Thoughts, information and reflections about technology

Securing your Joomla admin login from brute force attacks.

I noticed that several of our Joomla sites would slow down significantly. Looking at the access log showed one IP address with numerous GET and POSTs  such as

178.137.93.### – – [11/Dec/2012:07:40:15 -0700] “POST /administrator/index.php HTTP/1.1” 303 – “http://www.XXXX.com/administrator/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

 

178.137.93.### – – [11/Dec/2012:07:40:16 -0700] “GET /administrator/index.php HTTP/1.1” 200 1736 “http://www.XXXX.com/administrator/index.php” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

The IP addresses usually resolved to a Pacific Rim or European location.

We had installed the Securitycheck extension. However, the offending IPs had to be added manually. That was not a workable solution.

There are a number of commercial and non-commercial Joomla extensions that can help. We tried Adminexile. The extension works by having you set a key and or key/value combination. The end result is that going to www.yoursite.com/administrator no longer takes you to your admin control panel. Rather, it will redirect to whatever page you specify. The default is the home page.

Your new login will look like www.yoursite.com/administrator/index.php?key   where key or key=value is what you set in the plugin.

NOTE – It would be a very good idea to back up your site with akeeba backup or other backup tool in the event that something goes wrong. We’ve tried it on a number of sites with no problem.

So, in summary, you should be:

 

  • Checking your access log periodically for evidence of someone trying repeated Gets and Posts to your /administrator/index.php
  • Running a security app such as Securitycheck
  • Running an extension to protect your administrative login page
  • Be sure to use a strong password that is resistant to dictionary attacks or commonly used password attacks.
There are other measures such as changing the admin account’s ID that can be taken in addition to the bsic measures.

 

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Archives
Categories
Amazon Disclosure

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.