Support

I have added my IP adress to the Admin Whitelist as well as listing it in the Exceptions from Blocking list.

Nevertheless I have been forced to unblock myself using PHPmyadmin close to 10 times now.

Should these settings not protect me against EVER being blocked - even if I (on certain occations deliberately) enter an invalid keyword or does something otherwise fishy?

I have disovered that each time I receive a mail an IP being blocked, I can open the previous Security exception mail and find the same IP here - which is quite logical.

But when I am having my own IP blocked, this is not the case. In this case it seems that the Automaic Blocking notification mail comes without anything happening prior to it. This seems to be strange?

/poul

To unblock your IP you need to delete the IP address from the auto-block list and delete you IP address from the Security Exceptions Log. If your IP shows up in the log more than the number of times required for an auto block, it will just keep getting blocked over and over. The whitelist prevents your IP from going into the Exceptions Log, but the log triggers the auto block.

I have deleted all entries containing my IP from the logs - but there is still a very anoying problem.
I am experiencing this almost on a daily basis.

First : my IP is in the admin whitelist and in the Never block these IP's list. I suppose that this means that I should NEVER be locked out of the site.

Yet here's what happens:

1. I go to my website's front end - no problem
2. I go to the backend and log in - no problem
3. I enter the address of a page that is only accessible by registered users and I am therefor taken to the log in page - no problem
4 I enter my log in data correctly - and NOW i am LOCKED out of my website.

this cannot be the intention with this tool?

No, that is not the way it is supposed to work. Please post the entry for your IP from your security log so we can be sure why it is being blocked.

Ok. Here is what happened this morning. When I closed down my computer yesterday, everything worked fine.

This morning I opened my computer at 8.30. I did a few things not related to my website. Then, around 10 I went to my website, only to find that I have been blocked once again.

I then checked the alert mails from Admin Tools, where I can see that I was blocked at 8.27!
That is just about the time I opened my computer - but did not visit my site.

Now I am thinking that each time I open a new FF browser window, it suggests some frequently visited sites or some that I have pinned to the page. Among these are both my site and the admin page.
Could it be that this is the cause?

This is what the alert mail says:
"We would like to notify you that a security exception was detected on your site, Mindfulsolutions, with the following details:
IP Address: 178.155.137.230 (IP Lookup: IP Lookup)
Reason: Admin directory
If this kind of security exception repeats itself, please log in to your site's back-end and add this IP address to your Admin Tools's Web Application Firewall feature in order to completely block the misbehaving user."

This is the entry from the log:
398,"2014-08-19 06:27:12","178.155.137.230","http://www.mindfulsolutions.dk/administrator/","admindir",

398,"2014-08-19 06:27:12","178.155.137.230","http://www.mindfulsolutions.dk/administrator/","admindir",

That actually happened at 6:27 am, before you even logged in. From the time, it appears that something else is tripping the security alert.

I used to have a site checker on my phone that would alert me if one of my sites went down. Do you have anything like that which could be hitting your site?

If you and your server are two hours apart, I'll buy that maybe Firefox's suggestion feature is doing it. But I don't think it could be Firefox if it is happening when the computer is off. Are you and your server in the same time zone?

Yes, you are right, I forgot to write that.

I don't know where my server is. I use Unoeruro.com which is not danish. Under any circumstance there is i time difference between me and the server (apparently two hours).

I am not using any sitechecker, but I have a trigger from Acymail's website starting my mail list every 15 minutes.

I have noticed that it looks as if I am locked out whenever I am leaving work on my site without logging out of Joomla. When I return an hour or two later, I am locked out.

"No, that is not the way it is supposed to work". -- If "Never block these IP's" does not mean Never block these IP's .... then what does it really mean? Somehow the explanation doen't seem to make sense (to me).

Additional : A 100% sure way to be blocked is by using the button to clean all sessions. This should log me out of the backend, but it also block my IP.

Yes, the Purge Sessions will log you out at the database level, but leaves you at an administrative page, so that throws a security exception and redirects you to the front page.

I think most of your security exceptions are caused by your session expiring. That would do the same thing as the Purge Sessions, you're on an administrative page and not logged in. So you get a security exception. You can extend the length of your sessions under Global Configuration.

What I can't figure out is why the whitelist doesn't prevent you from being blocked. You have your IP address in the Administrator IP Whitelist and in Never Block These IPs in WAF Configuration? Are you sure you have the right IP address? Are you using a proxy that would change the IP address? Do you have a dynamic IP address that is changing?

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.