Mod security module false positive

Avatar
  • Answered
What does it take for In Motion Hosting to look at their Mod security.

You have a bug in your detection of Force Attacks.
Error message:
Due to a high number of failed login attempts, access to /administrator/index.php has been blocked by Mod Security.
For more information please review our Support Center article on the topic:
https://www.inmotionhosting.com/support/news/general/joomla-brute-force-increase

We have already gone through all the steps.
Ensuring you are using a secure password
Adding an additional username / password to your /administrator folder
The product we are using for the secondary login before the administrator page also show no such attacks nor does the vendor of the 3rd party security product see any referance of these so called attacks. Your own raw logs in the cpanel do not show such attacks. your Mod security seems to be posting a false positive and locking accounts.

Tech support does not seem to pass the information along to someone to look at as a possible issue.

Have asked for proof of such attacks, but never have received any proof.
Avatar
Arn
Hello, I'm sorry that you've had issues with the Mod_security rules placed on the server to help mitigate brute force attacks. While the focus of brute force attacks have been on WordPress, a fair share of the attacks also affect joomla administrators. I can understand the skepticism if you're not seeing the reports, but remember that even several failed attempts can break a mod sec rule resulting in a false positive. If you want details about your site login issues ,then you will need to submit a verified support ticket explaining your request. They can then find the information and provide you a report. We cannot do that here in the support center as the information is private, while information disclosed on the website is public domain. I apologize that I can't give you a more direct answer, but please submit a support ticket and they should be able to give you the information you want. If you have any further questions or comments, please let us know. Kindest regards, Arnel C.