Backend wide open Topic is solved
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
With the latest Joomla update the problem is partly solved.
Now, when logging out, I stay logged out.
However, when the security token expires, I gain free access to the backend again. (without logging in)
Now, when logging out, I stay logged out.
However, when the security token expires, I gain free access to the backend again. (without logging in)
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
If this is a structural bug, it is pretty serious.
-
- Joomla! Champion
- Posts: 5932
- Joined: Tue Aug 23, 2005 1:56 pm
- Location: South coast, UK
- Contact:
Re: Backend wide open
It is not a bug in joomla,otherwise we would have heard of this problem before. If you are hosted on godaddy then from many many previous posts on this forum godaddy are notorious for misconfigured servers and their support staff are not the best. An url to your site would be useful as would be the FPA, see viewtopic.php?f=714&t=793531dottedhippo wrote:If this is a structural bug, it is pretty serious.
https://gadsolutions.biz Electrical services
https://electrical-testing-safety.co.uk Testing services
https://electrical-testing-safety.co.uk Testing services
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Last PHP Error(s) Reported :: Forum Post Assistant (v1.3.9) : 18th April 2018 wrote: thrown in D:\appdata\IIS\vhosts\site.nl\httpdocs\joomla\A1\kickstart.php on line 3607
Forum Post Assistant (v1.3.9) : 18th April 2018 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.8.7-Stable (Amani) 18-April-2018
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Writable (666) | Owner: --protected-- . (uid: /gid: ) | Group: --protected-- (gid: ) | Valid For: 3.8
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: 0 | FTP Layer: 0 | Proxy: 0 | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: 0 | SSL: 2 | FrontEdit: 1 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | dbConnection Type: pdomysql | Database Credentials Present: Yes
Host Configuration :: OS: Windows NT | OS Version: 6.3 | Technology: AMD64 | Web Server: Microsoft-IIS/8.5 | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: No | Free Disk Space : 82.24 GiB |
PHP Configuration :: Version: 7.0.29 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: D:\appdata\IIS\vhosts\site.nl\logs\php_errors\site.nl\php_error.log | Last Known Error: 18th April 2018 12:22:15. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 1024M | Max. POST Size: 1024M | Max. Input Time: 900 | Max. Execution Time: 900 | Memory Limit: 512M
MySQL Configuration :: Version: 5.6.36 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 8.64 MiB | #of Tables: 91Detailed Environment :: wrote:PHP Extensions :: Core (7.0.29) | bcmath (7.0.29) | calendar (7.0.29) | ctype (7.0.29) | date (7.0.29) | filter (7.0.29) | hash (1.0) | iconv (7.0.29) | json (1.4.0) | mcrypt (7.0.29) | SPL (7.0.29) | pcre (7.0.29) | Reflection (7.0.29) | session (7.0.29) | standard (7.0.29) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $) | tokenizer (7.0.29) | zip (1.13.5) | zlib (7.0.29) | libxml (7.0.29) | dom (20031129) | PDO (7.0.29) | bz2 (7.0.29) | SimpleXML (7.0.29) | xml (7.0.29) | wddx (7.0.29) | xmlreader (7.0.29) | xmlwriter (7.0.29) | cgi-fcgi () | openssl (7.0.29) | com_dotnet (7.0.29) | curl (7.0.29) | fileinfo (1.0.5) | gd (7.0.29) | gettext (7.0.29) | gmp (7.0.29) | intl (1.1.0) | imap (7.0.29) | mbstring (7.0.29) | exif (7.0.29) | mysqli (7.0.29) | Phar (2.0.2) | pdo_mysql (7.0.29) | PDO_ODBC (7.0.29) | pdo_pgsql (7.0.29) | pdo_sqlite (7.0.29) | soap (7.0.29) | sqlite3 (7.0.29) | xsl (7.0.29) | Zend Engine (3.0.0) |
Potential Missing Extensions :: mysql | suhosin |
