the failed front end logins, one thing you can do is upgrade to 3.2.1 and turn on the two factor authentication for front end logins. That would make it virtually impossible for your bot to get in and it wouldn't inconvenience you because you don't log in that way.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!