Hi All,
I have recently been hit with a large number of attempts to the back end of my site. I have :
RS Firewall and JSecure installed. So every time someone makes a failed attempt I get an email. In the past day and a half, I have gotten well over 200 emails.
Is there a way that I can prevent this or at least limit this from happening? I have read that I cannot change the name or location of the admin folder because components rely on it and it will probably break my site. What I would love to do, is only accept for a few ip addresses and everything else gets redirected to a honeypot or something that will keep these bots off my site.
Any suggestions?
Redirect to honeypot
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
- Z9iT
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Oct 14, 2011 8:15 am
- Contact:
Re: Redirect to honeypot
I am ignoring that you are using RS Firewall and JSecure.... and suggesting you with what i think should be more powerful than this.
1) Password protect your admin directory (with .htaccess files, if supported by your server)
2) Provide a leech protection to the above said. Make it even more conservative by allowing only one instance of successful login. if some1 will try to login the second instance, the acc should get disabled.
3) Set the session lifetime as low as possible.. I think 10 mins. is more than enough.
4) Add a permanent 301 redirect to your admin directory, and disable it whenever you wanna login to backend.
5) Edit the login.php file in the admin directory so that only the login username and password fields are left and nothing else on that page. place them far apart so that no-one can even make a wild guess that its a login page.
Being more geek-freek, you can add google analytics code to this.
6) If you have a static IP. thats wonderful, you can allow the access to admin directory with that particular IP only (google this, Hope .htaccess files will do that for you)
7) have a proper file permissina 755/644 and follow the security checklist....
I am over with the points.... even doing two of them will make your friends say that you are a freak (as i faced), but you can try all of them
1) Password protect your admin directory (with .htaccess files, if supported by your server)
2) Provide a leech protection to the above said. Make it even more conservative by allowing only one instance of successful login. if some1 will try to login the second instance, the acc should get disabled.
3) Set the session lifetime as low as possible.. I think 10 mins. is more than enough.
4) Add a permanent 301 redirect to your admin directory, and disable it whenever you wanna login to backend.
5) Edit the login.php file in the admin directory so that only the login username and password fields are left and nothing else on that page. place them far apart so that no-one can even make a wild guess that its a login page.
Being more geek-freek, you can add google analytics code to this.
6) If you have a static IP. thats wonderful, you can allow the access to admin directory with that particular IP only (google this, Hope .htaccess files will do that for you)
7) have a proper file permissina 755/644 and follow the security checklist....
I am over with the points.... even doing two of them will make your friends say that you are a freak (as i faced), but you can try all of them
http://z9it.com....Bringing the best of www, in a gist...
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Redirect to honeypot
Glad you acknowledge it is just an opinion of yourself.Z9iT wrote:I am ignoring that you are using RS Firewall and JSecure.... and suggesting you with what i think should be more powerful than this.
Interesting suggestion especially when one has multiple admins2) Provide a leech protection to the above said. Make it even more conservative by allowing only one instance of successful login. if some1 will try to login the second instance, the acc should get disabled.
That is in many cases not enough at sites where a lot of text is being used and people creating online content. You will be kicked out before saving (most forget to save/apply before finishing) Default Joomla settings are ok3) Set the session lifetime as low as possible.. I think 10 mins. is more than enough.
again interesting idea when you have multiple admins...Give all access to .htaccess? Secure?4) Add a permanent 301 redirect to your admin directory, and disable it whenever you wanna login to backend.
Are bots that stupid?5) Edit the login.php file in the admin directory so that only the login username and password fields are left and nothing else on that page. place them far apart so that no-one can even make a wild guess that its a login page.
These days IP's are most often dynamic6) If you have a static IP. thats wonderful, you can allow the access to admin directory with that particular IP only (google this, Hope .htaccess files will do that for you)
Well thats a real good advise!7) have a proper file permissina 755/644 and follow the security checklist....
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- MikeHell
- Joomla! Apprentice
- Posts: 43
- Joined: Tue Mar 13, 2007 12:52 am
- Contact:
Re: Redirect to honeypot
Hi biggatings.
Instead of criticising other posters in this thread and ignoring your question altogether, I will offer you a few suggestions.
The Redirect Failed Login extension -> http://extensions.joomla.org/extensions ... ccess/6495 , also allows you to redirect failed logins to a url of your choosing, plus specify a time delay to slow down brute force login attempts.
If you also need a simple honeypot script to log the details of anyone who has been redirected from the failed admin login attempts, I can make something for you (for free) and post it here.
Instead of criticising other posters in this thread and ignoring your question altogether, I will offer you a few suggestions.
If you are using the latest version of jsecure you can already whitelist IP addresses and you can also set a custom url redirect for failed login attempts.What I would love to do, is only accept for a few ip addresses and everything else gets redirected to a honeypot or something that will keep these bots off my site.
The Redirect Failed Login extension -> http://extensions.joomla.org/extensions ... ccess/6495 , also allows you to redirect failed logins to a url of your choosing, plus specify a time delay to slow down brute force login attempts.
Other than that, if you are the only administrator, then I think placing a .htaccess file in the admin directory and whitelisting your IP address or IP range there is a good solution too.This little plugin allows you to manage failed login attempts.
The latest version can deter hackers by adding a programmable time delay after a failed login attempt. Upon a failed login attempt, you can redirect to a page in your Joomla site, redirect to a completely different site, or not redirect at all (default).
Optionally, you can have it display a custom message such as "Login Failed - please try again".
If you also need a simple honeypot script to log the details of anyone who has been redirected from the failed admin login attempts, I can make something for you (for free) and post it here.
- Z9iT
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Oct 14, 2011 8:15 am
- Contact:
Re: Redirect to honeypot
@leolam ,
I appropriate that you acknowledged my post,
you asked,
I appropriate that you acknowledged my post,
you asked,
I agree its being silly to modify login.php, however it works well when you have a bunch of unethical friends. I remember one of my friend sneeked into my PC just 2 find my admin username n paswrd saved somewhere, however my kungFu was stronger than his.... me managed to reach the admin page, but banged his head for 3 Hrz to find the login box....lolz...hahahahaAre bots that stupid?
http://z9it.com....Bringing the best of www, in a gist...