: Someone trying to attack my Joomla website with many different IP's I have a serious issue here. Someone is trying Brute force login into my site. I already have plugins to nullify that attack.
I have a serious issue here. Someone is trying Brute force login into my site. I already have plugins to nullify that attack. I give only 3 attempts for login and then it blocks that IP. Problem here is that he has used 1000 different IP's to login into administrator account.
It's a kind of DDoS attack. What is the best solution for this? My site is made with Joomla 3 CMS. Also I am not a security expert.
And in addition, recently I found out that there was a malicious file upload but luckily that was neutralised by a plugin I am using.
UPDATE:
I found something surprising. When i was attacked initially with malicious file upload my robots.txt was deleted by them. I was able to stop further upload by modifying .htaccess file but i failed to notice that robots.txt is missing. I think this gave free path to all robots. I am still on the job and searching other loopholes.
More posts by @Hamm4606531
3 Comments
Sorted by latest first Latest Oldest Best
All the answers suggested I would do as well. If you want another level of security I would enable Apache Basic Authentication
httpd.apache.org/docs/current/howto/auth.html
with a username/password on your admin URL within Joomla (make sure that this URL is https accessible only). This is done within your httpd.conf file whereby you generate a password encrypted file which is compared to the username/password credentials when the URL pattern match is accessed.
This way the attacker needs to also know the Apache protected URL username/password before attempting a brute force attack. Apache will dismiss all requests with an "Authorization required" message and protect your joomla instance from being bombarded.
In my opinion, your admin URL path should never be exposed to the internet without some additional protection.
I suggest you scan your whole server to find malicious files inside.
For the site's security, I think you already use Akeeba Admin Tools. If you do then change the administrator url with some random characters. With that way, the brute forces attack will fail even before they reach the login page.
Other then that, you better change all the passwords including ftp,joomla admin account and root accounts.
So, it's the same old story.
But, first, there are few things to do:
Firstly, scan your site with some antivirus tool. Then do this:
Upgrade all components/plugins
Upgrade your Joomla on latest version
Limit the upload of files only to allowed extensions (e.g. .pdf, .doc, .docx)
Maybe put some additional stuff before upload (let's say captcha or some question that needs an answer in order to upload the file.)
Change your password
//If your component is compromised, try to look up for another option. There's a plenty of components that are doing the same thing.
In addition, there's one cool online tool that can help you here.
Compromised sites will often be linked to malicious JavaScript in an attempt to attack users of your Joomla installation.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.