Joomla! • View topic - Site Hacked And Cannot Login to Admin Area

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.

Site Hacked And Cannot Login to Admin Area

Moderators: lafrance, mandville, General Support Moderators

Page 1 of 1

[ 16 posts ]

Print view

Previous topic | Next topic

Author

Message

313designs

Post subject: Site Hacked And Cannot Login to Admin Area

Posted: Fri Jan 04, 2008 7:33 pm

Joomla! Apprentice

Joined: Fri May 11, 2007 6:47 pm
Posts: 17

Greetings,

On January 1, my fraternity site had been hacked. I was able to replace the index.php file and reset the permissions to 444. Now, I cannot login to the admin area. Apparently, the hacker found a way to create a user for himself and locked me out . How do I regain access and also how to better secure my site so this doesn't happen again.

Jay

Top

gooseandluba

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Fri Jan 04, 2008 8:20 pm

Joomla! Apprentice

Joined: Tue Dec 25, 2007 5:08 pm
Posts: 7

I have the exact same problem! My hosting company restored my site but now I also cannot login to the admin area. I wonder if we were hacked by the same crew.

Any help from the forum would be greatly appreciated. I know there is a lot of information on this site but I haven't found anything that relates specifically to this problem. I hope to tighten up my site before these guys strike again.

Thanks.

Top

volmark

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Fri Jan 04, 2008 9:22 pm

Joomla! Intern

Joined: Thu Dec 13, 2007 2:37 am
Posts: 76

Check carefully files and directories permissions and the ownership especially on directory where sessions files are stored.
I have had this problem some times not because of crackers but because my shred host has PHP safe mode on and HTTPD process changes permissions on sessions files.

Top

PhilD

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Fri Jan 04, 2008 9:30 pm

Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2693
Location: Wisconsin USA

I believe setting the index.php permissions to 444 will prevent you from accessing the file in order to log in. try setting the permissions to 644 on files

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

Top

fw116

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Fri Jan 04, 2008 9:41 pm

Joomla! Ace

Joined: Tue Sep 06, 2005 11:18 am
Posts: 1365
Location: Germany

nope... setting index.php to 444 in the admin area does not affect the login process.

_________________
http://www.schrammen.net

Top

PhilTaylor-Prazgod

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Sat Jan 05, 2008 9:46 pm

Joomla! Ace

Joined: Sat Aug 20, 2005 12:32 pm
Posts: 1109
Location: Weymouth, UK

WARNING the following recommendation will nuke/delete/kill all existing users on a Joomla site - only use it if thats what you want to do

You can run the following SQL in phpMyAdmin, this will nuke ALL USERS and will create a single super admin called "admin" with a password of "admin" - after running this you should change that password.

By removing all existing users you can be sure that the hackers changes are removed.

If this is the true nature of your login problems then the following will fix this.

Code:

-- phpMyAdmin SQL Dump
-- version 2.11.1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jan 05, 2008 at 09:44 PM
-- Server version: 5.0.45
-- PHP Version: 5.2.3-1ubuntu6.2

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `FRESH`
--

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_aro`
--

DROP TABLE IF EXISTS `jos_core_acl_aro`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_aro` (
  `aro_id` int(11) NOT NULL auto_increment,
  `section_value` varchar(240) NOT NULL default '0',
  `value` varchar(240) NOT NULL default '',
  `order_value` int(11) NOT NULL default '0',
  `name` varchar(255) NOT NULL default '',
  `hidden` int(11) NOT NULL default '0',
  PRIMARY KEY  (`aro_id`),
  UNIQUE KEY `jos_gacl_section_value_value_aro` (`section_value`(100),`value`(100)),
  KEY `jos_gacl_hidden_aro` (`hidden`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

--
-- Dumping data for table `jos_core_acl_aro`
--

INSERT INTO `jos_core_acl_aro` VALUES(10, 'users', '62', 0, 'Administrator', 0);

