Every time I log into the back end the log shows a critical issue 'There was an attempt to change a protected user' with my IP address as the source. Agreed that I am a protected user, but I am not attempting to change anything. Any idea what is happening here?

I started having the same problem. I have protected users, including me, and I got this notice:

User 'myusername' change attempt: column 'password' value attempted to change from 'XXXhash' to 'YYYhash'. Prevented

I would expect that to be prevented, as I'm a protected user. What I don't understand is why is my logging in triggering a password change attempt?

Did an update to Joomla change the way the password hash is calculated? Log in, Joomla Core tries to update your password to the new hash? Or is there something more sinister going on, like malicious code trying to change my password when I log in?

I don't have an answer yet, just wanted to let you know I'm dealing with the same issue.

Hello,

Your assumption is correct, Joomla! updates did changed the way passwords are encrypted and when you've used the RSFirewall! protected user feature, the user(s) snapshot were captured with the older password hashing algorithm thus no longer matching the current one.

Joomla! is updating passwords with the new algorithm on login, and thus RSFirewall! kicks in because it sees that your database is being altered. You can try following these steps and a new snapshot of your user(s) will be saved:

- Go to Components > RSFirewall! > Firewall Configuration > Active Scanner.

- Remove all users from "Protect the following users from any changes" area.

- Save your configuration (this has to be saved first, so the user snapshots are removed from the database).

- Login with each protected user - you have to login so that Joomla! updates the password field with the new hashing algorithm.

- Add the users back to the "Protect the following users from any changes" area.

- Save your configuration once again (this will re-create the user snapshots with the new correct data).