#9876 – I'm Locked Out of My Account and Can't Figure Out Why

Posted in ‘Akeeba Admin Tools for Joomla!’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Wednesday, 11 May 2011 20:26 CDT
user37884
Mandatory information about my setup:

Have I searched the forum before posting? Yes
Have I read the Troubleshooting Wizard before posting? No Can't find it.
Have I read the documentation before posting? Yes
Joomla! version: 1.5.23
PHP version: 5.2
MySQL version: 5.0.91
Host: site5.com
Admin Tools Professional version: 2.0.5


Description of my issue:

Hi,

I setup Admin Tools Pro and the next day I got banned from my site from my home IP address.

Sometimes I get 403 - An error has occurred

You've got to ask yourself one question: Do I feel lucky?

and sometimes I get:
Internal Server Error
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.5 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at proposalcafe.com Port 80

I can access the site (frontend and backend) from my office computer. I am blocked from all computers at my home IP address.

I have gone in and changed the name of the main.php plugin and I immediately get access to the site. I have turned off the WAF settings one at a time and that doesn't help. I replaced the .htaccess file with the standard Joomla file but that doesn't help. My home IP address does not appear in the Site IP Blacklist although it does appear in the Security Exceptions Log as Bad Behavior when I access the site. I am not sure what else to try.

Any help is appreciated.

Bill

Here is one more bit of information that I just noticed.

I mentioned that my IP address appears in the Security Exceptions Log as Bad Behavior when I access the site. I just noticed that the most recent entry in this log listed the reason as Site IP Blacklist (not Bad Behavior). I have checked and the IP address is not listed in the Site IP Blacklist.
Wednesday, 11 May 2011 20:55 CDT
earthrat
It is because you did something that flagged your IP to be banned. The answer is in the database (jos_admintools_ipblock). Identify your IP and find it in the list and remove it.

I have found this problem happened to me if I did not log out of the admin and then clicking on something when I was logged out it would ban me.
 
Thursday, 12 May 2011 02:11 CDT
nicholas
Yes, auto-banning of IPs is the reason why this happens. Right now there is no administration of auto-banned IPs and you have to remove the ban by editing the tables. A feature to manage auto-banned IPs is planned for the next release.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Thursday, 12 May 2011 04:53 CDT
user37884
Hi and thank you both very much for your help. I believe we are on the right track but here is what I see now. My IP address does not appear in the IPBlock table but it does appear in the AutoBanIP table. I delete it from that table and it pops right back in again. It lists the reason as ipbl (which I assume is IP Blacklist). I checked 3 times and I am sure my IP address is not in the IP Blacklist. Could something else be feeding my IP address to the AutoBanIP table?

Thanks again for your help.
Thursday, 12 May 2011 04:57 CDT
nicholas
OK, here's the proper procedure, using nothing but phpMyAdmin:
- Open table akb_admintools_log and delete all rows where the ip column is your own IP
- Open table akb_admintools_ipautoban and remove all rows where the ip column is your own IP

You are now clear to use your site.

When the auto-ban is enabled, it scans the akb_admintools_log table for repeat violations and adds the repeat offender's IP to the akb_admintools_ipautoban table. You have to remove the records from both tables to disallow it from banning you all over again.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Thursday, 12 May 2011 18:05 CDT
user37884
Hi again,

I had high hopes that this would solve my problem but so far I am still banned.

Here is what I did.

I opened table akb_admintools_log and deleted all rows where the ip column is my own IP
then I opened table akb_admintools_ipautoban and removed all rows where the ip column is my own IP

I still got an error when I tried to login and found that my IP address had been added back to the akb_admintools_log table.

Next I logged in to my work computer and turned off auto-ban but I got the same results. (my IP added back into the akb_admintools_log table whenever I tried to login.)

Next I turned off Bad Behavior and got the same results as above.

The only thing that I noticed that might be helpful is that the entries in the akb_admintools_log table when I try to login lists the reason as ipbl. Again, my IP address is not showing up in the ipblock or ipautoban tables.

