Support

 Hello,

I am using the secret URL parameter for Joomla backend login.
Now I noticed several security exceptions with login failure. I think a bot who tried to login.
I am wondering why the bot reached the login form.
Does this mean the Secret URL parameter is known for the bot? I think while using the Secret URL parameter it shouldn't be possible to try to login?!

It's difficult for me to explain in English I hope you understand what I mean!?

Thanks

It is very unlikely that the bot knows your secret URL parameter. The error has to do with which part gets the information first. In this case, Joomla! processes the user and password and rejects it before Admin Tools has a chance to check the secret URL parameter. The bot most likely tried to call the admin login screen directly, it didn't use the redirect from index.php. If the bot had been able to guess the correct user ID and password and gotten past Joomla!, then Admin Tools would have jumped in and blocked it for lack of the secret URL parameter.

ok, thanks.
so there is no problem!?

its a "normal" attack and its blocked in a normal behaviour!?

thanks.

Yes this is a "normal" attack that has been blocked by Joomla! and Admin Tools. Nothing to be concerned about. You can't stop them from trying, you can only stop them from succeeding.

ok thanks for your help :-)

You're welcome!

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.