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_aro_groups`
--

DROP TABLE IF EXISTS `jos_core_acl_aro_groups`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_aro_groups` (
  `group_id` int(11) NOT NULL auto_increment,
  `parent_id` int(11) NOT NULL default '0',
  `name` varchar(255) NOT NULL default '',
  `lft` int(11) NOT NULL default '0',
  `rgt` int(11) NOT NULL default '0',
  PRIMARY KEY  (`group_id`),
  KEY `parent_id_aro_groups` (`parent_id`),
  KEY `jos_gacl_parent_id_aro_groups` (`parent_id`),
  KEY `jos_gacl_lft_rgt_aro_groups` (`lft`,`rgt`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=31 ;

--
-- Dumping data for table `jos_core_acl_aro_groups`
--

INSERT INTO `jos_core_acl_aro_groups` VALUES(17, 0, 'ROOT', 1, 22);
INSERT INTO `jos_core_acl_aro_groups` VALUES(28, 17, 'USERS', 2, 21);
INSERT INTO `jos_core_acl_aro_groups` VALUES(29, 28, 'Public Frontend', 3, 12);
INSERT INTO `jos_core_acl_aro_groups` VALUES(18, 29, 'Registered', 4, 11);
INSERT INTO `jos_core_acl_aro_groups` VALUES(19, 18, 'Author', 5, 10);
INSERT INTO `jos_core_acl_aro_groups` VALUES(20, 19, 'Editor', 6, 9);
INSERT INTO `jos_core_acl_aro_groups` VALUES(21, 20, 'Publisher', 7, 8);
INSERT INTO `jos_core_acl_aro_groups` VALUES(30, 28, 'Public Backend', 13, 20);
INSERT INTO `jos_core_acl_aro_groups` VALUES(23, 30, 'Manager', 14, 19);
INSERT INTO `jos_core_acl_aro_groups` VALUES(24, 23, 'Administrator', 15, 18);
INSERT INTO `jos_core_acl_aro_groups` VALUES(25, 24, 'Super Administrator', 16, 17);

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_aro_sections`
--

DROP TABLE IF EXISTS `jos_core_acl_aro_sections`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_aro_sections` (
  `section_id` int(11) NOT NULL auto_increment,
  `value` varchar(230) NOT NULL default '',
  `order_value` int(11) NOT NULL default '0',
  `name` varchar(230) NOT NULL default '',
  `hidden` int(11) NOT NULL default '0',
  PRIMARY KEY  (`section_id`),
  UNIQUE KEY `value_aro_sections` (`value`),
  UNIQUE KEY `jos_gacl_value_aro_sections` (`value`),
  KEY `hidden_aro_sections` (`hidden`),
  KEY `jos_gacl_hidden_aro_sections` (`hidden`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

--
-- Dumping data for table `jos_core_acl_aro_sections`
--

INSERT INTO `jos_core_acl_aro_sections` VALUES(10, 'users', 1, 'Users', 0);

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_groups_aro_map`
--

DROP TABLE IF EXISTS `jos_core_acl_groups_aro_map`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_groups_aro_map` (
  `group_id` int(11) NOT NULL default '0',
  `section_value` varchar(240) NOT NULL default '',
  `aro_id` int(11) NOT NULL default '0',
  UNIQUE KEY `group_id_aro_id_groups_aro_map` (`group_id`,`section_value`,`aro_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `jos_core_acl_groups_aro_map`
--

INSERT INTO `jos_core_acl_groups_aro_map` VALUES(25, '', 10);

