Joomla Admin not accessible - Plesae help

Discussion regarding Joomla! 2.5 security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
technomatters
Joomla! Apprentice
Joomla! Apprentice
Posts: 45
Joined: Fri Jul 11, 2008 9:13 am

Joomla Admin not accessible - Plesae help

Post by technomatters » Wed Jan 25, 2017 7:55 am

Hi Admins

The following site doesnt allowing to login into the admin

I found the site got hacked, so took permission from server admin to access the website from my IP.

I have seen plugins from phpmyadmin either the auth, user plugins are disabled. But both are enabled

There are 2 users in the database before, i have removed both of them and created one super admin user. Plese find the details below and help me.

======================
Here is the details
======================

PHP Version: 5.4 (http://prntscr.com/e00kbf)

Joomla Version: 2.5

Here is FPA Data
=======================
Problem Description :: Forum Post Assistant (v1.2.4) : 25th January 2017 wrote:Joomla Admin cant access - 2.5
Log/Error Message :: Forum Post Assistant (v1.2.4) : 25th January 2017 wrote:Username and password do not match or you do not have an account yet.
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.4) : 25th January 2017 wrote:[24-Jan-2017 15:55:10 UTC] PHP Warning: include(): Failed opening '/home/aceecac/public_html/images/ExamBranch/AcademicCalender/plugin.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/aceecac/public_html/includes/framework.php on line 4
Actions Taken To Resolve by Forum Post Assistant (v1.2.4) 25th January 2017 wrote:Changes all passwords and removed hacked file found through cpanel virus scan
Forum Post Assistant (v1.2.4) : 25th January 2017 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.22-Stable (Ember) 12-June-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: aceecac (uid: 1/gid: 1) | Group: aceecac (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-673.26.1.lve1.4.15.el6.x86_64 | Technology: x86_64 | Web Server: LiteSpeed | Encoding: gzip, deflate | Doc Root: /home/aceecac/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.35 | PHP API: litespeed | Session Path Writable: Yes | Display Errors: | Error Reporting: 24567 | Log Errors To: error_log | Last Known Error: 24th January 2017 15:55:10. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /home/aceecac:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 300 | Max. Execution Time: 400 | Memory Limit: 512M

MySQL Configuration :: Version: 5.5.52-cll (Client:5.5.52) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 54.42 MiB | #of Tables:  259
Detailed Environment :: wrote:PHP Extensions :: Core (5.4.35) | date (5.4.35) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | standard (5.4.35) | mysql (1.0) | mysqli (0.1) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | Phar (2.0.1) | posix () | pspell () | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | imap () | SimpleXML (0.1) | sockets () | exif (1.4 $Id: 637ebf9289b40d157fdf8edcdddeb3d907b28d9b $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | litespeed () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | pdo_mysql (1.0.2) | SourceGuardian (10.1) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.4.0) |
Potential Missing Extensions :: zip | suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: K2 Links for JCE Link (2.2) | WF_LINKS_JOOMLALINKS_TITLE (2.3.4.4) | WF_LINK_SEARCH_TITLE (2.3.4.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.4.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.4.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.4.4) | WF_AGGREGATOR_VINE_TITLE (2.3.4.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.4.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.4.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.4.4) | WF_POPUPS_WINDOW_TITLE (2.3.4.4) | WF_STYLE_TITLE (2.3.4.4) | WF_NONBREAKING_TITLE (2.3.4.4) | WF_BROWSER_TITLE (2.3.4.4) | WF_PREVIEW_TITLE (2.3.4.4) | WF_SEARCHREPLACE_TITLE (2.3.4.4) | WF_CONTEXTMENU_TITLE (2.3.4.4) | WF_FULLSCREEN_TITLE (2.3.4.4) | WF_MEDIA_TITLE (2.3.4.4) | WF_INLINEPOPUPS_TITLE (2.3.4.4) | WF_LAYER_TITLE (2.3.4.4) | WF_SPELLCHECKER_TITLE (2.3.4.4) | WF_CHARMAP_TITLE (2.3.4.4) | WF_TABLE_TITLE (2.3.4.4) | WF_KITCHENSINK_TITLE (2.3.4.4) | WF_VISUALCHARS_TITLE (2.3.4.4) | WF_DIRECTIONALITY_TITLE (2.3.4.4) | WF_CLIPBOARD_TITLE (2.3.4.4) | WF_PRINT_TITLE (2.3.4.4) | WF_TEXTCASE_TITLE (2.3.4.4) | WF_ARTICLE_TITLE (2.3.4.4) | WF_CLEANUP_TITLE (2.3.4.4) | WF_AUTOSAVE_TITLE (2.3.4.4) | WF_SOURCE_TITLE (2.3.4.4) | WF_LINK_TITLE (2.3.4.4) | WF_IMGMANAGER_TITLE (2.3.4.4) | WF_VISUALBLOCKS_TITLE (2.3.4.4) | WF_LISTS_TITLE (2.3.4.4) | WF_XHTMLXTRAS_TITLE (2.3.4.4) | WF_ANCHOR_TITLE (2.3.4.4) | com_mailto (2.5.0) | com_wrapper (2.5.0) |
Components :: ADMIN :: com_media (2.5.0) | com_finder (2.5.0) | JCE (2.3.4.4) | Unknown (-) | com_banners (2.5.0) | com_plugins (2.5.0) | com_config (2.5.0) | com_installer (2.5.0) | com_newsfeeds (2.5.0) | com_search (2.5.0) | com_uniterevolution (2.2) | com_xmap (2.3.3) | com_cache (2.5.0) | com_redirect (2.5.0) | com_content (2.5.0) | COM_K2 (2.6.8) | mod_k2_comments (-) | mod_k2_comments (-) | com_messages (2.5.0) | com_templates (2.5.0) | com_login (2.5.0) | AcyMailing Module (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Tag : Manage the Su (4.6.2) | AcyMailing Tag : Website links (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Template Class Repl (4.6.2) | AcyMailing Tag : Date / Time (4.6.2) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : Subscriber in (4.6.2) | AcyMailing Tag : Joomla User I (4.6.2) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Editor (beta) (4.6.2) | AcyMailing Tag : content inser (3.7.0) | AcyMailing : (auto)Subscribe d (4.6.2) | AcyMailing : share on social n (1.0.0) | AcyMailing (4.6.2) | com_modules (2.5.0) | com_cpanel (2.5.0) | com_checkin (2.5.0) | com_weblinks (2.5.0) | com_menus (2.5.0) | com_admin (2.5.0) | plg_system_kunena (-) | plg_kunena_gravatar (3.0.5) | plg_kunena_community (3.0.5) | plg_kunena_finder (3.0.5) | plg_finder_kunena (3.0.5) | plg_kunena_uddeim (3.0.5) | plg_kunena_comprofiler (3.0.5) | plg_kunena_joomla (3.0.5) | plg_kunena_alphauserpoints (3.0.5) | plg_kunena_kunena (3.0.5) | mod_kunenamenu (3.0.5) | com_kunena (3.0.5) | com_categories (2.5.0) | com_users (2.5.0) | com_joomlaupdate (2.5.0) | com_languages (2.5.0) |