I think I am going to clean all of the tables of my IP address and then try to login from home from a different computer to see if that helps.

Let me know if you have any further ideas.

Thanks.

Hi again ... I tried from a different computer but got the same error and it added my IP to the akb_admintools_log table everytime I tried to login.
Thursday, 12 May 2011 20:55 CDT
slaes
Bill,

Try dropping ALL from below tables. Are you sure your not missing your ip?

akb_admintools_log
akb_admintools_ipautoba

If that fails to work. Log in, disable the admin tools plugin, uninstall atp. Check the Tables to make sure they are gone. (they should be, check anyway)

Reinstall, reconfigure. Set IP blocking of repeat offenders and Enable Bad Behavior filter to No and your done. If your nervous about not having ip blocking enabled, dont be.
Thursday, 12 May 2011 22:00 CDT
user37884
Hi and thanks for the help.

I tried dropping the tables but that didn't help so I uninstalled and reinstalled as you suggested and I now have access back to the site from my home IP address. Thanks very much for that.

I am not too concerned about having IP blocking of repeat offenders turned off but I am concerned about turning off the Bad Behavior filter. Does that leave my site vulnerable?

Thanks again for the help.
Thursday, 12 May 2011 23:25 CDT
slaes
Hey Bill,

Glad all that fixed your issue.

Perosnally i dont use the bad behaviour filter and i dont think its necessary.

Dont quote me however i believe Nico has even considered removing it from future releases. Im sure he can provide his opinion on it for you.
Friday, 13 May 2011 01:23 CDT
nicholas
The "ipbl" reason means that you had added your own IP to the (manual) IP blacklist. The quick workaround would be clearing the entry from the jos_admintools_ipblock table ;)

The Bad Behaviour filter has a very itchy trigger finger. It is not completely necessary for the security of your site. It's a paranoia setting. Future releases of Admin Tools will not completely remove it, but will ship with this feature turned off by default.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Friday, 13 May 2011 02:33 CDT
slaes
lol, paranoia setting. Where do you come up with this stuff man. Funny!
Friday, 13 May 2011 04:31 CDT
user37884
Hi again and thank you both for your help.

Your answers have given me a better understanding of how things work. I hope someone else can benefit from this thread too.
Friday, 13 May 2011 05:19 CDT
nicholas
@slaes It's basically a Kurt Cobain lyric: "just because you're paranoid, don't mean they're not after you" ;) Bad Behaviour is really paranoid deep down; it assumes that all visitors are hackers, spammers or otherwise unwanted unless proven innocent beyond any shred of doubt. Hence, integrating it is a "paranoia" setting :D

@BillA You're welcome!


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Sunday, 15 May 2011 09:57 CDT
rolandd
Hey guys,

I also face the issue as some ppl remarked here that my home IP gets blocked. Going into PMA and delete my IP solves the problem obviously but is a bit PITA. Now I was thinking, can we have an option where you can enter 1 or more IPs as verified. This would mean that from these verified IPs one can always access the site.

Just my 2 cents.

Home of RO CSVI and RO Payments https://rolandd.com

Sunday, 15 May 2011 11:20 CDT
nicholas
I am now uploading a Developer's Release (revision 281) which fixes this issue in two different ways:

1. It adds a new options ("Never block these IPs") where you can enter a coma-separated list of IPs which should never be automatically banned.

2. If you are using the administrator IP white-list to limit access to your administrator area, those IPs will never be auto-banned. The idea is that you have already designed those IPs as belonging to people who should have administrator access, therefore it's unlikely that they will try to hack your site, ergo they should never have their IP addresses auto-banned.



Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Friday, 10 June 2011 13:30 CDT
user14074
I'm soooo frustrated!

Totally locked out of the Admin site.

It was working fine, but when I tried to use Blueflame forms it was saying it didn't have write access, so I went to the directory permission configuration of Admin Tools and tried to change the directory permissions to the blueflame plugin library (yes, I now remember about that configuration in the firewall.) The point being it immediately locked me out of the Admin side.