-- --------------------------------------------------------

--
-- Table structure for table `jos_users`
--

DROP TABLE IF EXISTS `jos_users`;
CREATE TABLE IF NOT EXISTS `jos_users` (
  `id` int(11) NOT NULL auto_increment,
  `name` varchar(50) NOT NULL default '',
  `username` varchar(25) NOT NULL default '',
  `email` varchar(100) NOT NULL default '',
  `password` varchar(100) NOT NULL default '',
  `usertype` varchar(25) NOT NULL default '',
  `block` tinyint(4) NOT NULL default '0',
  `sendEmail` tinyint(4) default '0',
  `gid` tinyint(3) unsigned NOT NULL default '1',
  `registerDate` datetime NOT NULL default '0000-00-00 00:00:00',
  `lastvisitDate` datetime NOT NULL default '0000-00-00 00:00:00',
  `activation` varchar(100) NOT NULL default '',
  `params` text NOT NULL,
  PRIMARY KEY  (`id`),
  KEY `usertype` (`usertype`),
  KEY `idx_name` (`name`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=63 ;

--
-- Dumping data for table `jos_users`
--

INSERT INTO `jos_users` VALUES(62, 'Administrator', 'admin', 'admin@127.0.0.1', '1b6c9ca60503cf3e784fb05611320fc8:NEQuJ5psDbwIXt2Q', 'Super Administrator', 0, 1, 25, '2007-11-09 23:41:17', '0000-00-00 00:00:00', '', 'expired=\nexpired_time=');

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/

Top

313designs

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Sun Jan 06, 2008 10:00 pm

Joomla! Apprentice

Joined: Fri May 11, 2007 6:47 pm
Posts: 17

Greetings,

I applied the Query and I now can login. Only issue is losing those who signed up as site users but hey...I'll take the grunts and complaints on that one.

Thanks for the fix. Now I have to work on better securing this site.

Jay

Top

PhilTaylor-Prazgod

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Sun Jan 06, 2008 10:13 pm

Joomla! Ace

Joined: Sat Aug 20, 2005 12:32 pm
Posts: 1109
Location: Weymouth, UK

313designs wrote:

I'm glad you are now all sorted :-)

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/

Top

poks

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Wed Jan 30, 2008 6:42 am

Joomla! Fledgling

Joined: Mon Jan 21, 2008 8:56 am
Posts: 2

Hi all,

there's a similar problem with my site, http://www.theurbanwire.com

however, not only is it that i cant login to the admin area, but also cannot login to the server, which is lunarpages. also, any links clicked on the mainpage (which is the only accessible page), leads to this message:

"If you're a Singnet user, you may not be able to access theurbanwire.com and many other webpages. Please call 1800 848 6933 to have your access restored. Thank you!"

Trying to login to the admin page, http://www.theurbanwire.com/stories/administrator also brings me to the same message.

Would appreciate if someone could advice me about the situation soon as it's a very important online business which will affect many.

Thank you very much!

Top

dhuelsmann

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Fri Feb 01, 2008 1:47 pm

Joomla! Master

Joined: Sun Oct 02, 2005 12:50 am
Posts: 17557
Location: Omaha, NE

poks wrote:

I suggest you call the telephone number.

_________________
Regards, Dave
http://www.kiwaniswest.org
http://www.huelsmann.us

Top

Corsulian

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Fri Apr 03, 2009 3:36 pm

Joomla! Apprentice

Joined: Wed Sep 03, 2008 11:14 pm
Posts: 31

Ask your host to roll back your site to a time before the attack (though this was a while back so they might keep the backups for that long).

For your next site, try jSecure Authentication. It's free and will thwart most of these casual attacks.

Top

PhilTaylor-Prazgod

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Fri Apr 03, 2009 3:45 pm

Joomla! Ace

Joined: Sat Aug 20, 2005 12:32 pm
Posts: 1109
Location: Weymouth, UK

thats *IF* the webhost has done a backup - most contracts state data backup is the customers responsibility - and so you should NEVER rely on your provider doing a backup for you. After all its YOUR data :-) Your responsibility :-)

P.

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/

Top

eradio

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Mon Aug 24, 2009 4:38 pm

Joomla! Apprentice

Joined: Mon Apr 28, 2008 9:45 pm
Posts: 42

I ran script and nuked all users, but still cannot login with default credentials as mentioned. Would this imply another issue entirely?

Thanks for the help Phil.

