Support

Admin Tools

#20953 IP Block not being logged

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Tuesday, 16 September 2014 11:34 CDT

Monday, 15 September 2014 15:55 CDT

mooreman1
 Although I do get an email with notification that the user has been blocked:

We would like to notify you that the IP address xx.xxx.xxx.xx is now blocked from accessing your site, mysite.com, until 2014-09-16 19:51:40 GMT.

If this is your own IP address, please use an FTP client to rename plugins/system/admintools/pro.php or plugins/system/admintools/admintools/pro.php -depending on your Joomla! version- to pro.php.bak, login to your site's back-end and use the Auto IP Blocking Administrator button in Admin Tools' Web Application Firewall panel page to remove the auto ban on your IP. Also remember to clear any Exceptions Log entries with your IP so that you don't get blocked again. Then, rename pro.php.bak back to pro.php and try accessing your site.

There is no log of the user in the Security Exceptions log nor is it in the Auto IP Blocking Administration. This makes it quite difficult to reinstate them. How does one reinstate a users access when they have been blocked with no way to administer it?

Tuesday, 16 September 2014 00:15 CDT

nicholas
If it's not in the log it's not blocked. Moreover, unless the log entry and the block rule have ALREADY been written to the database you won't get an email.

The only reasonable explanation: you have multiple instances of your site (e.g. a regular site and a dev site), you get a message from one instance and you log in to the other instance.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 16 September 2014 10:37 CDT

mooreman1
I wish this were the case however, I received another email with:
-----------------
Hello,
We would like to notify you that the IP address (removed) is now blocked from accessing your site, (removed), until 2014-09-17 02:10:56 GMT.

If this is your own IP address, please use an FTP client to rename plugins/system/admintools/pro.php or plugins/system/admintools/admintools/pro.php -depending on your Joomla! version- to pro.php.bak, login to your site's back-end and use the Auto IP Blocking Administrator button in Admin Tools' Web Application Firewall panel page to remove the auto ban on your IP. Also remember to clear any Exceptions Log entries with your IP so that you don't get blocked again. Then, rename pro.php.bak back to pro.php and try accessing your site.
--------------------
But nothing in the log or the AutoBlocking Administration. We have no other version of this site anywhere.
The client verifies they have been blocked after the third attempt to login.

It also seems that if a username has an @ in it it doesn't pass the sniff test. For example, the emails sent just prior to blocking the client said the username was somethingsomething.com but the correct username should have been [email protected]:
Reason: Login failure (Username: somethingsomething.com)


I do need an update so this is what I'll do... I have manually disabled the system plugin for now by following the direction from the email so that the clients can have some peace while they work on the site content changes. After that I will enable it and update it and send you a link to the backend if I still have the issue. If the update fixes the issue i will report that back here as well.

Tuesday, 16 September 2014 11:34 CDT

nicholas
It is not possible that everything you said holds true at the same time. The only way to auto-block an IP is that IP appearing in the Security Exceptions Log for X* times within Y time period. This will cause that IP to be auto-banned, in which case it will appear in the Administer Automatic IP Bans page. If the IP doesn't appear in the exceptions log it won't be auto-blocked. If the IP doesn't appea in the Administer Automatic IP Bans page it is not blocked. In fact, it's exactly that database table which Admin Tools checks to see if the IP is auto-blocked or not.

Therefore you EITHER can see the IP in the two pages (which merely display the data stored in two database tables) OR the IP isn't banned. Both statements cannot be true at the same time.

* X and Y are what you have defined in automatic IP banning in Admin Tools' Configure WAF page

PS: I had the chance to examine the code in question yesterday, line by painstaking line, as I am refactoring the Admin Tools system plugin. Having spent two hours on the code of the IP auto-ban feature I can bet my head and both arms and legs that my description of how it works is perfectly accurate.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!