Menu

Topic-icon All Joomla Updates lock me out

  • drjonz
  • drjonz's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
3 weeks 6 days ago #8644 by drjonz
All Joomla Updates lock me out was created by drjonz
I get the email that Joomla has updates and click on my link.

mywebsite.com/administrator/index.php?option=com_joomlaupdate

And every site instantly locks me out: The webmaster has forbidden your access to this site

It's been doing this all year on me. I'm forced to go to SQL and disable the plugin.

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #8645 by Jose
Replied by Jose on topic All Joomla Updates lock me out
Hi drjonz,

After gaining access again when this happens, is there any log entry in scp?

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • drjonz
  • drjonz's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
3 weeks 6 days ago #8646 by drjonz
Replied by drjonz on topic All Joomla Updates lock me out
It shows my home IPV6 address and user being blocked:
User session protection :IP and User-agent have changed during an active session
Maybe it starts comms on IPv4 and flips to IPv6? And that counts as a changed session?

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #8647 by Jose
Replied by Jose on topic All Joomla Updates lock me out
Yes, that could be the reason. Please, go to Waf configuration -> user session protection and confirm that the "Elements to check in session hijack" drop-down is set to "IP AND User-agent". If not set to that value to avoid being banned even if your IP changes during an active session (supposing you're using the same browser).

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • drjonz
  • drjonz's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
3 weeks 6 days ago #8648 by drjonz
Replied by drjonz on topic All Joomla Updates lock me out
The dropdown is set to IP OR User-Agent. Using AND should stop this?

Please Log in or Create an account to join the conversation.

More
3 weeks 6 days ago #8649 by Jose
Replied by Jose on topic All Joomla Updates lock me out
Yes.

To apply the 'session hijack' with that setting both values (IP AND user-agent) must change during an active session.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.083 seconds
Powered by Kunena Forum

Login or Sign In