Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by nicholas on Saturday, 17 January 2026 04:15 CST
What happens with hacker blocked IP's to my good members when they log in?
Are they affected?
My members only log in once a year from March to May to register for an in person meeting, will they be blocked?
Do I need to do anything before that to clear them, I have 950+ members.
Once you block an IP it's blocked. Nobody connecting from this IP can connect to your site.
Which is why I already told you not to block IPs manually and let Admin Tools handle it by itself. 99.999% of blocked IPs are bots which get blocked once and go away. These auto-blocked IPs are temporarily blocked. Once the temporary block expires, they can once again access your site.
Blocking an IP manually should be an extremely rare event that you only have to do if you are positive that this IP is not temporarily assigned to a bad actor and can never again be assigned to a legitimate user or service. I can count the times I had to do that the past 15 years in one hand, and I have enough fingers left on that hand to hold a pint glass full of water securely.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Yes once I understood the manual blocking I deleted all those and I have been letting the software work as it should. This site has had over 100 attempts blocked.
What I am asking is when my registered members try to login to the website will the admin tools software give them any issues?
FYI - These people are very intelligent idiots (mechanical engineers) I just do not want 950 people emailing me that they can not log in to sign up for the yearly meeting
so I wanted to know will they be flagged using the member login form? They use a username and a password.
I do not know their IP addresses, If I have to make any changes to let them log in I would want to do it before March of 26.
LOL! I am a Mechanical Engineer by education as well! I have been around enough engineers (Mechanical, Chemical, and Civil) before starting my software business to know precisely what you mean :D
IP blocking should not be an issue, neither should logging in. Make sure to disable the option to treat failed logins as a blocked request to be extra sure for those who are "absolutely certain" they are using the right username and password – spoiler alert: they are not. This is an option I have kept disabled on this here site as well for similar reasons.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
LOL as well as myself I was a drawing board (early days)CAD Product and Tool Designer for over 30 years.
In 2008 I went back to school and got a degree in Website development and it was a side hussle for about 10 years. Now I am retired from the design work and full time Joomla website developer. You are very correct. I have 950 people on this site and every year I bet 75 of them can not get their password correct and have to change it LOL again. I will keep this email for when they close to the meeting sign up in April and use your instructions. Thanks Wade
I had a good user get blocked today do I have something set wrong ?
He said his account was "Banned" Is that an Akeeba Tools message?
I do not know yet if he tried 3 times, I asked him but he has not responded yet.
I did get an IP block notice from my area this morning.
Wade
Admin Tools does not "ban" any user accounts. Without knowing what exact message they get, what messages you have configured in Admin Tools, and their IP address you are essentially asking me to roll the dice. Spoiler alert: I famously roll like dog poop in our Dungeons and Dragons campaign, so probably you don't want me to do that.
In all seriousness, you need the message to compare it with what is configured in Admin Tools. If their IP got temporarily (or permanently) banned there's a reason listed in the Blocked Requests Log for their IP address. With that Target URL and Reason you can figure out why they got blocked. Maybe you enabled the option to treat failed logins as blocked requests? If so, disable it. As you said, your users are mechanical engineers who –I extrapolate– are likely to fumble the login, therefore you don't want them to get auto-blocked for it.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
My guess is when I first started using Admin tools I set something up wrong?
I have members trying to log in and I suspect they are screwing up their password and trying multiple times and they are getting banned.
I sent an attachment that I "think " might be the login attempts of members as the IP says it is local to me.
I did find an email message that says "banned". See Akeeba7.
I must have changed that before I knew what I was doing, but I don't remember doing it. I probably also checked something to make that happen to good log in attempts.
Here is where I think they are getting banned from See Akeeba8.
I need to keep the hacker out which has been a life saver so far, but in March the current members need to log in for a once a year meeting head count.
HELP
Wade (former Engineer) LOL
As I told you about ten days ago:
Make sure to disable the option to treat failed logins as a blocked request to be extra sure for those who are "absolutely certain" they are using the right username and password – spoiler alert: they are not. This is an option I have kept disabled on this here site as well for similar reasons.
What I mean is go to the Configure WAF page, Hardening Options tab, set "Treat failed logins as a reason for blocking the request" to No, click on Save & Close.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!