Support

Admin Tools

#21112 login failure

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Thursday, 02 October 2014 05:28 CDT

Wednesday, 01 October 2014 03:50 CDT

tonnick
 Hello

I activated Treat failed logins as security exceptions. Rule is blocking IP after 3 attack in 1 hour.

But is seems that a user made 3 login failure :
1st with wrong password
2 and 3 with the right login/password.

I tried it and get access without any pb.

Can it be a space issue in password ? Why user has been blocked with the correct login/password ? How can we debug it ?

thx for your help !

Wednesday, 01 October 2014 04:50 CDT

tampe125
Hello Fabien,

I am sorry, but I can't reproduce your error.
I suspect there's a space in the password the user set.
You can see the credentials used in the Security Exception Log page.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 01 October 2014 06:05 CDT

tonnick
yes this is why I do not understand. the logs shows 1rt password wrong and the 2nd and 3rd correct.

the only reason I suspect is copy/paste issue with a space. I will introduce a warning in login page.

can it be something that we can avoid in future ? is there any way to delete it checking the password ?

regards

Wednesday, 01 October 2014 07:05 CDT

tampe125
What do you mean? Can you please be more specific?
If you don't want to ban users that are providing wrong access details, you can modify Admin Tools WAF configuration.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 01 October 2014 09:15 CDT

tonnick
I asked if it is possible to avoid this blank space issue on password as it seems to be the unique reason of ban. Would it be ?

Wednesday, 01 October 2014 09:34 CDT

tampe125
I'm sorry but that's not possible, since authentication is handled by Joomla itself
We only record when a failure occurs and ban the user if needed.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 02 October 2014 01:25 CDT

tonnick
yes you're right. One more question, so.

I have Email Templates by default, which are all and user-reactivate.

I would like to isolate the login failure identification because of all notifications, I cannot check it properly (too many mails with same subject)

If I let all and add a new template only for mail notifications, will I receive twice the mail, will it work only for the mail template, or the all template ?

thx for your answer !

Thursday, 02 October 2014 01:43 CDT

tampe125
If you add a template for email notifications, Admin Tools will use that; the general one is used as "fallback" if there isn't a specific one.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 02 October 2014 03:37 CDT

tonnick
ok that's great !
Maybe a suggestion. In mail template, can you add TO;bcc:cci field to overwrite the default ones ?

main of notifications are for the webmaster or the technical webmaster let's say.

but the one for login would interest the content manager as well. So it would be interesting to send this specific mail to this personn in bcc.

do you see what I mean ? do you think it is doable ?

Thursday, 02 October 2014 04:03 CDT

tampe125
Yes, I got, but I think it's an overkill.
You can simply setup a filter in your mailbox to forward messages with a specific subject

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 02 October 2014 05:07 CDT

tonnick
I do not really agree, such operation should be done from the source, not using a forward trick.

and another question (and I stop after ;) ) how do you check the failure login. I checked the logs from HTTP, and I cannot see it. It would be interested to check it to understand why a good login/password has been banned.

thx !

Thursday, 02 October 2014 05:28 CDT

tampe125
We simply hook up to the Joomla event onLoginFailure

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!