Support

Admin Tools

#38911 WAF Config - Deactivate users after failed logins, sending emails

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4
PHP version
8.2
Admin Tools version
7.3.2

Latest post by dunwin on Tuesday, 25 April 2023 02:25 CDT

Monday, 24 April 2023 15:07 CDT

dunwin

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

We have WAF Config option set to deactivate users after a number of failed attempts within a time period. See attached screenshot.

Also in the WAF config, there is a message " User self-service activation is enabled on your site. Automatically deactivated users will be emailed instructions to re-activate their user account. " 

We are noticing some (a few) of our users have been deactivated. When they request a password reset link, they never get the email.

MY question is: is it only Admin tools that deactivates users? The reason I ask is that none of the users has reported getting an email to say they have been deactivated. So is the email not being sent or is there some kind of Joomla core function that is deactivating these users?

Any help would be appreciated.

 

 David Unwin - London UK

Tuesday, 25 April 2023 00:09 CDT

nicholas

When they request a password reset link, they never get the email.

This is a core Joomla feature. Something is broken on your site. Make sure your site's email setup is correct (in Joomla's Global Configuration). Make sure that the email from your site does not end up in your users' spam inbox (set up SPF and DKIM at the very least, yeah?).

MY question is: is it only Admin tools that deactivates users?

No. Asking for a password reset deactivates the user. This is a core Joomla feature and it's worked like that since at least Joomla 1.5.0. I honestly don't remember how it worked back in 1.0 but I'd be surprised if it worked any different.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 25 April 2023 02:25 CDT

dunwin

Nicholas,

Thanks for the clarification.

Our email setup is correct and we have tested it. We have SPF and DKIM set up.

re " No. Asking for a password reset deactivates the user. ". So I assume the when the user gets a link to reset their password and they click on it and enter new password, Joomla re-activates their account.

I need to look further at our end.

 David Unwin - London UK

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!