Auto ban admin question
-
Something I don’t understand about the ‘auto-ban admin’ setting. I have this enabled, but even though I get some hits in the log for users trying to log in as admin, they seem only to be locked out for a short period, not banned. The banned hosts list never gets updated with their IP address.
Is this a bug or have I misunderstood it? If not, how do I implement it properly?
Thanks
-
The name ‘auto-ban admin’ is a bit misleading. It doesn’t immediately ban the host IP. It’s only a temporary lockout of the host IP as you noticed.
But with default settings, after 3 of those temporary lockouts from the same IP (in 7 days) the host IP should be banned permanently.
That is if you are running your site using a supported web server …
If you are using MS IIS for instance, the auto banning feature won’t work.
Any IP’s automatically added (if at all) to the Ban Hosts list in the Banned Users module simply won’t get written as forbidden rules to a MS IIS configuration file …
Another reason could be that the admin login attempts are performed from different IP addresses in such a way that the Blacklist Threshold (3) as set in the Global Settings module is never reached.
Anyway it’s difficult to say for your specific situation with so little info provided.
Providing additional info from the Logs page might help.
- The topic ‘Auto ban admin question’ is closed to new replies.
