I am no expert in these things and that's why really hoping if some of you can help me out. Below is my problem, and next are the things that I have done to investigate it.
Problem Description:
For last 2 days, I am unable to use the administrator page of my joomla website from my home network.
1) I can successfully login to admin account if I use the URL: example.com/administrator. However, after login, whatever other link I click inside the page - it either:
a) Sends me a "connection dropped from the server" message, or
b) Browser Tries to download the index.php page itself. If I click save and download the page, it downloads a 0 byte index.php file.
2) I can not login to administrator account if I use the URL example.com/administrator/index.php. It does one of the two things as depicted in 1. a) and 1. b) above.
3) This behavior is consistent on matter what OS / Browser I use (tested with Windows 7, Mac OS, Ubuntu Linux on IE, Chrome, Firefox and also on iPhone. Clearing browser cache doesn't help.
4) The problem only happens when I use my home wireless broadband. If I use any other IP (e.g. separate ISP account, using 3g connection on iPhone etc.) I can properly access and use the admin backend. The same machines / smartphones that can not access using the home broadband, work perfectly when connected to other ISP.
5) All other pages of my website are accessible without any issue from my home broadband. The problem is only with accessing /administrator/index.php page.
6) Using my home broadband, if I try to access using anonymouse web proxy, it works.
My investigation / Possible Issues
1) First I thought, the outbound IP of my home broadband is banned in the server host. I contacted host, they confirmed that the IP is not banned. In fact, they explicitly allowed my IP ranges in the firewall rule just to check. No help.
2) Next, I thought the problem is with apache server configuration - because of which whenever any *.php file is accessed from the browser, server is not rendering it and allowing the browser to download it. But it should not be the case as I can access the admin pages from other computers on different IPs.
3) I checked that there is no IP based filtering in .htaccess. I am not using any Joomla level software firewall.
In short, some thing is causing the server to either drop the connection or allowing the .php file to be downloaded (instead of rendering) when accessing from a specific IP.
Any idea, trouble shooting steps?
The problem basically boils down to this: Something causing the server to drop the connection when trying to access any *.php page directly from a specific IP range. So,
example.com/administrator ==> works, but
example.com/administrator/index.php ==> connection dropped!
And this happen only for a specific IP range (let's say 203.101..).
Now, yesterday night my web server admin told me one interesting detail:
On the morning my issue started, there were lot of SQL Injection attacks on joomla /component/search module - but the attacks were blocked by "
mod_security". Is there a possibility "mod_security" somehow in turn blocking the IPs? Or may be some IDS?
The issue has been resolved now. The issue was caused because when mod_security blocked some SQL Injection attacks, it also triggered csf Firewall to ban those IPs.