Backend wide open Topic is solved
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Backend wide open
After installing a backup with akeeba, all seemed to work fine. But I got the scare of my life when I discovered the backend was open without a password! Also, no users were shown to be logged in, hower the backend was wide open! What is happening here???
Last edited by toivo on Fri Apr 20, 2018 9:41 pm, edited 1 time in total.
- toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Backend wide open
That sounds unusual. Which version of Joomla and Akeeba Backup?
Which method did you use to restore? Did you remove the old file system first?
Which method did you use to restore? Did you remove the old file system first?
Toivo Talikka, Global Moderator
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I used kickstart 5.4.2. It is the newest version of Joomla (I can't read off the version for I have no access to the back end in the broken version I use now).
I followed the defaults except for the database used.
It was a clean install, with only some basic files from my hosting provider, and the kickstart and archive files.
But the strange thing is: this should NEVER be possible, right?
I followed the defaults except for the database used.
It was a clean install, with only some basic files from my hosting provider, and the kickstart and archive files.
But the strange thing is: this should NEVER be possible, right?
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I am not kidding!!
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Could it be a hack attack?
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Backend wide open
can you send me in Private message you admin url?
Leo
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Backend wide open
What did you then mean by "the back end was wide open" if you cannot access the back end? Was the login prompt not presented after Kickstart finished?dottedhippo wrote: I have no access to the back end in the broken version I use now
Which basic files?dottedhippo wrote:It was a clean install, with only some basic files from my hosting provider
Toivo Talikka, Global Moderator
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Backend wide open
@toivo "Godaddy files" uhhhhhhhhhhh
Leo
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I would like to, but I can't leave the site online in this state, you know.leolam wrote:can you send me in Private message you admin url?
Leo
I was restoring a backup because the old site was broken, that is, I can't login the backend.toivo wrote:What did you then mean by "the back end was wide open" if you cannot access the back end? Was the login prompt not presented after Kickstart finished?dottedhippo wrote: I have no access to the back end in the broken version I use now
The restored backup had a different problem, namely that the backend stayed open for everyone!
.user.initoivo wrote:Which basic files?dottedhippo wrote:It was a clean install, with only some basic files from my hosting provider
web.config
App_data (folder)
(My provider hosts applications optionally - these files have never caused me problems)
I discovered yesterday that my browser (Chrome) was slow and faulty. So maybe something went wrong during installation.
Also, today I will try a different backup version.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
There might be problems with my hosting provider (who are on vacation this weekend ), and/or with my browser. Also, the .htaccess file I used during installation probably got overwritten, thereby exposing the website during installation.
Such things make me crazy!
So how do I gain exclusive access rights to my webserver space for the purpose of installation??
Such things make me crazy!
So how do I gain exclusive access rights to my webserver space for the purpose of installation??
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Now the backend was also open on the old site.
I need to know how I can restore a backup with akeeba while no one else has public access to my site!
Does anyone know how to do this?
I need to know how I can restore a backup with akeeba while no one else has public access to my site!
Does anyone know how to do this?
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I seems that the problem is local. Somehow, since I use SSL, something goes wrong with my cookies?
It seems that only my own PC had access to the backend, and it is not wide open. However, I can't seem to log out.
Except after time out, I stay logged out. Or when I use the logout-url twice.
It seems that only my own PC had access to the backend, and it is not wide open. However, I can't seem to log out.
Except after time out, I stay logged out. Or when I use the logout-url twice.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I don't mind a joke. As long as my problem is taken seriously.leolam wrote:@toivo "Godaddy files" uhhhhhhhhhhh
Leo
- AMurray
- Joomla! Exemplar
- Posts: 9711
- Joined: Sat Feb 13, 2010 7:35 am
- Location: Australia
Re: Backend wide open
Just joining this conversation with my 2 cents.......
Assume this was done, but if not - you need to remove all previous site files. That would eliminate your concern about people seeing the site while you're restoring -there won't be a site for them to see, until restoration is done.
Have you tried to clear the sessions cookies from your browser.
Is this thing with the admin happening in all browsers?'
Can you restore the site, on your own PC (which would not permit the site access to the world) - use XAMPP or similar and get a copy of the site running and see if you have the same issues? Use the same JPA and Kickstart to do that.
When you do a backup and restore, you need to start with a clean slate so to speak (that is, nothing in the folder on your hosting space you are restoring to except the kickstart.php and the JPA archive files.dottedhippo wrote:Now the backend was also open on the old site.
I need to know how I can restore a backup with akeeba while no one else has public access to my site!
Does anyone know how to do this?
Assume this was done, but if not - you need to remove all previous site files. That would eliminate your concern about people seeing the site while you're restoring -there won't be a site for them to see, until restoration is done.
Have you tried to clear the sessions cookies from your browser.
Is this thing with the admin happening in all browsers?'
Can you restore the site, on your own PC (which would not permit the site access to the world) - use XAMPP or similar and get a copy of the site running and see if you have the same issues? Use the same JPA and Kickstart to do that.
Regards - A Murray
General Support Moderator
General Support Moderator
- AMurray
- Joomla! Exemplar
- Posts: 9711
- Joined: Sat Feb 13, 2010 7:35 am
- Location: Australia
Re: Backend wide open
My comment about ".....nothing in the folder you're restoring to....." means any previous joomla files. Anything already there that's part of the hosting can stay since it doesn't have any direct connection with joomla.
(just to be clear).
(just to be clear).
Regards - A Murray
General Support Moderator
General Support Moderator
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I start with a brand new empty folder (except for the provider files).AMurray wrote:My comment about ".....nothing in the folder you're restoring to....." means any previous joomla files. Anything already there that's part of the hosting can stay since it doesn't have any direct connection with joomla.
