Support

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

I have a site which is getting 6,500 exceptions in 30 days. But when I review the exceptions log I see lots of patterns. I would like to request a few features.

(a) I would like to be able to bulk blacklist some IP addresses as they are all very similar (first three numbers are the same, last number changes). There are also some patterns e.g.

/--cox_sym/root/homepages/14/d121902034/htdocs/pertermaclean/xmlrp.php?x=chmod&f=media&d=%2F

My hosting user/folder is not /pertermaclean/ so whatever hosting they are looking for it is not mine. However, this site was taken over from a hacked site, and that URL does appear in Google under our domain name so perhaps it existed on the old site.

I don't know if you have any advice on that? Or as to whether my IP address solution is not the smartest.

(b) I would like to be able to search the URL in the blacklist. That gives me more of a clue than the IP address.

(c) I would like to make some rules. e.g. wp-login wp-admin. These are WordPress URLs (as I'm sure you know) so anyone accessing them on Joomla! is probably a bot trying to work out how to hack the site.

Because of the sheer volume of emails I've reduced the email numbers in Admin Tools, but should I be taking other more proactive action do you think?

It is possible to import IPs into the blacklist, but it isn't a good idea. Hackers don't use their own IP addresses, so you're just blocking a dynamic IP at an ISP or an open proxy server, etc. Temporary blocks are better because they slow down the attacker without permanently disabling the IP address.

Why not just add "/pertermaclean/xmlrp.php" to the list of URLs that 404 Shield will flag as a security exception? That will allow you to use your auto ban settings to block the IP addresses being used.

Great suggestion. Thanks. I'll do that.

You're welcome!