Top

mandville

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Mon Aug 24, 2009 5:11 pm

Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex

eradio wrote:

I ran script and nuked all users, but still cannot login with default credentials as mentioned. Would this imply another issue entirely?

Thanks for the help Phil.

this 6 month old topic is probably very different to yours. please run the forum post tool and then start a new topic

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Top

mhadipour

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Sat Mar 06, 2010 11:29 am

Joomla! Intern

Joined: Thu Jan 08, 2009 11:22 am
Posts: 70

hi eradio

did you solve your problem ? because i have the same problem.

Top

MCC

Post subject: Re: Site Hacked And Cannot Login to Admin Area

Posted: Tue Oct 19, 2010 7:22 pm

Joomla! Apprentice

Joined: Wed Oct 08, 2008 3:47 am
Posts: 32

I am not a php guy, but I am learning...Do I use the entire block of code below or only a portion? And should I change the 'admin@127.0.0.1' to my personal e-mail? Any other changes?

THANK YOU!!!

PhilTaylor-Prazgod wrote:

Code:

-- phpMyAdmin SQL Dump
-- version 2.11.1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jan 05, 2008 at 09:44 PM
-- Server version: 5.0.45
-- PHP Version: 5.2.3-1ubuntu6.2

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `FRESH`
--

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_aro`
--

DROP TABLE IF EXISTS `jos_core_acl_aro`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_aro` (
  `aro_id` int(11) NOT NULL auto_increment,
  `section_value` varchar(240) NOT NULL default '0',
  `value` varchar(240) NOT NULL default '',
  `order_value` int(11) NOT NULL default '0',
  `name` varchar(255) NOT NULL default '',
  `hidden` int(11) NOT NULL default '0',
  PRIMARY KEY  (`aro_id`),
  UNIQUE KEY `jos_gacl_section_value_value_aro` (`section_value`(100),`value`(100)),
  KEY `jos_gacl_hidden_aro` (`hidden`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

--
-- Dumping data for table `jos_core_acl_aro`
--

INSERT INTO `jos_core_acl_aro` VALUES(10, 'users', '62', 0, 'Administrator', 0);

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_aro_groups`
--

DROP TABLE IF EXISTS `jos_core_acl_aro_groups`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_aro_groups` (
  `group_id` int(11) NOT NULL auto_increment,
  `parent_id` int(11) NOT NULL default '0',
  `name` varchar(255) NOT NULL default '',
  `lft` int(11) NOT NULL default '0',
  `rgt` int(11) NOT NULL default '0',
  PRIMARY KEY  (`group_id`),
  KEY `parent_id_aro_groups` (`parent_id`),
  KEY `jos_gacl_parent_id_aro_groups` (`parent_id`),
  KEY `jos_gacl_lft_rgt_aro_groups` (`lft`,`rgt`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=31 ;

--
-- Dumping data for table `jos_core_acl_aro_groups`
--

INSERT INTO `jos_core_acl_aro_groups` VALUES(17, 0, 'ROOT', 1, 22);
INSERT INTO `jos_core_acl_aro_groups` VALUES(28, 17, 'USERS', 2, 21);
INSERT INTO `jos_core_acl_aro_groups` VALUES(29, 28, 'Public Frontend', 3, 12);
INSERT INTO `jos_core_acl_aro_groups` VALUES(18, 29, 'Registered', 4, 11);
INSERT INTO `jos_core_acl_aro_groups` VALUES(19, 18, 'Author', 5, 10);
INSERT INTO `jos_core_acl_aro_groups` VALUES(20, 19, 'Editor', 6, 9);
INSERT INTO `jos_core_acl_aro_groups` VALUES(21, 20, 'Publisher', 7, 8);
INSERT INTO `jos_core_acl_aro_groups` VALUES(30, 28, 'Public Backend', 13, 20);
INSERT INTO `jos_core_acl_aro_groups` VALUES(23, 30, 'Manager', 14, 19);
INSERT INTO `jos_core_acl_aro_groups` VALUES(24, 23, 'Administrator', 15, 18);
INSERT INTO `jos_core_acl_aro_groups` VALUES(25, 24, 'Super Administrator', 16, 17);

