Sudden Joomla site login problem

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
mahmudmia
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Feb 03, 2015 8:40 am

Sudden Joomla site login problem

Post by mahmudmia » Tue Feb 03, 2015 8:50 am

We have 5-6 Joomla sites (some 2.5 & some 3.x) in a dedicated server. All of the sites were working fine, but from yesterday the sites are not allowing LOGIN. The FPA output of one of the domain -

[mod removed]

The server company is saying that only Joomla sites in the server are having login roblem, but other web sites do not have any issues. You can test the login using the following credentials -

User ID: [mod removed]
Password: [mod removed]

There is no error in the Apache error log.

Can someone please help...we have active Government clients waiting to access the sites.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11218
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Sudden Joomla site login problem

Post by toivo » Tue Feb 03, 2015 10:58 am

Please follow the FPA instructions in http://forum.joomla.org/viewtopic.php?f=621&t=582860 and copy and paste the output to the post and then remove the FPA from your site.

Was anything changed in the server or in the web site before the login stopped working?
There is no error in the Apache error log.
Does your server track PHP errors? They would get written into in a different log.

Your Joomla 2.5.8 is very old and some of the extensions may be vulnerable.

Three core folders have the mode 777 which makes them insecure, they should be 775.

You should point out to your service provider that they need to update the OpenSSL software urgently.
Toivo Talikka, Global Moderator

mahmudmia
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Feb 03, 2015 8:40 am

Re: Sudden Joomla site login problem

Post by mahmudmia » Tue Feb 03, 2015 3:13 pm

Here is the FPA output for another site http://69.39.239.111/~szcts/, which has a temp link, but is more secured -
Forum Post Assistant (v1.2.4) : 3rd February 2015 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.2.3-Stable (Ember) 6-March-2014
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: nobody (uid: 1/gid: 1) | Group: nobody (gid: 1) | Valid For: 3.2
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-431.3.1.el6.x86_64 | Technology: x86_64 | Web Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_jk/1.2.37 mod_bwlimited/1.4 PHP/5.4.37 | Encoding: gzip, deflate | Doc Root: /usr/local/apache/htdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.37 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: error_log | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 50M | Max. POST Size: 50M | Max. Input Time: 60 | Max. Execution Time: 60 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.40-cll (Client:5.5.40) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 23.38 MiB | #of Tables:  167
Detailed Environment :: wrote:PHP Extensions :: Core (5.4.37) | date (5.4.37) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | filter (0.11.0) | ftp () | gd () | gettext () | hash (1.0) | iconv () | SPL (0.2) | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | session () | mysql (1.0) | mysqli (0.1) | standard (5.4.37) | Phar (2.0.1) | posix () | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | SimpleXML (0.1) | snmp (0.1) | soap () | sockets () | imap () | tidy (2.0) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | apache2handler () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | pdo_mysql (1.0.2) | SourceGuardian (10.1) | ionCube Loader () | Zend OPcache (7.0.3FE) | Zend Guard Loader () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

