Support

Admin Tools

#33361 Lockout even when excepting my IP's

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by dmaurand on Tuesday, 07 July 2020 11:28 CDT

Tuesday, 07 July 2020 09:55 CDT

dmaurand

The lockout is strange - I have applied the same settings to four Joomla sites, but one has me locked out of both front and back end. When I looked at the IP in log, the host server IP was listed, not mine.

The blocked requests graph on the admin shows no blocks.

When I turn off permanent ban, I'm still banned (with my custom message). At the moment, this site, which was hacked, has been running in main-disabled mode for a couple hours - and new files have been injected.

I am also unable to whitelist IP's in the Administrator Exclusive Allow IP List - clicking 'New' gives me the expected fields, but saving does nothing.

How do I navigate this confluence of IP issues, one wonders. Or at least, I wonder.

Tuesday, 07 July 2020 10:22 CDT

tampe125

Hello,

first of all, please note that if your site is already hacked, Admin Tools can't protect you, since the attacker already have a foothold in your site.
You should run a scan with the PHP scanner, find malicious file and remove them, you can find more details about the process here: https://www.akeebabackup.com/documentation/walkthroughs/unhacking-your-site-index-html.html

That being said, I suspect your site has a proxy in front of your webserver. Please write down your IP (you can find it here https://www.whatsmyip.org/), then go inside WAF Firewall, Administrative Exclusive Allow IP List and click New. You will find the IP detected by Admin Tools displayed on screen. Is that the same as the previous one? If not, please get inside the Configure WAF page and toggle the option Enable IP Workarounds, that should fix your issue.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 07 July 2020 11:28 CDT

dmaurand

Thanks for your very fast reply. I am getting a different IP in the log than my own IP.  But your specific directions seem to be working - what's interesting is that I submitted my IP as it appeared in that list, but 'saved' after several attempts. Now there are several copies of it there.

As to the hackfiles, I have indeed scanned and cleaned everywhere - trying carefully not to go for php5-era regex statements highlighted as suspicious. My last few scans are coming up clean. The hacks are on a cpanel account, clones of two of these sites that were installed simultaneously on a Plesk account remain clean.

Thanks for your help.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!