Problem with login after suspension

[ossa74]

Hi,

I'm administrating a site that ran 1.5.x that was hacked some time ago (eXTPlorer exploit).

The host suspended the site, but after cleaning out currup .httaccess the site has been started again. My mate also made an upgrade to 1.5.23 by compying the source files directly to the directories.

The site is working, however I cannot login any users, on the front page or though the admin site. I have tried the variants in this:

http://docs.joomla.org/J1.5:How_do_you_ ... assword%3F

But these make no difference. When trying a logon, the page reloads with no errors or warnings regardless if the user exists or not.

My plan was to upgrade to 2.5 but I am stuck not getting into the admin.

Any suggestions? Is this a likely result of the hack/suspension or the uppgrade?

I do have a recent file backup of everything. However it is file backup and not a db backup. Would it work to just copy all files back anew(what hapens with DB?)?

Cheers and many thanks!
Oskar

[dpacadmin]

You can copy the Joomla 1.5.0 to 1.5.26 file set to your site to restore all your Joomla files. If your site has any modified Joomla core files the modifications will need to be made again. Create a backup of your site files before doing this in case you need to restore them. Uploading the Joomla files does not affect your database. You should also go through the security checks mentioned in the Security forum to see if your site still has hack files on it.

[ossa74]

Thanks!

I clarified that my mate had in fact attempted a 1.5.25 file compy upgrade.

I ran the script without seeing anything conspicous, except the comment that mySQL version could be bad, how come? Would that cause problem going from 1.5.old to 1.5.26?


The resulting script is as follows:

Cannot log in on otherwis functional site

Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Writable (644) | Owner: 914550 (uid: /gid: ) | Group: 915968 (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.10.24-20131217-1346-7defc3d | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /customers/b/4/1/marinarkeologi.info/httpd.www | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.28 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: 1 | Magic Quotes: | Safe Mode: | Open Base: /customers/b/4/1/marinarkeologi.info/httpd.www:/customers/b/4/1/marinarkeologi.info/httpd.private:/customers/b/4/1/marinarkeologi.info/tmp:/customers/marinarkeologi.info/marinarkeologi.info:/var/www/diagnostics:/usr/share/php | Uploads: 1 | Max. Upload Size: 96M | Max. POST Size: 96M | Max. Input Time: 60 | Max. Execution Time: 50 | Memory Limit: 128M

MySQL Configuration :: Version: 5.1.72-2 (Client:mysqlnd 5.0.8-dev - 20102224 - $Id: 731e5b87ba42146a687c29995d2dfd8b4e40b325 $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 13.12 MiB | #of Tables: 111

PHP Extensions :: Core (5.3.28) | date (5.3.28) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | standard (5.3.28) | mysqlnd (mysqlnd 5.0.8-dev - 20102224 - $Id: 731e5b87ba42146a687c29995d2dfd8b4e40b325 $) | mysqli (0.1) | mysql (1.0) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | exif (1.4 $Id$) | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | XCache (3.0.1) | XCache Cacher (3.0.1) | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: attachments/ (775) | images/stories/Kalender/ (775) | images/stories/konf/ (775) | images/stories/projekt/Gotland/ (775) | images/stories/projekt/MAS-projekt/ (775) | images/stories/projekt/MAS-utfard/ (775) | images/stories/projekt/krogen/NyckelvikSSS/ (775) | inbox/ (777) |

Components :: SITE :: Default (1.4.0) | MailTo (1.5.0) | Default (1.0.0) | User (1.5.0) | Wrapper (1.5.0) |
Components :: ADMIN :: Acajoom Content Bot (2.0.0) | Acajoom CB Plugin (1.2) | Acajoom (3.2.7) | Attachments (1.3.4) | Cache Manager (1.5.0) | Caddy (1.71) | Configuration Manager (1.5.0) | Control Panel (1.5.0) | eXtplorer (2.1.0b5) | Frontpage (1.5.0) | Installation Manager (1.5.0) | JEvents (1.5.3 (B1629)) | Unapproved Documents (2.0.0) | Latest documents (2.0.0) | Latest logged downloads (2.0.0) | Most downloaded documents (2.0.0) | Editor Button - JoomDOC Link (2.0.0) | JoomDOC Standard Buttons (2.0.1) | Search - JFjoomDOC (2.0.0) | Search - JoomDOC (2.0.0) | JoomDOC (2.0.1) | JUpdateMan (1.5.1) | JUserlist (1.6) | Unknown (-) | Kunena (1.5.6) | Language Manager (1.5.0) | Mass Mail (1.5.0) | Media Manager (1.5.0) | Menus Manager (1.5.0) | Messaging (1.5.0) | Messaging (1.5.1) | Module Manager (1.5.0) | Search (1.5.0) | Default (1.0.0) | PhocaGallery (2.7.5) | Plugin Manager (1.5.0) | Polls (1.5.0) | Newsfeeds (1.5.0) | SimpleMemberships (0.1.1 ALPHA) | Template Manager (1.5.0) | Trash (1.0.0) | User Manager (1.5.0) | Contact Items (1.0.0) | Unknown (-) | Editor - JCE (2.3.1) | Editor - JCE (2.3.1) | JCE File Browser (2.3.1) | plg_quickicon_jcefilebrowser (2.5.0) | JCE (2.3.1) | JCE (2.3.1) | Weblinks (1.5.0) | Content Page (1.5.0) | Banners (1.5.0) |

