lack of access by AdminExile and DirectAdmin

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
p1otr
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Sat Jan 17, 2015 10:21 am

lack of access by AdminExile and DirectAdmin

Post by p1otr » Sat Jan 17, 2015 10:48 am

Hello,
1. In December the number of Brute Force Attack began to go into the thousands so I installed AdminExile. It had worked correctly until the first clean of browser (Firefox34) - history, cookies. After that I could just log in to the admin backened. Access to components, articles and everything (also my website) ended with an error 403 "Forbidden. You don'have permission to access ... on this server." After uninstalling AdminExile everything was back to normal. I tried the password through DirectAdmin securing administrator file and everything went like with AdminExile. The same errors happen in Chrome browser. My Joomla 2.5.28 and my Ip is dynamic. For two weeks I have searched the forums but found nothing. I wrote to the administration AdminExile and hosting service, they do not see errors on their side. The question is whether this problem is solvable or the extensions are related to cookies to work properly and will not work without them?
2. I was checking the files on the server and found that there were .htaccess (mod_rewrite enabled, it works correctly) and in the same site htaccess.txt. Modification date of the first was 30.01.2013 (then was renamed), and .txt is 12.01.2015. Should both files exist on the server at the same time and is htaccess.txt also needed?
Kind regards.

incredible
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Sun Sep 22, 2013 11:50 am
Location: Srinagar
Contact:

Re: lack of access by AdminExile and DirectAdmin

Post by incredible » Sun Jan 18, 2015 2:23 pm

for number 2 : htaccess.txt is not required. The work is done on .htaccess only.

for number 1 : when you navigate through your website , does only then the error 403 occur ? does the website load the first time ?
Technical Lead at Techvity IT Services
E-mail : faheem.r@techvityit.com
Website : http://techvityit.com

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14789
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: lack of access by AdminExile and DirectAdmin

Post by mandville » Sun Jan 18, 2015 5:21 pm

actually for number 2,
the contents of the htaccess.txt should be the same as the .htaccess one. use the updated version .copy and paste as needed
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

p1otr
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Sat Jan 17, 2015 10:21 am

Re: lack of access by AdminExile and DirectAdmin

Post by p1otr » Sun Jan 18, 2015 6:26 pm

incredible wrote:for number 2 : htaccess.txt is not required. The work is done on .htaccess only.

for number 1 : when you navigate through your website , does only then the error 403 occur ? does the website load the first time ?
1. The website doesn't load after error 403 in the backend. Otherwise, it works.
The mechanism of the session in my mind, looks like this:
- I log in to the admin panel, open the administrator session, session ID is generated and saved in the database (or in my case this is not saved?)
- The same code is sent to the browser in the form of cookies
- Further navigation, every action in the backend is based on the comparison of data from the browser with the saved ones in the database
Access error must therefore be linked to the database tables, but why does not occur without the extensions (admintools, AdminExile, DirectAdmin) installed/uninstalled?
mandville wrote:actually for number 2,
the contents of the htaccess.txt should be the same as the .htaccess one. use the updated version .copy and paste as needed
2. It's done. Thank you :). Is htaccess.txt still needed, whether should be deleted?


Locked

Return to “Security in Joomla! 2.5”