Admin Tools

Monday, 24 March 2014 03:14 CDT

Chabi01

Hi,
I have many different attacks on my websites.
With these attacks, i have some mistakes from visitors when they log in.
To protect the sites, I block ip after 3 errors.
The problem is the following : when it's real attack, it's fine, but when it's a visitor, I have to unblock the ip manually (as the system cannot know what is a real hacker and what is a mistake).

However, some blocked attemps are always attacks, for example, the uploadshield, DFI, etc..

Is there a way to immediatly block the ip from some kind of attacks but leave for example 3 chances for people who can make mistake when they try to login ?

Monday, 24 March 2014 03:41 CDT

tampe125

Hello Xavier,

I'm sorry but there isn't a block limit based on attack type ;(

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 24 March 2014 04:38 CDT

Chabi01

So, do you have a alternate solution for this matter ? Even outside AdminTools ?
It's very very annoying thing (i'm polite...) and take me a lot of time to sort good and bad...
Thanks :)

Monday, 24 March 2014 05:06 CDT

tampe125

Well, if the only problem is the login failure, you can play with the settings.
First of all, do you really need them?
Usually attackers will try to login as Super Users in the backend, so you can protect it with a secret param and disable access on frontend to Super Users.
However, if you still need this feature, you can try to raise the number of attempts and/or the timespan: automatic attacks are performed in a very fast succession, so you should be able to filter them out.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 24 March 2014 05:55 CDT

Chabi01

Hi again,
Well, i don't see exactly how to do what you say..
When users are blocked, that's from the frontend login (for example, on a Virtuemart account).
My admin is protected with an htaccess-htpassword.
I don't see how to put in place what you are writing with e "timespan".
I have attempt from real hackers from different ip and some are very closed and some are made with several minutes of distance.
As i block the admin access, they cannot attack by guessing the admin password and login, so now they try with file inclusion...

Monday, 24 March 2014 06:15 CDT

tampe125

In the WAF configuration page you have and option called Block after, where you can set the number of attackd required in a period of time to ban the IP.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 24 March 2014 09:11 CDT

Chabi01

Ok, thanks.
I previously set up on "3 attacks in 1 hour". I will try shorter delay.
If you hear about a way to block an ip on some kind of attack, please email me : it's in fact a very important needs (for all the websites i have to manage)
Thanks for the help :)

Monday, 24 March 2014 09:15 CDT

tampe125

You're welcome!

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support

#19665 Block ip immediatly on some attacks

This is a public ticket

Environment Information

Monday, 24 March 2014 03:14 CDT

Monday, 24 March 2014 03:41 CDT

Monday, 24 March 2014 04:38 CDT

Monday, 24 March 2014 05:06 CDT

Monday, 24 March 2014 05:55 CDT

Monday, 24 March 2014 06:15 CDT

Monday, 24 March 2014 09:11 CDT

Monday, 24 March 2014 09:15 CDT

Please wait

Support Information