My website is flooded with security exceptions of type "login failure" though the relevant IP addresses are defined in the blacklist and the geographic blocking for Ukraine is checked.
#21741 Flooded with security exceptions
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by on Wednesday, 21 January 2015 17:20 CST
Monday, 22 December 2014 03:21 CST
Freiforum-N
Monday, 22 December 2014 05:49 CST
nicholas
Akeeba Staff
Manager
Sorry, but this is how Joomla! works :( An attacker can attempt to blindly send a POST request to the login form. Joomla! will run the login code before firing the first event (onAfterInitialise) that plugins can hook into. This means that Admin Tools' failed login check code will necessarily run before the code which blocks users based on their IP address. Since Joomla! will only fire the failed login event when there's a failed login we cannot apply IP filtering at this stage (it wouldn't work consistently).
You have a few options to work around this issue:
1. Uncheck the "Treat failed logins as security exceptions" in the Configure WAF page.
2. Add the Failed Login reason to the Do not email about these reasons in the Configure WAF page.
3. Set the frequency limit by editing the email template in Email Templates page and enable the email sending limit feature in the Configure WAF page.
You have a few options to work around this issue:
1. Uncheck the "Treat failed logins as security exceptions" in the Configure WAF page.
2. Add the Failed Login reason to the Do not email about these reasons in the Configure WAF page.
3. Set the frequency limit by editing the email template in Email Templates page and enable the email sending limit feature in the Configure WAF page.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Monday, 22 December 2014 09:33 CST
Freiforum-N
thank you for the detailed information about the behavior of Joomla.
I choosed solution number 2.
If there remain any further problems I will come up again.
I choosed solution number 2.
If there remain any further problems I will come up again.
Monday, 22 December 2014 09:44 CST
nicholas
Akeeba Staff
Manager
You're welcome!
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Wednesday, 21 January 2015 17:20 CST
System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.