Replaced my default .htaccess.

In myphpadmin I've disabled the Admin tools plugin, the Admin Tools component, I've tried to drop the row on `jos_admintools_ipautoban` though it wouldn't drop until|datetime row. I checked to make sure my assigned IP address wasn't in the log.

I've tried it in 3 different browsers so I doubt it's a cache/cookies issue.

Frankly I don't know what else to do. I'll keep searching this site and google with different combinations of keywords until I can figure out how to completely disable Admin Tools with myPHPadmin and allow myself back into the site so I can reinstall it.
Friday, 10 June 2011 13:33 CDT
nicholas
As per our documentation instructions, disabling the Admin Tools system plugin (thus removing Admin Tools security features) is as simple as renaming plugins/system/admintools/main.php to main.php.bak. This will allow you to access your site.

From that point, you MUST NOT drop any Admin Tools table! Dropping the table will cause the component and its plugins to fail with SQL errors. Instead, you have to empty the tables (delete their contents, not the tables themselves). The two tables you have to empty are jos_admintools_ipautoban and jos_admintools_log.

The next version of Admin Tools will also have a "safe IP" list where you can add your own IP so that you do not get accidentally auto-banned.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Friday, 10 June 2011 13:48 CDT
user14074
Well, I did miss that about renaming the file in the plugins/system/admintools. So, sorry I over-looked that detail. However that still didn't fix my problem. Still locked out. Firefox is a blank page but Chrome is reporting it as a 500 error.

I'm not sure what got hosed along the way. Front-end is working fine. Everything should be turned off in the back-end, yet here I am.

Is there a way to safely remove Admin Tools from the database without messing things up further?
Friday, 10 June 2011 14:01 CDT
nicholas
If you renamed that file, there is absolutely no Admin Tools code running on your site (not until you log in to your back-end and the Joomla! update check plugin runs). Moreover, the 500 error does not mean that Admin Tools locked you out (it would throw a 403 error message). The 500 error means that a PHP error occurred. Based on your description, the most likely cause is that you applied 0777 permissions somewhere and your server is running suPHP. Just try giving all directories inside administrator (and their subdirectories) 0755 permissions and 0644 permissions to all files included in administrator and its subdirectories.

If that fails, please follow Phil Taylor's instructions for enabling verbose output of PHP errors. This will let Firefox display an error message instead of a blank page. Copy and paste it here and we'll see why this issue occurs and how we can fix it.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Friday, 10 June 2011 14:10 CDT
user14074
Ah. That will indeed be my next tactic. I think it may be the cgi php wrapper that my server host uses for ownership didn't work with Admin Tools permissions function. Perhaps Admin Tools in someway failled this...? I've used the repair permissions script in AT many times with problems so maybe it was trying to re-write permissions in the configuration. I'll find out and report back.

Thanks for the prompt support and patience.
Friday, 10 June 2011 14:16 CDT
user14074
Dude, you are f'in genuis!

The permissions on an unrelated system plugin got set to 644 and this was the problem.

Thanks again for the fast and patient support. You're a credit to the world of open source.
Friday, 10 June 2011 15:29 CDT
user14074
A couple quick thoughts/questions from a place of not-frustration...

I see why I got confused about what to delete in [*]_admintolls_ipautoban; it was empty and so I didn't pay attention to 'Drop' instead of 'Delete' -- Doh!

I'm turning off, for the time being, the Bad Behavior, especially paying attention to how many entries it's writing to the log. How likely is it that these are innocent visitors being flagged? And it's cool if I delete the log entries and IPs once I turn this off, no?

Cheers.
Saturday, 11 June 2011 04:48 CDT
nicholas
Admin Tools applies the permissions you tell it to, even if they are bound to cause a problem (Admin Tools can't know that, unfortunately). When you have a suPHP host, you should only apply these permissions:
- Directories: 0755
- Files: 0644
Everything else is either unsafe or will cause problems.

