I understand this is slightly off from a pure security topic, but I would like to explain my issue in detail first before you discard me completely Here is my issue in the chronological order of the events:
1. 3 days back, I noticed I can not access the joomla admin page from any machine from my home broadband. If I try to access, the server simply drops the connection. But I can browse all the other pages of my website.
2. I can successfully login to joomla admin from the same machines if I use some other ISP. So the problem only happens when browsing from specific set of IP addresses of my home broadband provider.
3. Next I observed, the problem is not restricted for /administrator account only. It's basically with any *.php page. If I want to open any URL of my site that contains *.php (using my home broadband), server drops the connection. So basically:
example.com/administrator ===> Works!
example.com/administrator/index.php ===> does not work (server drops the connection)
Since I am using SEF URL with .html extension for the front end pages, I can access them from any machine under my home broadband. But as backend use index.php page - I can not use the backend. Similarly, I can not access any other .php page (e.g. the fpa-en.php page placed in my root)
4. I have done simple things like - rebooting my home router / clearing caches in browsers, server / contacting my server admin and ensuring that there is no firewall level IP based filtering for my outward IP of my BB service / disabling CDN / checking in .htaccess for any banned IP etc. with no result.
5. Finally, yesterday night, my server admin informed me that since the time I am facing the issue - they logged a huge series of SQL Injection attacks on joomla /component/search
module - but the attack was blocked by "mod_security" module in the Apache. And the attackers IP addresses were mostly from the same range of the IP addresses that my home broadband service provider use. We tried disabling "mod_security" but situation did not change.
Sorry for the long post, but if you have not read the full and directly came to this para
here is short brief: Something causing the web server to drop the connection when trying to access any *.php page directly from a specific IP range.