Help: Entire website blocked
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Apprentice
- Posts: 5
- Joined: Wed Aug 22, 2007 2:35 am
Help: Entire website blocked
Guys,
I am recieving the following message on both my main joomla site and the administrator site.
Your IP address has been blocked because there were too many unsuccessful login attempts in a short time. Your IP address is: [ redacted ].
The ip address of [ redacted ] is my bluehost web server address.
I have a second joomla website on the same account that is running fine.
Both have the latest version of joomla
Things I have tried:
- Enabling debug (in configuration.ini) - Nothing shown
- Enabling error reporting to maximum - nothing shown
- Manually setting enable to 0 for any security plugins that I had installed in the database (bfstop, centrora and jhackguard)
- Replacing index.php with a very basic index.php (to test that php is not the issue) - worked fine
The website is http: [ redacted ]
Thanks in advance guys
I am recieving the following message on both my main joomla site and the administrator site.
Your IP address has been blocked because there were too many unsuccessful login attempts in a short time. Your IP address is: [ redacted ].
The ip address of [ redacted ] is my bluehost web server address.
I have a second joomla website on the same account that is running fine.
Both have the latest version of joomla
Things I have tried:
- Enabling debug (in configuration.ini) - Nothing shown
- Enabling error reporting to maximum - nothing shown
- Manually setting enable to 0 for any security plugins that I had installed in the database (bfstop, centrora and jhackguard)
- Replacing index.php with a very basic index.php (to test that php is not the issue) - worked fine
The website is http: [ redacted ]
Thanks in advance guys
Last edited by toivo on Thu Mar 21, 2019 8:13 am, edited 1 time in total.
Reason: mod note: removed URL and IP address
Reason: mod note: removed URL and IP address
- toivo
- Joomla! Master
- Posts: 17427
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Help: Entire website blocked
Does your site use an extension to improve its security, for example Admin Tools?
Toivo Talikka, Global Moderator
-
- Joomla! Apprentice
- Posts: 5
- Joined: Wed Aug 22, 2007 2:35 am
Re: Help: Entire website blocked
After my site was hacked last year I installed several security extensions.
bfstop
Centrora
jhackguard
Admin Tools
I have just got back form the doctor and everything is working now.
But this is the second time this week that this has happened so I really need to identify the cause.
bfstop
Centrora
jhackguard
Admin Tools
I have just got back form the doctor and everything is working now.
But this is the second time this week that this has happened so I really need to identify the cause.
- toivo
- Joomla! Master
- Posts: 17427
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Help: Entire website blocked
Good to hear, the block must have timed out. This is a real problem because anyone can trigger the block if the IP address is the proxy server of your host, instead of the IP address of the end user.
The block may be originating from one of the first three extensions because the message displayed by the Web Application Firewall (WAF) of Admin Tools starts with ''You are a spammer, hacker or an otherwise bad person", unless it default message has been modified in the configuration of WAF.
If you have the installation packages of the three extensions, expand them and use a text search tool or just an editor and the language files to find the start of the message "Your IP address has been blocked". Once you locate it, read from the documentation of that extension how an IP can be removed from the blacklist.
It would be better to uninstall the extension found to be the culprit, because obviously it is not smart enough to detect correctly the source IP address from where the hack attempt or invalid login comes from.
The block may be originating from one of the first three extensions because the message displayed by the Web Application Firewall (WAF) of Admin Tools starts with ''You are a spammer, hacker or an otherwise bad person", unless it default message has been modified in the configuration of WAF.
If you have the installation packages of the three extensions, expand them and use a text search tool or just an editor and the language files to find the start of the message "Your IP address has been blocked". Once you locate it, read from the documentation of that extension how an IP can be removed from the blacklist.
It would be better to uninstall the extension found to be the culprit, because obviously it is not smart enough to detect correctly the source IP address from where the hack attempt or invalid login comes from.
Toivo Talikka, Global Moderator
- toivo
- Joomla! Master
- Posts: 17427
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Help: Entire website blocked
It is also possible that the reverse proxy server or load balancer of your host produces incorrect request headers, which are then inspected by the security plugins.
You had already tried to disable those plugins but that did not seem to remove the block. Therefore you should talk to your host and find out about their reverse proxy server if it does some filtering and blocking.
You had already tried to disable those plugins but that did not seem to remove the block. Therefore you should talk to your host and find out about their reverse proxy server if it does some filtering and blocking.
Toivo Talikka, Global Moderator
- Slackervaara
- Joomla! Ace
- Posts: 1115
- Joined: Sat Aug 13, 2011 6:27 am
Re: Help: Entire website blocked
It might be BfStop that locked your out:
What can I do in case I have locked myself out?
Read this:
https://github.com/codeling/bfstop/wiki/FAQ
What can I do in case I have locked myself out?
Read this:
https://github.com/codeling/bfstop/wiki/FAQ
- JAVesey
- Joomla! Hero
- Posts: 2635
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Help: Entire website blocked
Good call - that message is from BruteForceStop.Slackervaara wrote: ↑Tue Mar 26, 2019 8:51 pmIt might be BfStop that locked your out:
What can I do in case I have locked myself out?
Read this:
https://github.com/codeling/bfstop/wiki/FAQ
Curious as to how the OP has ended up in this situation though; can only be that it's self-inflicted if it is BFStop. If gives you a countdown of attempts left then blocks the IP which must, by definition, be the Op's own IP.
One way round it would be to login via another device, e.g. a mobile phone over 4G, if the original attempts were via a device connected via wifi/local router, i.e. use a device with a different i.p. address.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
- Webdongle
- Joomla! Master
- Posts: 44074
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Help: Entire website blocked
Reboot your router and see if your ISP sets a different IP address. That should get you in. Also please viewtopic.php?f=806&t=969442
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Apprentice
- Posts: 5
- Joined: Wed Aug 22, 2007 2:35 am
Re: Help: Entire website blocked
I had a good look at the bfstop access attempt logs and I would say that toivo is on the money with his post.
The log shows login attempts from several users that I know are valid users but all attempting to connect from the same ip address, which happens to be the same address as the web host.
To fix the issue I have put my webhosts ip in the bfstop whitelist and this seems to have fixed the issue.
My site has been using bfstop for well over 12 months without issue and this has happened out of the blue. Because of this I would highly recommend other bfstop users to whitelist their webhost ip, just in case.
- JAVesey
- Joomla! Hero
- Posts: 2635
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Help: Entire website blocked
Good newsWizard_TPG wrote: ↑Tue Mar 26, 2019 11:57 pmTo fix the issue I have put my webhosts ip in the bfstop whitelist and this seems to have fixed the issue.
I've been using BFStop for about 6 years and not seen this before. You advice is soundWizard_TPG wrote: ↑Tue Mar 26, 2019 11:57 pmMy site has been using bfstop for well over 12 months without issue and this has happened out of the blue. Because of this I would highly recommend other bfstop users to whitelist their webhost ip, just in case.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28