First, thank you for providing a great product in AdminTools.
I've been getting SQLi block notifications for the past couple months, about once daily, and they always come in pairs and they always come from a fresh IP address. Who (or what) is doing this thus avoids auto-blacklisting. (currently set to block after 3 attacks in 1 day, and block for 40 days, permanently blacklist after 3 IP blocks)
The url strings look like:
They change just a little bit incrementally with each attack, again same basic pattern with a new IP address each time.
So, to me, this looks like a fairly deliberate attempt to either get in to - or just get information from - the website. It looks like this site is being targeted, albeit patiently.
Are there any additional things I could be doing to prevent these attacks from eventually someday working?
Is it, for example, safe to auto-ban after a single SQLi match in AdminTools?
Thank you for any advice, and thanks again for supplying a great product.
- Joomla! version (in x.y.z format)
- PHP version (in x.y.z format)
- Admin Tools version (x.y.z format)