Support

Admin Tools

#26898 Brute Force attack on backend although password protect has been set

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 15 February 2017 17:17 CST

Benny7587
Hi Nicholas,

A few days ago I installed admin tools pro and set Password Protect Administrator. Now Brute Force Stop plugin tells me that there has been a login violation on the backend. How is this possible because when I try to login on the backend i first have to login on the extra protection. There is a username and password on this protection that cannot be guessed easily.

Also Admin Toolds is blocking the ip-address of tthe attacker. One strange thing here is that Admin Tools is sending an e-mail at 14-1-2017 23:18 telling me that the ip address is banned until 2017-01-14 22:32:50? The serversetting in Joomla is set to local (Amsterdam) time and my e-mail timestamps are also in local time.

Regards,

Benny.

nicholas
Akeeba Staff
Manager
Just because you have an administrator directory password protection doesn't mean that nobody can get through. As I've said in my security presentations this is merely another layer of protection. A determined attacker could try to brute force that protection. Unless your password is 20 or more truly random characters, including punctuation / special characters, brute forcing it is not that hard. Remember that words and phrases in any live or dead human language (from English to Swahili and from Latin to Aramaic); or made up language (especially including Elvish and Klingon); or transcribed phonetically (e.g. pinyin) or in a weird manner (e.g. pig Latin, l33tspe4k) and so on are trivial to crack - even if you use multiple words separated by common punctuation and/or numbers.

I would recommend changing your administrator password protection with a new 24-character password generated by random.org.

That said, it appears that Admin Tools does block the brute force attack. Due to the way Joomla! processes system events the other plugin you have also gets triggered. Don't worry, you ARE protected.

Finally, do note that when Admin Tools sends you an email all dates and times are expressed in GMT. The reason is that we cannot guarantee that the execution context at the time the email is generated includes a user whose time settings are compatible with your user's settings. Instead of using a random timezone we chose to use the universal GMT timezone. Furthermore, since Admin Tools can be set up to send emails to any number of Super Users, each one with their own language and time zone settings, trying to localize the content of these emails would consume a lot of CPU and memory. In fact, the resource usage would be so substantial that it'd make sense for an attacker to perform a short but substantial burst of known to fail attacks against your site to make it overload, effectively causing a Denial of Service attack. That's a VERY real possibility that responsible security software have to mitigate. That's why, being responsible developers, we chose performance over user convenience in security exceptions handling.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Benny7587
Hi Nicholas, Thanks a lot for your prompt and clear answer to my questions.

Regards, Benny.

nicholas
Akeeba Staff
Manager
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!