Support

I was working on a client's Joomla site and got blocked. The notice I received was for the web host IP and not mine. I got the rescue URL/token but when I tried to access the admin using that I get the following message:

After several unsuccessful attempts to login, your device has been temporarily blocked. Please double-check your credentials and try again later.

So now what?????

Also since I cannot access the site I'm only guessing at the tools version number but we do keep things very current.

OK, first we need to disable Admin Tools so you can log in. The instructions to do that are here. Look under the blue box at the section "Using FTP to regain access to your site's administrator".

Once you get in, you need to clear the locked IP address. You should be able to do that from the Admin Tools control screen, the big red box at the top.

And last, you need to fix the problem. Go to Web Application Firewall, Configure WAF, on the first tab, change the value of "Enable IP workarounds", if it is Yes, set it to No or vice versa.

That should fix you all up.

I replaced our htaccess file with the base Joomla version and was able to get in. We found that WAF Enable Workarounds was set to AUTO and have changed that to NO.

What is concerning is that this has been set to AUTO for more than a year and being blocked is only a very very recent occurrence.

Thanks

Something changed. What IP Workarounds does is change the order of the IP addresses that are forwarded from another server sitting in front of your web server. When the IPs are read "backwards" the other server gets banned instead of the bad guys. That sounds like what was happening.

You still need to watch the Security Exceptions Log to make sure you're not getting exceptions from your local server. "Yes" and "No" are not really meaningful in this case, you just have to watch the exceptions to make sure it is set right.

The last exception recorded was 3/1

The Admin Tools lockout emails said our hosting provider IP was blocked but we couldn't get in either.

It the host IP is blocked, everybody is blocked. I wouldn't expect it to be clean for almost two weeks but I guess it's possible.

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.