The Joomla! Forum ™

I understand this is slightly off from a pure security topic, but I would like to explain my issue in detail first before you discard me completely

Here is my issue in the chronological order of the events:

1. 3 days back, I noticed I can not access the joomla admin page from any machine from my home broadband. If I try to access, the server simply drops the connection. But I can browse all the other pages of my website.

2. I can successfully login to joomla admin from the same machines if I use some other ISP. So the problem only happens when browsing from specific set of IP addresses of my home broadband provider.

3. Next I observed, the problem is not restricted for /administrator account only. It's basically with any *.php page. If I want to open any URL of my site that contains *.php (using my home broadband), server drops the connection. So basically:

Since I am using SEF URL with .html extension for the front end pages, I can access them from any machine under my home broadband. But as backend use index.php page - I can not use the backend. Similarly, I can not access any other .php page (e.g. the fpa-en.php page placed in my root)

4. I have done simple things like - rebooting my home router / clearing caches in browsers, server / contacting my server admin and ensuring that there is no firewall level IP based filtering for my outward IP of my BB service / disabling CDN / checking in .htaccess for any banned IP etc. with no result.

5. Finally, yesterday night, my server admin informed me that since the time I am facing the issue - they logged a huge series of SQL Injection attacks on joomla /component/search module - but the attack was blocked by "mod_security" module in the Apache. And the attackers IP addresses were mostly from the same range of the IP addresses that my home broadband service provider use. We tried disabling "mod_security" but situation did not change.

Sorry for the long post, but if you have not read the full and directly came to this para here is short brief: Something causing the web server to drop the connection when trying to access any *.php page directly from a specific IP range.

This problem has been resolved now. The problem was caused because when Apache mod_security blocked the SQL injection attacks, it also triggered csf Firewall to ban the IP

Than can you please ad the "resolved" icon to your very first post?

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---