Support

I'll start by saying that you can definitely edit the email template and remove the rescue mode information if you want. That's why email templates are editable.

I will now tell you why the default email templates are correct and do not pose a security threat to your site. It's something that I did put a LOT of thought into before implementing the Rescue Mode. I don't throw code over the wall and hope it lands safe. For every hour I've spent writing code, I've spent another three to ten hours planning, thinking, and red-teaming it.

The email is correct because it's the IP address which is blocked, not a specific username.

It is absolutely possible that the Super User of a site is trying to log into the frontend of the site using a different, non-privileged username and gets the username or password wrong. As a result their IP address is blocked and they can no longer access the site. This is not a theoretical issue. It's something which has happened, multiple times in the past, to actual clients. That's why this information was put there.

Please read the documentation about the Rescue Mode. The URL in the email will not work unless you replace the email address with that of a Super User, i.e you'd need to know that first. Even so, it does not "magically" give you access to the site. It will send the Super User an email, the Super User has to click on the link in that email within a few minutes of it being sent and then they have a few more minutes to access the site from the exact same browser and IP address they used when clicking the link. And even then they are not logged into the site, they are merely looking at the login page of Joomla. Therefore they also need to provide the username and password of the Super User and go through the Multi-factor Authentication the Super User has set up on their user account (if you haven't done so — do it now, it is one of the most important features to protect your user account in Joomla which is why I donated Akeeba LoginGuard to the Joomla project, spending a month of my life turning it into Joomla's Multi-factor Authentication feature last May).

Further to that, the Rescue Mode URL structure is not a secret. It's described in detail in our documentation which is publicly available. The fact that you're using Admin Tools is given away by using the default email template shipped with Admin Tools. Still, it's not a security issue because this feature is designed so it cannot be exploited.

Now you have all the information and you can make an informed choice.

System, Mail Templates, edit the “Admin Tools: Automatic IP blocking” template.

Remove the {RESCUEINFO} bit — this is what prints out this information in the email.

The only email template which include the {RESCUEINFO} block is the “Admin Tools: Automatic IP blocking” one. Remember that you explicitly asked me about an email.

However, the text “We have detected suspicious activity from your IP address. Your access to this site is temporarily suspended” does not appear in any of the default email templates. This is the default “Show this message to blocked IPs” message shown in the browser when a user's IP address is automatically blocked. If you do use the default text then we automatically append the Rescue Mode information. Go to Admin Tools, Web Application Firewall, Configure WAF, and change the “Show this message to blocked IPs” to something different. Again, this IS NOT an email message. There is no such message sent by email.

Hm… I see that you are German. Did you file this ticket relaying something someone else told you, using the word "Nachricht" which —if my very rusty German is to be trusted— is used for both "message" and "email"? That would explain why you ask me about an email when you are most likely talking about a message on the screen.

You're welcome!