Hi guys
my website got hacked and I only have hacked backup. Tried everything I knew to solve it out but nothing works this time. The virus changes admin password everytime I change it in PHPmyAdmin (in user_ table). I change the password to MD5 salted hashed password, then I go to admin login and try to login, but it wont work. Then I look in the user_ table and can see that the password was changed itself (has been BLOWFISH encrypted to $2y$10..........)
Am I missing something??
I tried to compare files in Meld, searched for eval(base64_decode etc. in Text Crawler but can't find any hacked file at all. It just looks clean to me. In the past I cleaned severeal hacked joomla website with ease, this time I am helpless though.
Any advice will be well appreciated. The website is https://truhlarstvihavalec.cz/administrator
Can the virus encrypt the psw everytime I try to log in?
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Apprentice
- Posts: 7
- Joined: Tue Feb 15, 2011 12:47 pm
- Location: Czechia
- Contact:
-
- Joomla! Champion
- Posts: 5951
- Joined: Tue Aug 23, 2005 1:56 pm
- Location: South coast, UK
- Contact:
Re: Can the virus encrypt the psw everytime I try to log in?
I don't think joomla uses MD5 any more. mysites.guru is a site auditing service for hacked/broken sites,the first audit is free.
https://gadsolutions.biz Electrical services
https://electrical-testing-safety.co.uk Testing services
https://electrical-testing-safety.co.uk Testing services
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Can the virus encrypt the psw everytime I try to log in?
Hmmm ... see end the article (last updated 11-Sep-2020) https://docs.joomla.org/How_do_you_reco ... assword%3F
See also https://github.com/joomla/joomla-cms/issues/12333. It's confusing, isn't it, to read https://stackoverflow.com/questions/518 ... for-my-api Until I read otherwise, I'll go by what I read from the J! 4.0 development team leader and JDOCs.
- Webdongle
- Joomla! Master
- Posts: 44096
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Can the virus encrypt the psw everytime I try to log in?
Follow the steps of viewtopic.php?f=714&t=946026 (skip step #b if you don't have access). After you perform step #e that should prevent the hacker from interfere with you rebuilding your site.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1403
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: Can the virus encrypt the psw everytime I try to log in?
Joomla will accept a variety of insecure hashes (like md5) for user passwords in the database - but will automatically rehash them once a user logs in, to a more secure algorithm.
Using this, you can store the md5 for a password in the db, but as soon as you login it will change.
For example 21232f297a57a5a743894a0e4a801fc3 is "admin" - once you login with the password of "admin" this will change to a bcyrpted hash.
This is achieved with the checkIfRehashNeeded method of the Hash Handlers listed here: https://github.com/joomla/joomla-cms/tr ... n/Password
You can see in the md5Handler that checkIfRehashNeeded always returns true forcing a rehash to a more modern and secure algorithm https://github.com/joomla/joomla-cms/bl ... er.php#L34
If the user is valid, their password is valid, and the handler returns true for checkIfRehashNeeded then Joomla will rehash the password here :
https://github.com/joomla/joomla-cms/bl ... r.php#L507
By default it would use the Constant defining the BCrypt password algorithm
Using this, you can store the md5 for a password in the db, but as soon as you login it will change.
For example 21232f297a57a5a743894a0e4a801fc3 is "admin" - once you login with the password of "admin" this will change to a bcyrpted hash.
This is achieved with the checkIfRehashNeeded method of the Hash Handlers listed here: https://github.com/joomla/joomla-cms/tr ... n/Password
You can see in the md5Handler that checkIfRehashNeeded always returns true forcing a rehash to a more modern and secure algorithm https://github.com/joomla/joomla-cms/bl ... er.php#L34
If the user is valid, their password is valid, and the handler returns true for checkIfRehashNeeded then Joomla will rehash the password here :
https://github.com/joomla/joomla-cms/bl ... r.php#L507
By default it would use the Constant defining the BCrypt password algorithm
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/