Hey Brent,

Can you please provide us with the FTP access so that I can check on this? When I tried to login to the back end of your site, I am hitting this error, http://screencast.com/t/Th5S0uA244mp

By the way, it looks like your subscription has expired and in order for you to continue requesting for support, you will need an active subscription. If you have already renewed, please let us know so that we can correct this for your account.

Thank you for understanding.

Hi Mark,
All taken care of (ftp info in original message)

Thanks,

Brent

Hi Brent Williams,

I've tried to access in your backend, but i hitting this :

Username and password do not match or you do not have an account yet.

please advise.

Hi Arlex,
I have reset the password and tested it. Could you please try again?

Thanks,

Brent

Hey Brent,

I can't login with the provided ftp access, http://screencast.com/t/XVHWW2kVJqSi The site access works fine though.

Hi Mark,
I'm not sure what issue you are having with FTP. I reset the password so I could test (and have updated it in my first post). I tested using filezilla and was able to access just fine...

Hi Brent Williams ,

Sorry for late reply to this,

I've tried to access in your Joomla backend, it not working but FTP is working now.

It seems like If I rename your existing .htaccess file, comment work fine, i suspect inside your .htaccess file got protect rules exceptions in your server, perhaps you can try consult with your webhosting provider this?

Thanks for the help. It looks like it was an admin tools issue. Not sure how to isolate what file to exclude. Any ideas?

Hi Brent Williams,

May i know do you have any sample how to put exclude file from admin tool?

Also I still can't access in your backend. Perhaps you can try create another Superadmin account so that we can access and take a look of this?

Hi Arlex,
I'm sorry - I found out that our hosting provider had altered our htaccess file due to:

I saw that a LARGE amount of the current requests appear to be trying to post comments to different pages. They had requests like this:
98.103.122.132 - - [13/Jul/2015:15:18:10 -0400] "POST /?option=com_komento HTTP/1.1" 200 33 "http://www.XXXXXXXXXX.com/apartment-news/1-latest-news/2317-propertymanager-job-description" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

I have edited your .htaccess file to block anything with the query string of "option=com_komento" in order to combat this.

Looks like someone is trying to spam our site a lot.

Hi Brent,

Ah I see. Your webshoting might be right. May I know do you allow public user to post comment on your site?

We do but it is moderated. The posts are not going through, however. It is possible it is a hacker trying to gain access...

Hey Brent,

Perhaps you can try setup recaptcha and block the spammer IP address in your Komento. check my screenshot.

Hope this will helps.

The comments never actually go through, so it may be that the spammer script is incorrect, which is why it doesn't post, or that it is not a spammer, but rather a hacker looking for a vulnerability...

Hey Brent,

When our server normally get's requests like this, what I would normally do is to route them to a blackhole 127.0.0.1 This way, they won't be able to access your site altogether.

How do you differentiate legitimate requests and illegitimate requests, though?

If you see the same ip address making a huge amount of requests, you can be pretty sure that these are spammers

Ah, ok. Whenever we see a single IP, we take care of it, but often they cycle...

Ah, then it's best to get in touch with your web hoster, they should have a list of blacklisted ips which they can route them to a blackhole too.