Apache Modules :: core | mod_authn_file | mod_authn_default | mod_authz_host | mod_authz_groupfile | mod_authz_user | mod_authz_default | mod_auth_basic | mod_include | mod_filter | mod_deflate | mod_log_config | mod_logio | mod_env | mod_expires | mod_headers | mod_setenvif | mod_version | mod_proxy | mod_proxy_connect | mod_proxy_ftp | mod_proxy_http | mod_proxy_scgi | mod_proxy_ajp | mod_proxy_balancer | mod_ssl | prefork | http_core | mod_mime | mod_status | mod_autoindex | mod_asis | mod_info | mod_suexec | mod_cgi | mod_negotiation | mod_dir | mod_actions | mod_userdir | mod_alias | mod_rewrite | mod_so | mod_jk | mod_bwlimited | mod_php5 | Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_jk/1.2.37 mod_bwlimited/1.4 PHP/5.4.37 |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: cgi-bin/ (775) |
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) | com_mailto (3.0.0) |
Components :: ADMIN :: com_languages (3.0.0) | com_content (3.0.0) | com_contenthistory (3.2.0) | com_tags (3.1.0) | com_admin (3.0.0) | com_finder (3.0.0) | com_login (3.0.0) | JCode (1.0) | com_media (3.0.0) | com_joomlaupdate (3.0.0) | com_menus (3.0.0) | com_messages (3.0.0) | com_newsfeeds (3.0.0) | Admintools (3.3.1) | com_config (3.0.0) | com_users (3.0.0) | com_templates (3.0.0) | com_cpanel (3.0.0) | JoomlaWatch (1.2.12) | mod_k2_comments (-) | mod_k2_comments (-) | COM_K2 (2.6.8) | com_cache (3.0.0) | com_checkin (3.0.0) | com_weblinks (3.0.0) | com_redirect (3.0.0) | com_banners (3.0.0) | Akeeba (3.7.10) | com_categories (3.0.0) | com_search (3.0.0) | com_postinstall (3.2.0) | com_plugins (3.0.0) | com_ajax (3.2.0) | Quick Logout (1.9.2) | com_installer (3.0.0) | com_modules (3.0.0) |

Modules :: SITE :: mod_finder (3.0.0) | mod_login (3.0.0) | mod_users_latest (3.0.0) | mod_articles_categories (3.0.0) | mod_menu (3.0.0) | mod_tags_similar (3.1.0) | mod_random_image (3.0.0) | mod_articles_popular (3.0.0) | mod_tags_popular (3.1.0) | mod_feed (3.0.0) | mod_stats (3.0.0) | mod_articles_news (3.0.0) | mod_banners (3.0.0) | JoomlaWatch Agent (1.2.12) | K2 User (2.6.8) | mod_whosonline (3.0.0) | JoomlaWatch Users (1.2.12) | mod_syndicate (3.0.0) | mod_footer (3.0.0) | mod_weblinks (3.0.0) | mod_articles_category (3.0.0) | Sj K2 Splash (2.5) | mod_wrapper (3.0.0) | mod_breadcrumbs (3.0.0) | mod_search (3.0.0) | K2 Content (2.6.8) | K2 Comments (2.6.8) | mod_articles_archive (3.0.0) | K2 Tools (2.6.8) | mod_related_items (3.0.0) | JoomlaWatch Visitors (1.2.12) | K2 Users (2.6.8) | JCode (1.0) | mod_custom (3.0.0) | mod_languages (3.0.0) | mod_articles_latest (3.0.0) |
Modules :: ADMIN :: mod_login (3.0.0) | mod_quickicon (3.0.0) | mod_status (3.0.0) | mod_menu (3.0.0) | mod_toolbar (3.0.0) | mod_stats_admin (3.0.0) | mod_feed (3.0.0) | mod_multilangstatus (3.0.0) | mod_logged (3.0.0) | mod_submenu (3.0.0) | mod_popular (3.0.0) | mod_version (3.0.0) | K2 Quick Icons (admin) (2.6.8) | K2 Stats (admin) (2.6.8) | mod_custom (3.0.0) | mod_latest (3.0.0) | mod_title (3.0.0) |

