Someone (or something) is trying to log in as Admin Topic is solved

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
dan40
Joomla! Intern
Joomla! Intern
Posts: 53
Joined: Tue Nov 06, 2012 11:52 pm
Contact:

Someone (or something) is trying to log in as Admin

Post by dan40 » Fri Apr 19, 2019 7:03 pm

I noticed in my Control Panel in the Latest Actions section, about once every hour, there is an attempt by someone or something to log into my site as Admin.

How do I find out what IP this is coming from an ban it?

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7742
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Someone (or something) is trying to log in as Admin

Post by sozzled » Fri Apr 19, 2019 7:15 pm

You need to use web analytics to find out what/who/where these attempted logins are originating from. However, even if you can "isolate" the IP address of the source, there's also the probability that the IP address may be spoofed (i.e. the IP address changes faster than we can say abracadabra). Therefore, "banning" or blocking the source based on an IP address (or range of IP addresses) may not necessarily be the solution.

Suggest that you search on Google for "IP address blocking" to see what you find and what the expert commentators have to say on the mater.

Lots of web analytics software is out there. I prefer to use Google Analytics but everone has their personal favourite(s). Also, your webhosting provider may be able to point to some built-in analytics that are used by them. Good luck. 8)

What you also could do is to hide your administrator backend so that entering http(s)://your-site/administrator redirects to the frontend. Some good Joomla extensions do that; search the Joomla Extensions Directory for https://extensions.joomla.org/tags/access-security/ or similar.
https://www.kuneze.com/blog
I need your help to help reduce spam at the Joomla forum. You can help with your ideas, questions and opinions at viewtopic.php?f=7&t=974006. Together we can make a difference :)

dan40
Joomla! Intern
Joomla! Intern
Posts: 53
Joined: Tue Nov 06, 2012 11:52 pm
Contact:

Re: Someone (or something) is trying to log in as Admin

Post by dan40 » Fri Apr 19, 2019 8:34 pm

Thank you for the idea, sozzled! I found a nifty little plugin called "adminexile" in the Joomla Extensions directory that seems to be working well. If someone tries to log in to my Admin page, it will redirect them to my homepage. To gain access to my homepage, I have a completely different URL I have to go to. It does work, I just have to remember what the Admin URL is (which is recoverable, by the way, just in case one forgets).

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7742
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Someone (or something) is trying to log in as Admin

Post by sozzled » Fri Apr 19, 2019 8:42 pm

Yes. That's a good way to address the problem. :)
https://www.kuneze.com/blog
I need your help to help reduce spam at the Joomla forum. You can help with your ideas, questions and opinions at viewtopic.php?f=7&t=974006. Together we can make a difference :)


Post Reply

Return to “Security in Joomla! 3.x”