Repeated hacking attempts

Discussion regarding Joomla! 3.x security issues.
Post Reply
DorsetJoomla
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 202
Joined: Thu Jan 24, 2008 12:20 pm

Repeated hacking attempts

Post by DorsetJoomla » Fri Jan 22, 2021 10:07 am

I run a number of Joomla websites and following a few hacking incidents a few years ago I now use Akeeba AdminTools which seems to keep things in order. However I have noticed over the past year or so that Admin Tools is regularly flagging up daily "Security Exceptions" on all of my sites which are of course, attempts to break in to the back end. Some are quite determined and I have set AdminTools to block the IP address of violators after three attempts within five minutes. Most of the sites are for local village halls or churches or campsites so no great commercial value involved.
All of my sites run on the same hosting service and I was wondering if others see this and whether it's a function of the way that my sites are hosted? Any thoughts or comments welcomed.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13261
Joined: Thu Feb 15, 2007 5:48 am
Location: Zagreb, Croatia

Re: Repeated hacking attempts

Post by toivo » Fri Jan 22, 2021 10:54 am

That sounds normal. Daily attempts by hack bots run by script kids or criminal gangs, who try to find sites with vulnerable third party extensions or out-of-date versions of WordPress or Joomla and then take them over and subsequently infect browsers and workstations with malware.

Admin Tools is a good defence against those attempts and you are doing the right thing.
Toivo Talikka, Global Moderator

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2291
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Repeated hacking attempts

Post by JAVesey » Sun Jan 24, 2021 10:07 am

toivo wrote:
Fri Jan 22, 2021 10:54 am
Admin Tools is a good defence against those attempts and you are doing the right thing.
Absolutely.

Have you enabled 2FA on the administrator accounts? Well worth doing.

Also, one further step you could take would be obfuscate/hide the /administrator URL. I'm not sure if Admin Tools allows this but if it doesn't then you might like to take a look at Michael's Richey's excellent AdminExile plugin which is widely used.
John V
Cardiff, Wales, UK
Uses Joomla 3.9.24 and PHP7.4.11

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 6466
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Repeated hacking attempts

Post by AMurray » Sun Jan 24, 2021 10:21 pm

Admin Tools also does indeed have the same function as AdminExile with the secure code you append to the /administrator URL.
Regards,
--------------------------------------------------------------
A Murray
Help you I can, yes!. Post your question, you should. Keep it on topic you must!
Use the Forc....Forum Post Assistant my young Padawan!

Adwans
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Feb 13, 2019 12:32 pm

Re: Repeated hacking attempts

Post by Adwans » Mon Jan 25, 2021 12:01 pm

Some hosting providers offer kinda WAF (firewall) utility now - so blocking is on the server level not bearing joomla application so much.


Post Reply

Return to “Security in Joomla! 3.x”