Modules :: SITE :: Acajoom Module (3.1.0) | Archived Content (1.5.0) | Simple File Upload v1.3 (1.3) | Banner (1.5.0) | Breadcrumbs (1.5.0) | simplecaddy (1.7) | Custom HTML (1.5.0) | Chris's DropBox Modile (1.0) | Feed Display (1.5.0) | Filtered News (2.1.7) | Footer (1.5.0) | Latest JEvents (1.5.3) | Latest News (1.5.0) | Login (1.5.0) | Menu (1.5.0) | Messaging (1.5) | Most Read Content (1.5.0) | Newsflash (1.5.0) | Poll (1.5.0) | Random Image (1.5.0) | Related Items (1.0.0) | Search (1.0.0) | Sections (1.5.0) | Statistics (1.5.0) | Syndicate (1.5.0) | Who\'s Online (1.0.0) | Wrapper (1.0.0) |
Modules :: ADMIN :: Custom HTML (1.5.0) | Feed Display (1.5.0) | Footer (1.0.0) | Unapproved Documents (2.0.0) | Latest documents (2.0.0) | Latest logged downloads (2.0.0) | Most downloaded documents (2.0.0) | Latest News (1.0.0) | Online Users (1.0.0) | Popular Items (1.0.0) | Logged in Users (1.0.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Quick Icons (1.0.0) | Items Stats (1.0.0) | User Status (1.5.0) | Admin Submenu (1.0.0) | Title (1.0.0) | Toolbar (1.0.0) | Unread Items (1.0.0) |

Plugins :: SITE :: Acajoom Content Bot (2.0.0) | Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Content - Attachments (1.3.4) | Content - Email Cloaking (1.5) | Content - Example (1.0) | Content - Code Highlighter (Ge (1.5) | Content - Image Resize (0.5) | Content - Load Modules (1.5) | Content - Pagebreak (1.5) | Content - Page Navigation (1.5) | simplecaddy (1.5.6) | Content - Vote (1.5) | Editor Button - AddAttachment (1.3.4) | SimpleCaddy Button (1.6) | Button - Image (1.0.0) | Editor Button - JoomDOC Link (2.0.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Editor - JCE (2.3.1) | JoomDOC Standard Buttons (2.0.1) | Search - Attachments (1.3.4) | Search - Categories (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Search - JFjoomDOC (2.0.0) | Search - JoomDOC (2.0.0) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Search - Weblinks (1.5) | System - Backlinks (1.5) | System - Cache (1.5) | System - Debug (1.5) | System - GoogleVerify (1.2) | System - Legacy (1.5) | System - Log (1.5) | System - Mootools Upgrade (1.5) | System - Remember Me (1.5) | System - SEF (1.5) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) |

Templates :: SITE :: beez (1.0.0) | JA_Purity (1.2.0) | jaw031 (1.0) | js_optimus_free (1.0.f) | rhuk_milkyway (1.0.2) |
Templates :: ADMIN :: Khepri (1.0) |

[dpacadmin]

It is possible that some files were corrupted during the update. You should try updating the Joomla files again. After backing up the site files try uploading the Joomla 1.5.0 to 1.5.26 file set. Check that your FTP program is set to Auto and overwrite existing files. If you use FileZilla check the boxes, bottom left, for any failed transfers and keep re-queuing them till they upload.

[mandville]

what are all those 775 folders in your image folder? you have a lot and i mean a LOT of out of date extensions.


Replace the deleted files by

Create a new database and install without sample data to it(make sure it the same version as previous site).
Install the 3rd party extensions(including any custom template) to the new Joomla.
(That insures you have the files in place for the 3rd party extensions)
Edit the configuration.php file of the new Joomla to connect to your original database.
Make a backup and update to the current full version of Joomla


Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the Security Checklist 7 document.

[Per Yngve Berg]

Register Globals: 1

This is a security threat. Contact your host and have it turned off at the server.

[ossa74]

Thanks, unfortunately I only have a full file backup, but no separate DB backup from before the crash.

However I think there is something obvious I'm not seeing. Everything is working superficial, but not the login function. not on the main page nor the admin page, not even with a message. for example, can there be something connected with the modules/components, as some of these were ripped out after the hack? Something requiring reactivation?

Copying 1.5.26 files seems to work quite ok.

Cheers
/O

[ossa74]

hmm how about this for a procedure instead of trying repairing:

Copy back my latest backup (early December). This means reverting to old joomla, but would replace all extensions and templates too. Then immediately start over with the 1.5.26 upgrade?

Does this approach miss something? What about the DB?

Cheers
/O

[dpacadmin]

You do not know when your site was hacked so your Dec backup may contain hack files too. There is a post by mandville that may clean up your site, it cleans out all your site files. You would also need to check your site for cron jobs that re-install the hack. Could also be your server allowing the hack as their settings are not secure as mentioned by Per Yngve Berg.

Also check the sticky posts at the top of the Security in Joomla! 1.5 forum for more good suggestions on fixing a hacked site.

[ossa74]

Ok,

Is there an an alternative route to fix then upgrade? I.e would be possible to just just copy article contents into an 3.2 installation and just add imags path? And then just rebuild with new templates and plugins.

Rgds
/O

[dpacadmin]

....There is a post by mandville that may clean up your site, it cleans out all your site files. ......