Problems logging into my site

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
JanHolbo
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Nov 20, 2009 11:10 pm
Location: Camberwell, London
Contact:

Problems logging into my site

Post by JanHolbo » Mon Jul 22, 2019 12:36 pm

Hi all!

Up front I would like to say Thank You! for any help you are able to give me!

I am having problems logging into my web site both front and backend.

I have been using Google two-factor verification. When trying to login, I am just brought back to the login screen on both front and backend. No Errors. When giving a wrong password or security key I get an error corresponding with that.

I finally managed to lock into the backend on my phone by copying the two-factor code and pasting it into the field in the login form. In the backend I can see the logins were successful - I just never came to the console screen.

I have disabled two-factor verifaction temporarily. I can now login to the frontend on my computer but still not get to the console page in the backend although the login is seen as completed when I look at the console on my phone.

Any ideas why this is happening?

I am using 3.9.10 on a hosted linux server


Thanks again!


Jan Rasmussen
Jan Holbo Rasmussen
http://www.kaddu.dk

JanHolbo
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Nov 20, 2009 11:10 pm
Location: Camberwell, London
Contact:

Update - Re: Problems logging into my site

Post by JanHolbo » Mon Jul 22, 2019 1:08 pm

Seems it makes a difference whether I include www. or not:

https://sitename.tld Works
https://www.sitename.tld Does not work

This means that I can put 2-factor verification back on (phew) and I can get into my site, but I do not understand why this is not working?

Jan
Jan Holbo Rasmussen
http://www.kaddu.dk

JanHolbo
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Nov 20, 2009 11:10 pm
Location: Camberwell, London
Contact:

More info - Re: Problems logging into my site

Post by JanHolbo » Mon Jul 22, 2019 1:28 pm

More info:

I have recently changed the site setup (in the hosting console) to force https. Looking at the files I now have a .htaccess and .htaccess.txt as well as web.config and web.config.txt.

Which of these would be live and which is the backup? The .txt files has the newest datestamp.

I would really appreciate any pointers


Jan
Jan Holbo Rasmussen
http://www.kaddu.dk

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26198
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Problems logging into my site

Post by Per Yngve Berg » Mon Jul 22, 2019 1:36 pm

The .htaccess is the active for Apache webserver, web.config for IIS and none of them for Nginx.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37555
Joined: Sat Apr 05, 2008 9:58 pm

Re: Problems logging into my site

Post by Webdongle » Mon Jul 22, 2019 1:41 pm

On linux it's the .htaccess
Why you would have a web.config is a mystery because web.config.txt is only needed to be renamed to that on windows servers.

Make sure the .htaccess is the Joomla .htaccess.

Change

Code: Select all

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
to

Code: Select all

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
########## Begin - Redirect non-www to www
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
## If the above throws an HTTP 500 error, swap [R=301,L] with [R,L]
########## End - Redirect non-www to www
## End - Custom redirects
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
bruno28
Joomla! Explorer
Joomla! Explorer
Posts: 382
Joined: Wed May 16, 2012 5:41 am
Location: Chartres, France
Contact:

Re: More info - Re: Problems logging into my site

Post by bruno28 » Mon Jul 22, 2019 1:47 pm

JanHolbo wrote:
Mon Jul 22, 2019 1:28 pm
More info:

I have recently changed the site setup (in the hosting console) to force https. Looking at the files I now have a .htaccess and .htaccess.txt as well as web.config and web.config.txt.

Which of these would be live and which is the backup? The .txt files has the newest datestamp.

I would really appreciate any pointers

Jan
Hello Jan

is it the website related to your signature ?

The .htaccess file is the one which is effective on your site

Can you verify if there is something like that inside :

Code: Select all

# Redirection vers https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Redirection vers www
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You can copy this one

Bruno
Cordialement, Bruno28 :)
Joomla! 3.9.13 - php 7.3
https://www.bp2i.fr/ - https://www.moneglisesurle.net/

User avatar
bruno28
Joomla! Explorer
Joomla! Explorer
Posts: 382
Joined: Wed May 16, 2012 5:41 am
Location: Chartres, France
Contact:

Re: More info - Re: Problems logging into my site

Post by bruno28 » Mon Jul 22, 2019 1:50 pm

too late for me :(
Cordialement, Bruno28 :)
Joomla! 3.9.13 - php 7.3
https://www.bp2i.fr/ - https://www.moneglisesurle.net/

JanHolbo
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Nov 20, 2009 11:10 pm
Location: Camberwell, London
Contact:

Re: More info - Re: Problems logging into my site

Post by JanHolbo » Tue Jul 23, 2019 11:47 am

bruno28 wrote:
Mon Jul 22, 2019 1:47 pm
JanHolbo wrote:
Mon Jul 22, 2019 1:28 pm
I have recently changed the site setup (in the hosting console) to force https. Looking at the files I now have a .htaccess and .htaccess.txt as well as web.config and web.config.txt.
Hello Jan

is it the website related to your signature ?

The .htaccess file is the one which is effective on your site

Can you verify if there is something like that inside :

Bruno
Thanks Bruno!

Yes it is the site related to my signature. I was trying to be cautious and not reveal to much and then I noticed my sig - sigh :-)

I will have to have a closer look at the file but I think something similar is there in addition to a few rewrite rules. I will look at it later today.

Jan
Jan Holbo Rasmussen
http://www.kaddu.dk

JanHolbo
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Fri Nov 20, 2009 11:10 pm
Location: Camberwell, London
Contact:

Re: Problems logging into my site

Post by JanHolbo » Tue Jul 23, 2019 11:54 am

Webdongle wrote:
Mon Jul 22, 2019 1:41 pm
On linux it's the .htaccess
Why you would have a web.config is a mystery because web.config.txt is only needed to be renamed to that on windows servers.

Make sure the .htaccess is the Joomla .htaccess.

Change

Code: Select all

## Begin - Custom redirects
## End - Custom redirects
I think both are there because the hosting company (unoeuro.com) offers both .asp and linux servers.

The question is then. Would there be any positive effect of leaving the windows server files there. Would that perhaps confuse a would be hacker into believing that this might be an iis server and launch his windows toolkit on the linux server having no effect other than wasting the hackers time?

Or should I just delete them?


Thanks again to everyone who has helped!


Jan
Jan Holbo Rasmussen
http://www.kaddu.dk

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37555
Joined: Sat Apr 05, 2008 9:58 pm

Re: Problems logging into my site

Post by Webdongle » Tue Jul 23, 2019 11:58 am

https://sitecheck.sucuri.net shows clean

Your site without the www shows your facebook likes but the site accessed with www does not. Perhaps you are hard coding the url in a 3rd party extension?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein


Post Reply

Return to “Security in Joomla! 3.x”