Over the last months, our website has been targeted by a large number of automated attacks carried out by so‑called "robots" or bots. In addition to rebuilding the site from scratch, we have implemented several security measures to better protect our systems against these attacks.

This document provides a short overview of the most important changes. More detailed technical reports are available in both German and English for anyone who is interested. 

Security Improvements – Short Overview

1. Migration to a dedicated VPS

  • The website now runs on our own Virtual Private Server (VPS) instead of shared hosting.
  • This gives us dedicated CPU and RAM, so performance and stability are noticeably better.
  • We control the full software stack (web server, PHP, database), which allows us to apply security updates and optimizations much more quickly.

2. Network protection: Firewall (ufw)

  • On the VPS we enabled the built‑in firewall ufw ("Uncomplicated Firewall").
  • Only the ports we actually need are reachable from the internet:
    • SSH (secured remote access for administrators)
    • HTTP/HTTPS (public website access).
  • All other ports are blocked, which significantly reduces the technical attack surface of the server.

3. Automatic blocking of attackers: Fail2ban

  • We installed Fail2ban, a service that automatically blocks IP addresses that behave suspiciously.
  • Fail2ban continuously analyses existing log files (SSH and web server logs).
  • If an IP causes many failed logins or repeatedly targets the Joomla administrator area, this IP is automatically blocked via the firewall for a defined period of time.
  • This effectively limits brute‑force attacks and automated scans against the server and our admin login.

4. Application‑level protection in Joomla (Admin Tools & 2FA)

  • Inside Joomla we use Admin Tools (Core) as an additional security layer.
  • It adds a basic web application firewall (WAF), tools to fix file permissions and emergency functions to quickly lock down the site if needed.
  • Administrator accounts are further protected with two‑factor authentication (2FA), so logging in requires both password and a one‑time code.
  • Together, these measures make unauthorized backend access and common web attacks significantly harder.

5. Resulting security level

  • The combination of VPS, firewall, Fail2ban, Admin Tools and 2FA provides multiple independent layers of protection.
  • Normal visitors and editors should mainly notice a faster and more stable website, while the system silently intercepts and blocks most automated attacks in the background