Increase in Joomla Brute Force Attacks

What’s happening?

Joomla login screen

Over the past several weeks, our System Administration Team has identified an exponential increase in brute force attacks against Joomla driven websites.

QuestionWhat is a brute force attack against a Joomla website?
AnswerA brute force attack against a Joomla website involves bots repeatedly trying to login to your Joomla /administrator by guessing the username and password. While it’s almost impossible to guess a username and password on the first try, these bots are trying 1000’s of username / password combinations, which is increasing the odds of a successful breach of your website.

What is InMotion Hosting doing?

When our System Administration Team identified the influx of brute force attempts against Joomla websites, they implemented a security rule on the server to thwart the attacks. With this new security measure in place, bots will no longer be able to guess 1000’s of username / password combinations, they will be stopped at a much lower attempt. This should drop their success rate on attacks to near 0%.

What should I do

While we are preventing most of the brute force attempts against Joomla sites, there may still be bots that are able to repeatedly guess your username and password. You can protect yourself from these bots by:

  1. Ensuring you are using a secure password
  2. Adding an additional username / password to your /administrator folder

23 thoughts on “Increase in Joomla Brute Force Attacks

  1. This problem is still ongoing and a cause of major frustration for my users. I have people that are routinely kicked out while making edits the backend of Joomla. When editing content and clicking save there is a login recorded. The security rule is not recognizing this as a regular function. The username and password are not being changed, therefore not a brute force attempt. It is sending a currently logged in user or admin. There have been many occasions where I have made very long edits in my articles then get kicked out when I click Save; I then have lost all my edits. We are really struggling to maintain our website with constant lock outs.

    1. If you are an InMotion Hosting customer and you believe you’re facing Brute Force attacks, then you should be in touch with our live technical support team to report the problem. The Support Center is not going be able to provide much assistance, as your account would need to be inspected in depth, and the live technical support team will have the access and the resources to address the problem. If they have already reviewed it and the problem persists, then I would also suggest speaking with a 3rd party security service like Sucuri.

  2. The backend of all my joomla sites in 3 diferent domains have been blocked with the message “Joomla Login Temporarily Disabled”. I seriously doubt that all three domains are being subjetc of “Brute Force Attacks”.
    There is something flawed with this security rule.
    And I need to access my sites ASAP !!!
     

  3. Hello,

    ”Brute Force Attacks” is a bloody joke. I am running several joomla websites (3.x and 2.5) and never been atacked because i have a password more or less secure.
    This software ”Brute Force Attacks” is only triggered when you login/logout successively and repeatedly. Or when attemtping to change userights in the same fashion. The safety on the software is too high.
    It should be reviewed. The program errs on the side of caution…

    Mansour 

    1. Am an administrator for stillwaterfirearms.org
      I get this:
      Joomla Login Temporarily Disabled

      Due to a high number of failed login attempts, access to /administrator/index.php has been blocked by Mod Security.
      —-
      and can’t get back in.

    2. First, I was routed here after having my account blocked. This article does nothing to indicate how to have my account unblocked so that I can implement the recommended changes. Second, the download link for the Admin Tools that you recommend is a broken link.

  4. I’m locked out of my Joomla install — website is www.landersdevelopmentllc.com — I was logged in (no failed password attempts on my part) but got kicked out of the admin area while I was working. I have several other joomla installs on the same VPS server — I’ve sampled a couple, but it appears I’m locked out of all of them. 

    Error mentions brute force attacks and that I’m temporarily locked out. What, exactly, does this mean? Will I be able to login, later? 

    1. Hello Lisa,

      I’m sorry you’re having problems with the brute force protection. It’s happening because your site is probably under brute force attack, and the server rules that are part of the protection is kicking in. One thing you can do to help prevent this from happening is to password protect your administrator directory for Joomla. We have a tutorial called How do I password protect a directory with my cPanel?. This will help prevent this issue from popping up further.

      If you have any further questions, please us know.

      Regards,
      Arnel C.

  5. Im not able to login to my account , I did some mistakes in my logins because i forgot the password, howeveri was able to remember it then i was locked

    www.sajidjaber.com please unlock!

     

    thanks

    1. Hello Sammy,

      I am not quite understanding. If you mean you are blocked out for having too many tries, then it will unlock in about 15 minutes.

      Kindest Regards,
      Scott M

  6. hi,

    We were facing the in-correct login attempts on our Joomla admin panel. Your support help suggested to keep a secure password and lock admin folder. Even afer doing that, the admin panel again gets disabled. If you please check at your end

    regards,

    1. Hello UK,

      If you are getting locked out, it is possible something else is going on. For example, a plugin/add-on may be getting flagged by the server rules as a security problem.

      I recommend contacting Live Tech Support, so they can review the server logs at the time you are having issues.

      If you have any further questions, feel free to post them below.
      Thank you,

      -John-Paul

  7. “WordPress Login Temporarily Disabled” all morning.

    How long does a typical reset require following an attack?

    1. Hello John,

      The block lasts 15 minutes, but if the attacks continue, then the block will also continue. I recommend following our guide on WordPress Brute Force attacks, since it explains the issue more in-depth, and provides solutions for “locking down” your wordpress.

      After you have protected your site, you should be able to regain access after 15 minutes.

      If you have any further questions, feel free to post them below.
      Thank you,

      -John-Paul

    1. Hello Truth,

      We’re glad to hear that it was resolved. If you have any further questions or comments, please feel free to submit a question or post to our Suport Center website!

      Regards,
      Arnel C.

    1. Hello Truth,

      Thank you for contacting us. We are happy to help, but will need some additional information, such as a link to the website.

      Are you running Joomla?

      Have you followed this guide?

      Are you getting an error? What is the error?

      If you have any further questions, feel free to post them below.
      Thank you,

      -John-Paul

    2. Hello rob,

      Thank you for contacting us, I understand your frustration. If you are getting locked out of WordPress, most likely there are brute-force attempts occurring.

      Our guide on WordPress brute force attempts explains the issue in detail, and provides solutions to regain access.

      If you have any further questions, feel free to post them below.
      Thank you,

      -John-Paul

  8. Cannot login to my wordpress dashboard and need to regain access asap. Not sure why you all are blocking my account please unblock this is uncalled for. Please contact me within instructions to regain access.

     

    Thanks

  9. My site is one being hit by these login attacks.  InMotion alerted me about heavy resource usage, and after much investigation I discovered this type of attack was causing the problem.  I found that installing Akeeba’s Admin Tools Pro not only helped to discover the actual problem, but also provided the means to fight it through their firewall.

    1. Hello Donald,

      Thank you for the additional information. We will check into that and create more information regarding using this tool.

      Kindest Regards,
      Scott M

Was this article helpful? Join the conversation!

Questions about our MailChannels Deployment? We have answers and are here to help!Learn More
+