Modules :: SITE :: mod_banners (2.5.0) | ARI Cloud Carousel (1.7.5) | ARI Cloud Carousel (1.7.5) | mod_menu (2.5.0) | JM Page Title (1.0.4) | mod_weblinks (2.5.0) | Fancy Image Show (2.0) | mod_articles_latest (2.5.0) | JM Video Slide (1.0.0) | AcyMailing Module (3.7.0) | mod_articles_categories (2.5.0) | mod_finder (2.5.0) | Highlighter GK5 (1.1.1) | Jm Quick Contact (1.0.0) | mod_random_image (2.5.0) | mod_stats (2.5.0) | SP Tab (1.9.1) | Xpert Scroller (3.10-1-GFF3CA) | sigplus (1.4.2.19) | mod_wrapper (2.5.0) | JM Google Maps (2.0.9) | mod_syndicate (2.5.0) | mod_feed (2.5.0) | mod_users_latest (2.5.0) | Unite Revolution Slider (2.2) | JM Socials (1.0.6) | JM Parallax (1.0.4) | JM HTML5 Video Gallery (1.0.0) | JM Background Video (1.0.0) | VTEM Carousel (1.0) | K2 Comments (2.6.8) | mod_breadcrumbs (2.5.0) | JM Skills (1.0.1) | Tabs GK5 (1.7.3) | FavSlider Responsive Slideshow (1.6) | K2 Content (2.6.8) | mod_articles_popular (2.5.0) | mod_articles_category (2.5.0) | Vertical scroll recent article (3.0) | mod_languages (2.5.0) | K2 Users (2.6.8) | mod_custom (2.5.0) | Text Scroller (1.1.1) | mod_related_items (2.5.0) | JM Twitter Roll (1.0.9) | mod_articles_news (2.5.0) | K2 Tools (2.6.8) | mod_articles_archive (2.5.0) | JM News Pro (2.1.7) | JE Accordion Menu (3.4) | mod_login (2.5.0) | mod_footer (2.5.0) | mod_whosonline (2.5.0) | mod_search (2.5.0) | K2 User (2.6.8) | Jm Login (1.0.2) | JM Video Gallery (1.0.0) |
Modules :: ADMIN :: mod_menu (2.5.0) | JM Page Title (1.0.0) | mod_multilangstatus (2.5.0) | mod_quickicon (2.5.0) | mod_submenu (2.5.0) | mod_status (2.5.0) | K2 Quick Icons (admin) (2.6.8) | mod_title (2.5.0) | mod_feed (2.5.0) | mod_logged (2.5.0) | mod_version (2.5.0) | mod_toolbar (2.5.0) | mod_custom (2.5.0) | K2 Stats (admin) (2.6.8) | mod_login (2.5.0) | mod_latest (2.5.0) | mod_popular (2.5.0) |

