It appears that my site may have been hacked - however the only thing I can see that was changed were all the user names and passwords, INCLUDING admins,, superusers etc. so I basically have a website that I cannot access through either the front end or backend and am unable to update anything or admin the site. I AM ABLE to take new registrants, however, "newbies" have very little admin rights.
My question is this - WITHOUT having to dump the entire joomla installation, is there a way (in the server directory, maybe?) to access ONLY the USERS and make changes and try to correct this issue?
HELP, please!
Dennis
User magmt
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: User magmt
[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic. Use these links to download the FPA:
Download .tar.gz version or Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.
[ ] Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.
[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.
[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.
[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.
[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.
[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.
[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).
[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.
[ ] Ensure you do not have anonymous ftp enabled.
[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.
[ ] Replace the deleted files by
[*]Create a new database and install without sample data to it(make sure it the same version as previous site).
[*]Install the 3rd party extensions(including any custom template) to the new Joomla. (That insures you have the files in place for the 3rd party extensions)
[*] Edit the configuration.php file of the new Joomla to connect to your original database.
[*] Make a backup and update to the current full version of Joomla
Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the Security Checklist 7 document.
Download .tar.gz version or Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.
[ ] Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.
[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.
[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.
[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.
[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.
[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.
[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).
[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.
[ ] Ensure you do not have anonymous ftp enabled.
[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.
[ ] Replace the deleted files by
[*]Create a new database and install without sample data to it(make sure it the same version as previous site).
[*]Install the 3rd party extensions(including any custom template) to the new Joomla. (That insures you have the files in place for the 3rd party extensions)
[*] Edit the configuration.php file of the new Joomla to connect to your original database.
[*] Make a backup and update to the current full version of Joomla
Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the Security Checklist 7 document.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
N8BMB
- Joomla! Apprentice
- Posts: 5
- Joined: Wed Jan 30, 2013 4:00 pm
Re: User magmt
I appreciate the reply, however, it really does not seem to answer my question. I really need to know if there is a way to get into the user database somehow. In the last year and a half, because of hackers on a PRIOR server, template versions not compatable with PHP versions and template changes, etc, I really cannot ask my registered users to re-register AGAIN. As well, I could just do it for them, but THAT is a lot of work as well.
SO, is there a way to get into the user database from the server side and make changes or am I totally screwed AGAIN and have to dump and re-install the site again?
SO, is there a way to get into the user database from the server side and make changes or am I totally screwed AGAIN and have to dump and re-install the site again?
-
mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: User magmt
You need to log into your sql direct using these instructions http://docs.joomla.org/How_do_you_recov ... assword%3F
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
sovainfo
- Joomla! Exemplar
- Posts: 8808
- Joined: Sat Oct 01, 2011 7:06 pm
Re: User magmt
You can use phpMyAdmin and manipulate #__users from there.
As an alternative you can take any user and make it super by $root_user="<username>" in configuration.php.
As an alternative you can take any user and make it super by $root_user="<username>" in configuration.php.
Issue with migrating? Include logs/joomla_update.php in your report!
Blank screen? Verify pagesource for HTML code (javascript error)
Installation failing on populating database? Install with set_time_limit(0)
Document your customizations!
Blank screen? Verify pagesource for HTML code (javascript error)
Installation failing on populating database? Install with set_time_limit(0)
Document your customizations!
-
mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: User magmt
i am sure all that is detailed in the doc i linked to.sovainfo wrote:You can use phpMyAdmin and manipulate #__users from there.
As an alternative you can take any user and make it super by $root_user="<username>" in configuration.php.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
sovainfo
- Joomla! Exemplar
- Posts: 8808
- Joined: Sat Oct 01, 2011 7:06 pm
Re: User magmt
Maybe it is because I know the answer I got lost in the document. Hope that my summary was usefull to OP.
Issue with migrating? Include logs/joomla_update.php in your report!
Blank screen? Verify pagesource for HTML code (javascript error)
Installation failing on populating database? Install with set_time_limit(0)
Document your customizations!
Blank screen? Verify pagesource for HTML code (javascript error)
Installation failing on populating database? Install with set_time_limit(0)
Document your customizations!
-
N8BMB
- Joomla! Apprentice
- Posts: 5
- Joined: Wed Jan 30, 2013 4:00 pm
Re: User magmt
Thanks all for your help - I got everything back to "normal". 
Dennis
Dennis
