Support

 Hello Support!

First, I highly appreciate the tools you offer, thank you!

Please inform of how to automatically block failed administrator login immediately after the first failed attempt.

regs,
marketeers

You can not use a different autoban setting for admin login than other types of potential attacks.

The autoban settings are in Configure WAF, under Auto-ban Repeat Offenders.

You might also take a look at Administrator secret URL parameter, also under Configure WAF. This changes the address of the administrator login page. Without the secret parameter, they can't even see the login page.

The last option is to password protect your /administrator folder. That will ask for a user name and password at the server level, this works out of the .htaccess file. You have to successfully get through that user/password combination before you even see the administrator login page.

Thank you very much for your prompt reply!

Assuming that I understand your first sentence correctly, allow me to re-word my question: How can I auto-ban offenders of any type of attack immediately after the first offense?

Additional info from my side to my motive: Here there is one, and only one administrator. Any attempt to access administrative priviledges or to pry website parameters is regarded as unacceptable, in other words, we have a close to zero tolerance attitude toward such behavior. We are looking for a mechanism to keep such attacks away from our websites. Optimally, to block them before they reach the Joomla system.

The autoban settings are in Configure WAF, under Auto-ban Repeat Offenders.

What you want for your administrator is 1 exception in 10 minutes and the IP will be banned for 1 day. Keep in mind that hackers don't use their own IP address, so banning an address is not as effective as you might think. Since you're banning on 1 exception, the time period really doesn't matter. You don't want to ban the IP forever, you will just end up banning legitimate traffic. You are likely to run into trouble banning legitimate users with this very tight banning policy.

The other two options are probably better for your goal. The Secret URL parameter hides the login screen through Joomla! and the /administrator password blocks access at the server level. Nicholas commented in another ticket earlier today that he has gone to just the /administrator password for this site and it cut server traffic significantly because the "ban" is done at the server level, Joomla! never sees the login attempt.

We are implementing your recommendations.

Thank you very much for sharing your experience!

You are welcome!