The backend of my site has frequently been attacked in the last couple of weeks by hundreds or thousands attempt to reach my administrator site. It is protected by an url-parameter, so it has been unsuccessfull - except that my service-provider temporarely has suspended my site due to the many notification-mails send from admin-tools. I know that I can stop the sending of mails from my site, but do you have a better suggestion how to stop this kind of attack???
#40382 How do I avoid DDOS attack on backend
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
5.0.2
PHP version
php 8.2
Admin Tools version
newest
Latest post by nicholas on Monday, 04 March 2024 03:20 CST
Monday, 04 March 2024 03:20 CST
nicholas
Akeeba Staff
Manager
Go to administrator, Components, Web Application Firewall, Configure WAF, Logging & Reporting tab, and empty the field "Email this address on blocked request".
Remember that sending emails for blocked requests is something you should only ever do in TWO (2) cases:
- You have just installed Admin Tools and keep getting blocked as you try different settings
- You are trying to troubleshoot an issue you can't figure out how to reproduce
Under normal operating conditions this feature should be disabled.
Finally, I would recommend also using the Administrator Password Protection feature (which is, in fact, something your web server can do) to add a further protection layer to your administrator login page. This will get rid of attackers even faster, using less server resources.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!