Plugins :: SITE :: plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_kunena (3.0.5) | plg_quickicon_jcefilebrowser (2.3.4.4) | plg_finder_categories (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_k2 (2.6.8) | plg_finder_content (2.5.0) | plg_editors_tinymce (3.5.4.1) | plg_editors_codemirror (1.0) | AcyMailing Editor (beta) (4.6.2) | plg_editors_jce (2.3.4.4) | plg_captcha_recaptcha (2.5.0) | plg_editors-xtd_readmore (2.5.0) | Button - RokBox (2.0.11) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | PLG_EDITORS-XTD_MODULESANYWHER (3.2.3FREE) | plg_editors-xtd_article (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | User - K2 (2.6.8) | plg_user_profile (2.5.0) | plg_search_categories (2.5.0) | plg_search_contacts (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | Search - K2 (2.6.8) | plg_search_content (2.5.0) | Phoca PDF - Content (2.0.6) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | Josetta - K2 Items (2.6.8) | Josetta - K2 Categories (2.6.8) | plg_extension_joomla (2.5.0) | AcyMailing : share on social n (1.0.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : Manage the Su (4.6.2) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Template Class Repl (4.6.2) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : Joomla User I (4.6.2) | AcyMailing Tag : content inser (3.7.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Subscriber in (4.6.2) | AcyMailing Tag : Date / Time (4.6.2) | plg_kunena_joomla (3.0.5) | plg_kunena_alphauserpoints (3.0.5) | plg_kunena_gravatar (3.0.5) | plg_kunena_uddeim (3.0.5) | plg_kunena_kunena (3.0.5) | plg_kunena_community (3.0.5) | plg_kunena_comprofiler (3.0.5) | Xmap - Virtuemart Plugin (2.0.1) | Xmap - Content Plugin (2.0.4) | XMAP_PLUGIN_K2 (1.3) | Xmap - SobiPro Plugin (2.0.2) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - WebLinks Plugin (2.0.1) | Xmap - Kunena Plugin (2.0.3) | plg_content_finder (2.5.0) | plg_content_vote (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_geshi (2.5.0) | Content - RokBox (2.0.11) | plg_content_joomla (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_loadmodule (2.5.0) | Content - Image gallery - sigp (1.4.2.19) | plg_content_pagenavigation (2.5.0) | Simple Image Gallery Pro (by J (2.6.0) | Simple Image Gallery Pro (by J (2.6.0) | plg_system_log (2.5.0) | System - RokBox (2.0.11) | plg_system_remember (2.5.0) | plg_system_debug (2.5.0) | plg_system_sef (2.5.0) | plg_system_cache (2.5.0) | PLG_SYSTEM_MODULESANYWHERE (3.2.3FREE) | plg_system_logout (2.5.0) | System - Helix Framework (2.1.8) | System - K2 (2.6.8) | plg_system_phocapdf (3.0.2) | AcyMailing : (auto)Subscribe d (4.6.2) | plg_system_highlight (2.5.0) | plg_system_p3p (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_kunena (3.0.5) | plg_system_languagecode (2.5.0) | PLG_SYSTEM_NNFRAMEWORK (13.3.9) | plg_system_redirect (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: beez5 (2.5.0) | beez_20 (2.5.0) | jm_flatix (2.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |
===============================

I tried reset password option through the reset link, it is saying user not found (entered email not found)
Please read the forum rules regarding the use of signatures: http://forum.joomla.org/viewtopic.php?f=8&t=65

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4025
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Joomla Admin not accessible - Plesae help

Post by itoctopus » Wed Jan 25, 2017 2:55 pm

Your website is hacked - that PHP file included from the images folder shouldn't be there and shouldn't be included. Proceed accordingly - there are many cleanup instructions on this website and elsewhere. If you want to get your website up and ready very quickly, then re-copy the core Joomla files matching your version, scan your website, delete the hacked files, and ensure that index.php is the only file directly executed by the outside world (that can be done in the .htaccess file).

Note: I didn't see the line where you were saying that the website was hacked. In any case, follow the quick instructions above or the cleanup instructions that are found on this website and elsewhere.

Another note: Try resetting the password from phpMyAdmin (please google on how to do this).
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44022
Joined: Sat Apr 05, 2008 9:58 pm

Re: Joomla Admin not accessible - Plesae help

Post by Webdongle » Wed Jan 25, 2017 3:03 pm

http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".


Locked

Return to “Security in Joomla! 2.5”