A brute force attack is when a hacker uses a program to try to guess your website's username and password. The program they use automatically tries a different password each time, allowing them to guess hundreds of username and password combinations in minutes.

We're stopping them in their tracks
Our Server Admins have seen these types of attacks increase over the last few days. To stop these attacks, security measures have been put in place to prevent the repeated guessing of usernames and passwords. This means that you should not have a problem logging into your Joomla dashboard, but hackers will be stopped shortly after they start.

Make sure your passwords are secure
We can't stop all attempts from these hackers, so it's a good idea to ensure you are using a secure password. You can take things a bit further by adding an additional username and password to your /administrator folder, making it extremely difficult to guess 2 sets of username / passwords.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Comments

n/a Points
2014-03-14 8:03 pm

When aour dashboard has been temporarily disabled, how long can we expect the wait to be until the block has been lifted?

Staff
12,339 Points
2014-03-14 8:58 pm
Hello Andrew,

Thank you for your question. The block will be lifted after 15-20 minutes, then you will be able to regain access.

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul
n/a Points
2014-05-10 5:45 am

When will the block be lifted from my site?

Staff
16,266 Points
2014-05-10 4:03 pm
Hello Brenda,

The block is typically 15 minutes. After that time you should be able to try and log in again.

Kindest Regards,
Scott M
n/a Points
2014-05-13 10:42 pm

Hi, I've been waiting 45 minutes for the block to clear.  Could you please help me get it cleared asap?  

Staff
3,713 Points
2014-05-13 11:05 pm
Hello Jen, and thanks for your comment.

Sorry for the issues. It looks like your website was actually triggering our WordPress brute force protection and that's why you were getting locked out of your admin dashboard.

I've gone ahead and followed the steps for you to setup a secondary WordPress admin password so that various bots don't continue to trigger the lockout.

You should be able to wait 15 minutes past this point and regain access to your admin again. When you try to access it now you should first get a secondary WordPress password prompt. The username is your cPanel username, and the password is wordpress all lower-case.

If you're still having issues at all, please let us know!

- Jacob
n/a Points
2014-05-14 3:30 am

Hi. I've been waiting for almost two hours to get logged into my site.  Any ideas?

Staff
17,314 Points
2014-05-14 3:37 am
Hello Tracey,

I'm sorry to hear that you're having a problem with the login. However, you have given us no information about your account. If you are a customer of Web Hosting Hub, then we can look into the account to see what's happening. If you're not a customer, then we can only try to guess at what may be happening. The article above explains that there are possible security issues that may have affected your login.

If you can please provide us a little more information, then we would be happy to investigate. A URL or account name would help. If you wish to keep this matter private (posts on this website are public), then you can contact our live technical support team as per the contact information at the bottom of this page.

Kindest regards,
Arnel C.
Staff
17,314 Points
2014-05-14 4:45 am
Hello Tracey,

Sorry for the problems with the WordPress login. It appears that your site was triggering the ModSecurity rules on the server. These rules were put in place in order to help prevent brute force attacks on the WordPress site. At present, your site is using an old theme. If possible,we do recommend that you update the theme in order to help with the security of your website. Additionally, make sure to review this tutorial on preventing WordPress brute force attacks. Choose one of the options listed in that article to improve the security of your site and keep your site from triggering the mod security rules.

I hope this helps to clarify the issue. If you require further assistance, please let us know.


Regards,
Arnel C.
n/a Points
2014-05-14 6:00 am

THANK YOU, ARNEL!!! Thank you so much!!

n/a Points
2014-05-14 11:07 pm

Our site example.com has been blocked for several hours now. When will it be lifted?

Staff
3,713 Points
2014-05-14 11:49 pm
Hello Glenn,

Can I ask how you ended up on this guide of ours? It seems like you only have a WordPress website and got locked out of your WordPress admin because of our WordPress brute force attack protection.

I went ahead and used the secondary WordPress password protection mentioned in that article. I've set the secondary username to your cPanel username, and the password is wordpress all lowercase.

This will prevent bots or unauthorized users from attempting to login to your dashboard, and should stop our brute force protection now that you've got some setup at the user level.

If you're still having any issues at all please let us know. Sorry for the inconvenience!

