Support

Admin Tools

#20323 Block ip on some account attempt

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by Chabi01 on Thursday, 19 June 2014 11:16 CDT

Thursday, 19 June 2014 06:06 CDT

Chabi01
 Hi,

Wandering something : is that possible to block ips when then try to connect to the backend to a specific account ?
More than 90% brute force attack in the backend are made on the "admin" account.
Is that possible to say "if a person attempt to connect to the account admin, block it right away" ?

Thanks :)

Thursday, 19 June 2014 07:24 CDT

nicholas
No, you can't. You'd inevitably end up also blocking yourself. However, you MUST NOT use the username "admin" for your Super User account. It's criminal, from a security point of view. You should better change that username to something not very obvious.

You know what is the joke I make during my security presentation? "Who is using username/password admin/admin on a live site?". If someone raises their hand (usually the do) I tell them "There's free WiFi here and you have a laptop. Go change the username and password, I'll be waiting here" ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 19 June 2014 08:47 CDT

Chabi01
Hi Nicholas,
I never use the "admin" default account and the account is erased every time on the website i use.
However, as the attack are made on the admin account, i was wondering if i can block the "admin attacks" as this is every time an attempt of hacking.
Maybe it's something you could plan for future : a fonction "use the admin account as a honeypot to block this f...g robots !".

Thanks anyway :)
Xavier - Chabi01

Thursday, 19 June 2014 09:46 CDT

nicholas
If you are not using the admin account, there is nothing to worry about. They will never do anything bad to your site.

I have explained many times why permanent blacklisting is a TERRIBLE idea that comes back to bite you in the rear. Please, please, please stop asking me to implement automatic blacklisting. It's like asking me to automate a Russian roulette.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 19 June 2014 11:16 CDT

Chabi01
Yes, i understand and agree.
There are so boring with these attacks : it take times, it takes energy, customers doesn't understand completly all the things and at the end, you are on the first line all the time.
Maybe that's for this that you have people who are coming back again and again to ask "a automatic blocking feature" : i think people ask "why are they keep going even if i blocked all ? What can i do to be freed of them ?". Unfortunatly, we know that's not possible.
Thanks for your response (there is nothing to worry about).

Xavier - Chabi01

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!