Username changed and can't log in (sql injection?) and what do i do?

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
lip420
Joomla! Guru
Joomla! Guru
Posts: 510
Joined: Thu Feb 17, 2011 6:13 am

Username changed and can't log in (sql injection?) and what do i do?

Post by lip420 » Thu Feb 11, 2021 3:32 pm

So I can't log in to my site. I went into the database xtc_users and saw my user and email has a different username.

What do I do?

this has to be some hack or something. Server company mentioned sql injection.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Username changed and can't log in (sql injection?) and what do i do?

Post by abernyte » Thu Feb 11, 2021 4:31 pm

If you have been hacked, there is no short or easy option. If you follow all of the steps in viewtopic.php?f=714&t=946026 you will restore your site to a clean state or you can restore your site now from a known clean backup if you have one.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

helpwithjoomla
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 154
Joined: Sat Sep 21, 2019 7:29 pm
Contact:

Re: Username changed and can't log in (sql injection?) and what do i do?

Post by helpwithjoomla » Sat Feb 13, 2021 6:09 pm

To restore your login you should be able to manually edit the record in the database via phpmyadmin or some similar tool and enter new info for your user. Of course you must be careful manually editing the database! Back it up first.

To clean the site consider using sucuri.net. They are good at cleaning hacked sites.
Joomla Developers Available To Help With Joomla!
https://www.helpwithjoomla.com

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44024
Joined: Sat Apr 05, 2008 9:58 pm

Re: Username changed and can't log in (sql injection?) and what do i do?

Post by Webdongle » Sat Feb 13, 2021 6:28 pm

Use phpmyadmin to remove the erroneous users.
Follow the instructions on the post @abernyte linked to

Once you have deleted ALL the folders from your site
Use method #2 from https://docs.joomla.org/How_do_you_reco ... 2secret%22.
Then rebuild as instructed

The longer you leave it before you delete ALL the folders/files, the more chance there is that they will had hack code to your Articles.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".


Locked

Return to “Security in Joomla! 3.x”