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_aro_sections`
--

DROP TABLE IF EXISTS `jos_core_acl_aro_sections`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_aro_sections` (
  `section_id` int(11) NOT NULL auto_increment,
  `value` varchar(230) NOT NULL default '',
  `order_value` int(11) NOT NULL default '0',
  `name` varchar(230) NOT NULL default '',
  `hidden` int(11) NOT NULL default '0',
  PRIMARY KEY  (`section_id`),
  UNIQUE KEY `value_aro_sections` (`value`),
  UNIQUE KEY `jos_gacl_value_aro_sections` (`value`),
  KEY `hidden_aro_sections` (`hidden`),
  KEY `jos_gacl_hidden_aro_sections` (`hidden`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

--
-- Dumping data for table `jos_core_acl_aro_sections`
--

INSERT INTO `jos_core_acl_aro_sections` VALUES(10, 'users', 1, 'Users', 0);

-- --------------------------------------------------------

--
-- Table structure for table `jos_core_acl_groups_aro_map`
--

DROP TABLE IF EXISTS `jos_core_acl_groups_aro_map`;
CREATE TABLE IF NOT EXISTS `jos_core_acl_groups_aro_map` (
  `group_id` int(11) NOT NULL default '0',
  `section_value` varchar(240) NOT NULL default '',
  `aro_id` int(11) NOT NULL default '0',
  UNIQUE KEY `group_id_aro_id_groups_aro_map` (`group_id`,`section_value`,`aro_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `jos_core_acl_groups_aro_map`
--

INSERT INTO `jos_core_acl_groups_aro_map` VALUES(25, '', 10);

-- --------------------------------------------------------

--
-- Table structure for table `jos_users`
--

DROP TABLE IF EXISTS `jos_users`;
CREATE TABLE IF NOT EXISTS `jos_users` (
  `id` int(11) NOT NULL auto_increment,
  `name` varchar(50) NOT NULL default '',
  `username` varchar(25) NOT NULL default '',
  `email` varchar(100) NOT NULL default '',
  `password` varchar(100) NOT NULL default '',
  `usertype` varchar(25) NOT NULL default '',
  `block` tinyint(4) NOT NULL default '0',
  `sendEmail` tinyint(4) default '0',
  `gid` tinyint(3) unsigned NOT NULL default '1',
  `registerDate` datetime NOT NULL default '0000-00-00 00:00:00',
  `lastvisitDate` datetime NOT NULL default '0000-00-00 00:00:00',
  `activation` varchar(100) NOT NULL default '',
  `params` text NOT NULL,
  PRIMARY KEY  (`id`),
  KEY `usertype` (`usertype`),
  KEY `idx_name` (`name`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=63 ;

--
-- Dumping data for table `jos_users`
--

INSERT INTO `jos_users` VALUES(62, 'Administrator', 'admin', 'admin@127.0.0.1', '1b6c9ca60503cf3e784fb05611320fc8:NEQuJ5psDbwIXt2Q', 'Super Administrator', 0, 1, 25, '2007-11-09 23:41:17', '0000-00-00 00:00:00', '', 'expired=\nexpired_time=');

Top

Page 1 of 1

[ 16 posts ]

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Who is online

Users browsing this forum: No registered users and 12 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Welcome to Joomla!

Recent Joomla! News

Support Joomla!

What Is Joomla?

Joomla! for Business

Joomla! for Developers

Learn more about Joomla!

Connect!

Support!

Read!

Get involved with Joomla!

Directories

Developers

Download Joomla! 2.5

Download Joomla! 3.1

Getting Started with Joomla!

Internationalization

The Joomla! Forum ™

Forum rules

Site Hacked And Cannot Login to Admin Area

Who is online