Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? No
Joomla! version: 2.5.7
PHP version: 5.3.x
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: 2.4.0 Pro
Description of my issue:
Since the last update I recieve sometimes weird Security Exception Log warnings like this:
IP Adres: 10.0.0.92, 201.36.XXX.XXX
Reason: http://ip-lookup.net/index.php?ip=10.0.0.92, 18.104.22.168
And after an automatic block after three attemps the IP adres '0.0.0.0' is blocked. Obviously the WAF can't handle this combination of two IP-adresses?
How is it possible that two IP-adresses try "illegal actions" at the same time? In most cases the actions try to login into the website with target URL's like these: http://website.com/user/login/index.php or http://website.com/wp-login.php.
Off course these attemps are useless and will never work.
I've never seen this behaviour before in my logs. Any idea?