Support

Admin Tools

#22194 Adding Exception List to Site IP Blacklist

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 06 March 2015 12:45 CST

Wednesday, 04 March 2015 23:46 CST

muddauber
 I have a long list of Security Exception Logs and was going to ask how I could move a large number of the exception over to the IP Blacklist, preferably with a one click conversion. However, I read you post and comments on the problem with having a automatic button to put all the list on the IP blacklist would create problems.

My question is there a problem with adding hundreds of IPs to the IP Blacklist? At what point should
I look at using a honeypot blacklist system or other option, rather than keep adding all the exceptions to my IP Blacklist. My understanding is a long list will slow the system down considerably.

Thursday, 05 March 2015 01:37 CST

nicholas
If you have added hundreds of IPs to the black You Are Doing It Wrong. If you've read my posts on the subject you'd know that adding an IP to the blacklist is the very last resort. You just need to use the automatic IP banning which blacklists an IP for X amount of time if at least Y attack attempts were detected within Z amount of time. And we also have a repeat offenders auto-blocking feature which lets you permanently blacklist an IP address if it gets auto-banned X times within Y amount of time.

Using these two features mean that you don't have to deal with the IP blacklists. They are managed automatically by the software. You will also NOT end up with hundreds of IPs in the blacklist. Remember that having hundreds of IPs in the blacklist not only makes your site slower (performance impact is measurable after ~100 blacklisted IPs) but will also end up blocking legitimate traffic. Do the smart thing, let the software decide when to block an IP address.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 06 March 2015 11:50 CST

muddauber
OK, I will follow that recommendation.

I still see a lot failed login attempts or other exceptions from countries that are on my Geographic Blocking. Why are they getting through when I have the IPs blocked and the Admin Directory write-protected?

thank you

Friday, 06 March 2015 12:45 CST

nicholas
Checks for certain exceptions occur before the IP filtering due to the way Joomla! works. For example, the login attempt warnings are raised by Joomla!'s user management system which loads before the IP filtering has the chance to run. This is normal and nothing to worry about. It merely tells you that some fool made a futile attempt to log in to your site. The result they see on their end, no matter if they guess the username and password correctly or not, is a 403 Forbidden error. So, don't worry. These are idiots who can't debug their own pathetic "hacking" scripts...

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!