- Jacob
n/a Points
2014-05-15 12:50 am

I ended up here when I tried to edit another blogpost on our blog, amd was told that the site was blocked. The same page presented a link to here.

I believe I must be typing the wrong cPanel name, because I'm having difficulties getting in. 

Can it just be restored to the password we used before?

Staff
3,713 Points
2014-05-15 1:12 am
Hello Glenn,

I went ahead and just set the secondary WordPress admin username and password to both be wordpress for you. If you'd like to change it to something else you can navigate to the password protected directory tool in cPanel and under the Create User section add another user.

I'm currently checking why our security rules directed you to this Joomla brute force article instead of the WordPress one.

Please let us know if you're still having any issues getting into your admin now.

- Jacob
n/a Points
2014-07-08 7:21 pm

So, well my comment is destructive. It is the biggest sh.. program I ever have had installed. It blocks my own work on my own site. That means, I'm successfully logged in and want to change the sequence of localities. When I did this (clicking 20 times on the arrow to rise the object from number 20 to number 1) I'm blocked out, though I was promised to have uninstalled the blocking since days. Nobody is forcing to get into my web rather than me myself.

That means my web is safe enough, even secured from my own web devellopment. There was never brute force attack than my own intents to improve my site. Once blocked I can't access for hours, in occasion for a day! Every "attack" is just from my own IP! UFF !!!!

So, at the end to whom serves the blocking?

Staff
17,314 Points
2014-07-08 9:15 pm
Hello Gerard,

I took a close look at your account and the Apache error log which shows the Mod security error messages. I also referenced this with our senior techs. Your Joomla admin is regularly getting hits from , Spain, Ukraine, China, and many other IP addresses. The mod security rules are there to protect your website from being penetrated by these people who are hitting your site. They already have relaxed the other modsec rules for your site, but the ones that are there to prevent intrusion through brute force attacks cannot be removed.

I will send you an email after this with a partial log of the mod sec rule errors so that you can see what's hitting your website. Before that, to help prevent this happening, I'm going to suggest that you edit your .htaccess file. This will limit access to your Joomla Administrator using the following code:


RewriteEngine on
RewriteCond %{REQUEST_URI} ^/administrator\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/administrator$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.124$
RewriteRule ^(.*)$ - [R=403,L]


You will need to replace the "123\.123\.123\.123" with your outgoing IP address. You can find your IP address by going to your server address: http://whub28.webhostinghub.com.

Copy the code above and paste into the top of your .htaccess file. If you're still problems with accessing then you will need to allow for 15 minutes to pass before you can try again.

This should allow you to get to the Joomla admin without any further trouble. If you continue to have problems, then please let us know. We do understand the frustration that's been a result of these attacks preventing you from accessing your Administrator.

Thank you for your patience and undestanding.

Kindest regards,
Arnel C.
n/a Points
2014-11-30 6:33 am

Hi, I'm using Joomla, and my login to the dashboard is disabled. I tried to fix it by reinstall joomla, but it happends again. Could u please help me? 

——"Due to a high number of failed login attempts, access to ****** has been blocked by Mod Security."

 

Thank u!!!

Staff
12,339 Points
2014-11-30 5:46 pm
Hello Jing,

Thank you for your question. You can Protect your Joomla Dashboard from Brute force logins, using the Admin Tools Core.

There could also be a conflict occurring with a plugin/extension. In this case, Live Support can review the logs and specify which mod_sec rule is being flagged.

Thank you,
John-Paul
n/a Points
2016-03-04 7:22 am

Hi, my site is blocked for the secondday, when it will be available

Staff
1,198 Points
2016-03-04 6:45 pm
Hello Vitaliy,

What is your websites URL so we may look into the problem.

Best Regards,
TJ Edens
n/a Points
2016-05-17 4:41 pm

Sorry to say, but this with the 15 minutes is a big lie.

I'm blocked now more than 1 hour and this is a real mess as I have TO WORK!

I sent tickets and didn't even get an answer that the tickets are received.

Well, this year my subscription ends and I'll look for hosting somewhere else.

Staff
1,348 Points
2016-05-17 8:20 pm
You can disable mod_security in cPanel to get access back to your account. However, this decreases your account's overall security. This should be used as a temporary fix that allows you to secure your site and get back to work; then you should turn mod-security back on.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.
}