Regarding the Bad Behavior integration, it has an itchy trigger finger. It will produce a lot of false positives. I consider it a "paranoid mode" security feature. For most sites you can safely turn it off.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Tuesday, 14 June 2011 04:30 CDT
user40329
I am going to read and try the solutions above. I can't access my site , I get this message;

Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.

I think it was because I clicked on way too many options and some how got my own ip banned. Like a kid in a candy store.
www.jjmonkey.com
design getting slightly better.
Tuesday, 14 June 2011 04:38 CDT
slaes
mate, that website is different.

Were you using google chrome when this error popped up?


Tuesday, 14 June 2011 05:56 CDT
nicholas
You are using HTTPS and have many links to insecure (HTTP) media files on external domains. That doesn't make most browsers happy. You may want to change those links to external content to HTTPS.

Regarding the error you got, it looks like your browser had cached the wrong SSL certificate file for the website. Trying to clear the browser cache usually works wonders to resolving this kind of issues.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Tuesday, 14 June 2011 06:42 CDT
user40329
Hi again , thanks for both your replies.

I am using chrome, and I just cleared the cache but it didn't fix the problem. I installed Firefox and just got a blank screen.

I wanted to use Google fonts, that is why there are lots of external files. It's not a question about your software but what is the preferred way to do this with ssl?

I think I am going to hire some one to help use set up an e-commerce site using virtue mart once the design is done.

So, back to trying to work out how to get access to my site.

Cheers.

Ashton.
Tuesday, 14 June 2011 06:50 CDT
user40329
I renamed the main.php to main.php.bak like you said previously now I am back in. So I guess I just have to un check a few things now to avoid this happening again?

Cheers.
Tuesday, 14 June 2011 07:14 CDT
user40329
hmm.
main.php consistently locks me out, is there something in this file I need to edit to fix this? sorry for all the questions.
Tuesday, 14 June 2011 07:26 CDT
user40329
ah what fun, followed the instructions (below) every thing is cool again. :)

///
OK, here's the proper procedure, using nothing but phpMyAdmin:
- Open table akb_admintools_log and delete all rows where the ip column is your own IP
- Open table akb_admintools_ipautoban and remove all rows where the ip column is your own IP

Tuesday, 14 June 2011 07:27 CDT
user40329
well except for those damn google fonts.
Tuesday, 14 June 2011 08:14 CDT
nicholas
Regarding the Google font files, you can try a workaround. Go to Admin Tools, SEO & Link and set the "Convert all links to HTTPS when site is accessed over SSL" option to "Yes". Click on Save. Then clean your site's cache and visit the front-end. Does that work?


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Thursday, 16 June 2011 03:01 CDT
user40329
Ah nice idea, Nicholas. You are a smart dude that is for sure. Thanks for your help.
Thursday, 16 June 2011 07:08 CDT
nicholas
You're welcome :)


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Thursday, 23 June 2011 22:39 CDT
xenocast
I'm new to Akeeba Admin Tools but have had this same problem. I figured out the phpmyadmin fix on my own but wanted to find a solution here to keep it from happening again. My (new) site is getting hammered by "bad behavior" from China. I had two admins both white listed get autobanned.

In the WAF config (main page) I had both of these IPs listed separated by a comma (before they were autobanned) in the "White list (separated by a comma) setting. I also had both IPs listed in the Administrator IP White list - again before they were banned. Neither are or were listed in the Black list. Version 2.0.5

For now I've turned off the autoban feature but I hope this gets fixed for the next release.
thanks
Paul
Friday, 24 June 2011 01:46 CDT
nicholas
The solution will be included with Admin Tools 2.1. Version 2.0.5 does not prevent IPs in the white-list from being auto-banned, but 2.1 will do that.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.

Support Information

Working hours: Typically we work Monday to Friday, 9am to 7pm Cyprus timezone (EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets, but we cannot respond to them, outside of our working hours.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!