Support

Admin Tools

#29543 Need URL for login error

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Friday, 18 May 2018 17:17 CDT

Tuesday, 17 April 2018 11:36 CDT

LukeDouglas
I get warning messages on login problems all the time.

We would like to notify you that a security exception was detected on your site, SITENAME, with the following details:

IP Address: 67.44.192.62 (IP Lookup: IP Lookup)
Reason: Login failure (Username: hiddenacres-- Password: PASSWORDSTRING)


In this particular case, user 'hiddenacres' is a registered user who simply forgot their password which they reset and got logged in.

What I want to receive are only failed logins to the 'administrator' directory.

Is there a way to restrict notifications only to failed admin logins?

Tuesday, 17 April 2018 12:12 CDT

dlb
There isn't any way to only receive emails from failed admin logins. The login error tracks both front and back end logins and can not distinguish between them.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Tuesday, 17 April 2018 12:20 CDT

LukeDouglas
This might be an option to consider providing to users. In this example, the client has hundreds of users, many who forget their passwords and reset it. Normal stuff. I don't really need to get these type of emails. What concerns me is if anyone attempts to log into the administrator panel using a variety of techniques, including URL strings. I definitely want to know about these attempted intrusions.

Tuesday, 17 April 2018 14:05 CDT

dlb
I flagged the ticket for the programmers to take a look at.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

Wednesday, 18 April 2018 01:35 CDT

nicholas
The feature you have requested exists since 2010 and, in fact, predates the "treat failed logins as security exceptions" feature you were asking about :)

There are three distinct features:
  • Email on failed administrator login
  • Email on successful administrator login
  • Treat failed logins as security exceptions


The first two only apply to logins made in the backend (administrator) of the site. I recommend having both enabled as it helps you understand who is logging in or failing to. If you see many failed backend login attempts I very strongly recommend using the administrator password protection feature (uses the least resources; requires an Apache or Lightspeed web server) or the administrator secret URL parameter feature (uses more resources; works on any kind of web server). Moreover, you should use a second factor authentication solution e.g. the one offered with Joomla! or Akeeba LoginGuard. Both solutions were written by yours truly, seven years apart, and both are free of charge.

The latter option is what you have enabled but it only really applies to the failed frontend logins. You can safely disable this feature. It only really makes sense when you have a very small set of users who can login in the frontend. Think about company sites with something like 5-10 users in total. The idea is that lots of failed logins at a small period of time are a strong indication that someone's trying to brute force a frontend admin login therefore we should block them. The only way to do that is by treating the failed logins as security exceptions so they count towards the IP autoblock threshold.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 18 April 2018 08:52 CDT

LukeDouglas
I am familiar with the Apache administrator password feature as well as the 2FA built into Joomla which I actually use on a couple of websites.

I've removed my email from the "Email this address on security exceptions" but retained on the administration logins both successful and failed. This should accomplish what I was seeking.

Thanks for pointing this out to me. Nice to know it was already there. :)

Wednesday, 18 April 2018 09:16 CDT

nicholas
You're welcome!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 18 May 2018 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2018-05-18 17:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!