(just to be clear).
If I put kickstart and the necessary files there, then kickstart is out in the open. Furthermore, the site is reachable during installation by any visitors, because I have to have acces from my computer at home, everyone has access. I don't want that, so I put a .htaccess file there to restrict access to my own IP only. However, this .htaccess file gets overwritten during installation. There must be a method that works, right? I wonder what it is!
By the way I managed to restore a backup and change my root password so everything should work. Futhermore my provider seems to have (had) some problems with their system.
- toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Backend wide open
The backup archive can be password protected to block visitors from accessing your site while it is being restored. The password is set in the field 'ANGIE Password' under Advanced configuration of Akeeba Backup.dottedhippo wrote:the site is reachable during installation by any visitors, because I have to have acces from my computer at home, everyone has access.
Toivo Talikka, Global Moderator
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Thank you, toivo, I have to examine that.
I also got another possible solution from my hosting provider, and that is password protect the folder in which I want to install.
I also got another possible solution from my hosting provider, and that is password protect the folder in which I want to install.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
BTW, Chrome behaves very strange sometimes. IE is not much better.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I can make use of the folder-password-protect option of my hosting provider. I hope that solves it.dottedhippo wrote:I start with a brand new empty folder (except for the provider files).AMurray wrote:My comment about ".....nothing in the folder you're restoring to....." means any previous joomla files. Anything already there that's part of the hosting can stay since it doesn't have any direct connection with joomla.
(just to be clear).
If I put kickstart and the necessary files there, then kickstart is out in the open. Furthermore, the site is reachable during installation by any visitors, because I have to have acces from my computer at home, everyone has access. I don't want that, so I put a .htaccess file there to restrict access to my own IP only. However, this .htaccess file gets overwritten during installation. There must be a method that works, right? I wonder what it is!
By the way I managed to restore a backup and change my root password so everything should work. Futhermore my provider seems to have (had) some problems with their system.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Could it have anything to do with restoring the backup in a different folder?
I noticed the tmp directory in the Joomla Settings displayed the old directory. Also, the Akeeba output directory displayed the old value.
If I change the values to the correct ones, nothing changes. Joomla keeps using the old folders.
When I logout the backend, and reload about 5 times, the fifth time suddenly I have access again without logging in. It seems that this is local, so other users don't have access to the backend.
If I copy the logout url and enter it twice in my browser, so that I logout twice, then de logout seems to be definite.
I noticed the tmp directory in the Joomla Settings displayed the old directory. Also, the Akeeba output directory displayed the old value.
If I change the values to the correct ones, nothing changes. Joomla keeps using the old folders.
When I logout the backend, and reload about 5 times, the fifth time suddenly I have access again without logging in. It seems that this is local, so other users don't have access to the backend.
If I copy the logout url and enter it twice in my browser, so that I logout twice, then de logout seems to be definite.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I installed the backup in the original folder, and the system seems to work well now.
I noticed that during installation with kickstart there are a number of folders you can fill out. So I suspect that if I install the backup in a different folder, I have to submit this folder at some place(s) during installation.
I noticed that during installation with kickstart there are a number of folders you can fill out. So I suspect that if I install the backup in a different folder, I have to submit this folder at some place(s) during installation.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Turns out you have to check the box in ANGIE that copies the correct folder values in the appropriate inputboxes. Otherwise the values that came with the archive are used, that is: the old values.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Nope. Problem is back again after having used .htaccess file.
Help?
Help?
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
A local specific erase of the cookies of my site in my browser seems to work....
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Made a fifth restore. Clearing the cookies specifically and not messing with the .htaccess file seems to keep the terror out. If you make one wrong mistake in the .htaccess file you seem to get punished by having to reinstall everything!
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Having said that, the backend is wide open again. The only thing that works is copying the logout link and enter it twice in succession in my browser bar. I think I will switch to Wordpress.
- toivo
- Joomla! Master
- Posts: 17426
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Backend wide open
The issues you describe are rather unusual and could be a combination of the hosting platform and unfamiliarity with tools like Akeeba Backup, which is a de facto standard for many Joomla webmasters.
Here are a couple of observations, which may unfortunately come too late. Many websites work perfectly all right with the standard .htaccess. Any mistakes causing a syntax error in the .htaccess file, then leading into an HTTP 500 error, can be solved by restoring just the .htaccess file from a copy, rather than having to restore the whole site.
Here are a couple of observations, which may unfortunately come too late. Many websites work perfectly all right with the standard .htaccess. Any mistakes causing a syntax error in the .htaccess file, then leading into an HTTP 500 error, can be solved by restoring just the .htaccess file from a copy, rather than having to restore the whole site.
Toivo Talikka, Global Moderator
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Try this:
- Log in to your backend
- Log out immediately again
- Reload the blue login page ten times with the reload button of the browser.
I most cases, I gain access to the backend again without logging in. When I log out again, I can perform the trick again.
Only when I clear my cookies the leak gets stopped and I don't gain free access anymore.
I wonder if anyone can reproduce that, or else something is wrong with my site and I don't know what.
Thanks in advance.
- Log in to your backend
- Log out immediately again
- Reload the blue login page ten times with the reload button of the browser.
I most cases, I gain access to the backend again without logging in. When I log out again, I can perform the trick again.
Only when I clear my cookies the leak gets stopped and I don't gain free access anymore.
I wonder if anyone can reproduce that, or else something is wrong with my site and I don't know what.
Thanks in advance.