Page 1 of 1

Problem login to administrator back

Posted: Sun Dec 01, 2019 11:49 am
by michalsX
Webpage:
adozedukacja.pl
Problem to login as admin:
After logging in (screen1.png), I don't go to the back.
screen1.png
I'm automatically redirected to the contact form that I don't use on the webpage (screen2.png).
screen2.png
I use the same template on a different webpage and everything is fine. I think the problem appeared after the last update.
How can I get to the joomla back?

Re: Problem login to administrator back

Posted: Sun Dec 01, 2019 10:00 pm
by AMurray
Post the FPA report please: https://forumpostassistant.github.io/docs/ (refer "Forum Rules" top of screen, red box...)

When you say "it happened after the last update...." - Last update of what? Of Joomla, of third-party extensions..... etc ???

Check you're logging in with a relevant administrator level account (Manager, Administrator, Super User etc) ???

I don't know why it would redirect to a *contact* screen (especially one you say is not enabled) ??? if it was the wrong login detail it should simply show you an 'access denied' message.

Re: Problem login to administrator back

Posted: Mon Dec 02, 2019 10:46 am
by michalsX
This happened after the last joomla update (I think), because I log in once a month as admin and change one article. Recently it was ok. Currently I can't enter any login details and I'm redirected to contact form.
I have currently changed the article by changing directly in the database.
Maybe I can reinstall joomla without losing data and connection to the database?

Re: Problem login to administrator back

Posted: Mon Dec 02, 2019 9:59 pm
by AMurray
Suggest you restore from your last backup (before the Joomla update). You did take a backup before updating.... ??? If you used Akeeba Backup, it has a plugin that automatically does the backup before updating the core. Very handy. If you use Akeeba already look for a plugin called "Backup on Update"; I don't know if it's enabled by default.

Personally I've not had the problem you experienced. It just seems weird that it would direct to the *contact form*

Typical behaviour of some security tools is where (on not providing the correct credentials) the site redirects to the front-end home page (but not specifically to a contact form).

I did ask you to post the FPA report, so please do so, it may help shed further light on this matter.
https://forumpostassistant.github.io/docs/.

Normally I'd say refresh the system files, within Joomla from the Joomla Update component but since you can't get into the admin, it that may be more complicated.

Try these on a copy of your site:

Backup the database (phpMyAdmin); copy the joomla system files to a new folder; restore the DB backup to a new database; reconnect the db through the configuration.php file. Check that the site works (browse front-end); then;

Either:

(1) Download a fresh copy of the download package of Joomla (the current version you're using), and unzip a copy of those system files into the same folder to overwrite them. Make sure the db connection works afterwards. This shouldn't affect any other existing extension folders (3rd party) it overwrites only the core files. If you can then get into the admin, you might need to run the "Fix Database" or similar routines.

OR

(2) Still on the copy of the site, check any security extensions that are possibly contributing to this redirect, disable the plugins (change status column of the plugin table(s) from "1" to "0", direct in the database), and also check your .htaccess file for any redirect commands.

Re: Problem login to administrator back

Posted: Thu Dec 05, 2019 8:18 am
by michalsX
Thank You. I will try fix it.

Re: Problem login to administrator back

Posted: Fri Dec 06, 2019 7:59 am
by michalsX
It was a php attack to send spam.
Since I didn't use the contact form, it wasn't protected by google recaptcha.
The following lines have been added to the .htaccess file:
-----
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteRule .* /index.php\?option\=com\_contact\&view\=contact\&id\=1 [R=301,L]
</IfModule>
-----
Conclusions:
Even if you don't use the contact form, you should secure your site with google recaptcha.