Plugins :: SITE :: plg_authentication_gmail (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_joomla (3.0.0) | plg_authentication_ldap (3.0.0) | plg_content_pagebreak (3.0.0) | plg_content_loadmodule (3.0.0) | plg_content_emailcloak (3.0.0) | plg_content_joomla (3.0.0) | plg_content_finder (3.0.0) | plg_content_vote (3.0.0) | plg_content_pagenavigation (3.0.0) | plg_finder_categories (3.0.0) | plg_finder_weblinks (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_content (3.0.0) | plg_finder_k2 (2.6.8) | plg_finder_tags (3.0.0) | plg_finder_contacts (3.0.0) | plg_installer_webinstaller (1.0.5) | plg_extension_joomla (3.0.0) | plg_captcha_recaptcha (3.0.0) | plg_quickicon_extensionupdate (3.0.0) | plg_quickicon_joomlaupdate (3.0.0) | plg_user_contactcreator (3.0.0) | plg_user_joomla (3.0.0) | User - K2 (2.6.8) | plg_user_profile (3.0.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_search_categories (3.0.0) | plg_search_weblinks (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_content (3.0.0) | Search - K2 (2.6.8) | plg_search_contacts (3.0.0) | plg_system_cache (3.0.0) | plg_system_languagefilter (3.0.0) | System - Easy Language (1.2.2) | System - K2 (2.6.8) | PLG_SYSTEM_SOURCERER (4.3.1FREE) | PLG_SYSTEM_NNFRAMEWORK (13.12.7) | plg_system_languagecode (3.0.0) | plg_system_f90logout (0.0.1) | plg_system_log (3.0.0) | plg_system_p3p (3.0.0) | plg_system_redirect (3.0.0) | plg_system_debug (3.0.0) | PLG_SYS_MOOTABLE (1.1.1) | System - Admin Tools (3.3.1) | plg_system_logout (3.0.0) | plg_system_remember (3.0.0) | plg_system_highlight (3.0.0) | plg_system_sef (3.0.0) | plg_twofactorauth_yubikey (3.2.0) | plg_twofactorauth_totp (3.2.0) | plg_editors_codemirror (3.15) | plg_editors_tinymce (4.0.18) | Josetta - K2 Items (2.6.8) | Josetta - K2 Categories (2.6.8) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_readmore (3.0.0) | Button - Sourcerer (4.3.1FREE) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_image (3.0.0) |
Templates Discovered :: wrote:Templates :: SITE :: protostar (1.0) | ospsida1 (1.0) |
Templates :: ADMIN :: isis (1.0) | hathor (3.0.0) |
Last edited by mandville on Tue Feb 03, 2015 5:11 pm, edited 1 time in total.
Reason: disabled smilies

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11218
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Sudden Joomla site login problem

Post by toivo » Tue Feb 03, 2015 4:08 pm

Do you have access to the file error_log in the server? This site should also display errors in the browser page.

The .htaccess file seems to be missing. That file is useful because it stops certain types of malformed URLs from reaching the web site.

The hosting provider should update the OpenSSL software in the server urgently.

If the login is not working, you should check the integrity of the database.
Toivo Talikka, Global Moderator

mahmudmia
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Feb 03, 2015 8:40 am

Re: Sudden Joomla site login problem

Post by mahmudmia » Tue Feb 03, 2015 5:35 pm

We found that PHP has been updated to 5.4+ and after that all logins stopped working. We have updated .htaccess file in each of the site with these two lines -

php_value session.cookie_httponly 0
php_value session.cookie_secure 0

And everything working fine as before.

Does this has any negative implication?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14802
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Sudden Joomla site login problem

Post by mandville » Tue Feb 03, 2015 5:46 pm

out of date joomla. Running apache. Also signs of issues on your site
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11218
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Sudden Joomla site login problem

Post by toivo » Tue Feb 03, 2015 6:10 pm

You should get your service provider to do the right thing and update the Open SSL software in the servers. Give them this link and they should then know what to do: https://www.us-cert.gov/ncas/alerts/TA14-098A
php_value session.cookie_httponly 0
php_value session.cookie_secure 0

And everything working fine as before.

Does this has any negative implication?
Opinions differ among web developers, as you can see:
http://blog.codinghorror.com/protecting ... -httponly/
https://scottlinux.com/2012/07/08/prote ... pache-php/
.. but see the comment at the bottom of this Google groups thread:
https://groups.google.com/forum/#!topic ... BWPRyqb0o4
Toivo Talikka, Global Moderator


Locked

Return to “Security in Joomla! 2.5”