Disabled Functions :: dl | exec | passthru | popen | proc_open | shell_exec | system |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) | administrator/logs/ (777) |
Elevated Permissions (First 10) :: administrator/ (777) | administrator/cache/ (777) | administrator/components/ (777) | administrator/components/com_admin/ (777) | administrator/components/com_admin/controllers/ (777) | administrator/components/com_admin/helpers/ (777) | administrator/components/com_admin/helpers/html/ (777) | administrator/components/com_admin/models/ (777) | administrator/components/com_admin/models/forms/ (777) | administrator/components/com_admin/postinstall/ (777) |Database Information :: wrote:Database statistics :: Uptime: 47273 | Threads: 2 | Questions: 2767443 | Slow queries: 0 | Opens: 15375 | Flush tables: 1 | Open tables: 2000 | Queries per second avg: 58.541 |Extensions Discovered :: wrote:Components :: SITE :: WF_AGGREGATOR_DAILYMOTION_TITL (2.6.8) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.8) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.8) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.6.8) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.8) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.6.8) 1 | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.5.8) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.8) 1 | WF_POPUPS_WINDOW_TITLE (2.6.8) 1 | WF_LINK_SEARCH_TITLE (2.6.8) 1 | WF_ANCHOR_TITLE (2.6.8) 1 | WF_ARTICLE_TITLE (2.6.8) 1 | WF_AUTOSAVE_TITLE (2.6.8) 1 | WF_BROWSER_TITLE (2.6.8) 1 | WF_CHARMAP_TITLE (2.6.8) 1 | WF_CLEANUP_TITLE (2.6.8) 1 | WF_CLIPBOARD_TITLE (2.6.8) 1 | WF_CONTEXTMENU_TITLE (2.6.8) 1 | WF_DIRECTIONALITY_TITLE (2.6.8) 1 | WF_EMOTIONS_TITLE (2.6.8) 1 | WF_FONTCOLOR_TITLE (2.6.8) 1 | WF_FONTSELECT_TITLE (2.6.8) 1 | WF_FONTSIZESELECT_TITLE (2.6.8) 1 | WF_FORMATSELECT_TITLE (2.6.8) 1 | WF_FULLSCREEN_TITLE (2.6.8) 1 | WF_HR_TITLE (2.6.8) 1 | WF_IMGMANAGER_TITLE (2.6.8) 1 | WF_INLINEPOPUPS_TITLE (2.6.8) 1 | WF_KITCHENSINK_TITLE (2.6.8) 1 | WF_LAYER_TITLE (2.6.8) 1 | WF_LINK_TITLE (2.6.8) 1 | WF_LISTS_TITLE (2.6.8) 1 | WF_MEDIA_TITLE (2.6.8) 1 | WF_NONBREAKING_TITLE (2.6.8) 1 | WF_PREVIEW_TITLE (2.6.8) 1 | WF_PRINT_TITLE (2.6.8) 1 | WF_SEARCHREPLACE_TITLE (2.6.8) 1 | WF_SOURCE_TITLE (2.6.8) 1 | WF_SPELLCHECKER_TITLE (2.6.8) 1 | WF_STYLE_TITLE (2.6.8) 1 | WF_STYLESELECT_TITLE (2.6.8) 1 | WF_TABLE_TITLE (2.6.8) 1 | WF_TEXTCASE_TITLE (2.6.8) 1 | WF_VISUALBLOCKS_TITLE (2.6.8) 1 | WF_VISUALCHARS_TITLE (2.6.8) 1 | WF_XHTMLXTRAS_TITLE (2.6.8) 1 | com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
Components :: ADMIN :: com_admin (3.0.0) 1 | com_ajax (3.2.0) 1 | Akeeba (6.0.1) 1 | com_arkeditor (2.6) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | TreeLink (1.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Unknown (0.1) 1 | Ark Editor Pro Module (1.0.0) 1 | Ark Editor Control Panel (1.0.0) 1 | Ark Editor Statistical Module (1.0.0) 1 | Ark Editor Update Module (1.0.0) 1 | Ark Editor Vote Module (1.0.0) 1 | com_associations (3.7.0) 1 | BaForms (1.6.5) 1 | com_banners (3.0.0) 1 | com_cache (3.0.0) 1 | com_categories (3.0.0) 1 | com_checkin (3.0.0) 1 | com_config (3.0.0) 1 | com_content (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_cpanel (3.0.0) 1 | com_fields (3.7.0) 1 | com_finder (3.0.0) 1 | com_installer (3.0.0) 1 | com_jaextmanager (2.5.3) 1 | com_jaextmanager (2.6.3) 1 | COM_JCE (2.6.8) 1 | Unknown (-) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_login (3.0.0) 1 | com_media (3.0.0) 1 | com_menus (3.0.0) 1 | com_messages (3.0.0) 1 | com_modules (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_plugins (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_redirect (3.0.0) 1 | com_search (3.0.0) 1 | com_tags (3.1.0) 1 | com_templates (3.0.0) 1 | com_users (3.0.0) 1 | Widgetkit (1.5.9) 1 |
Modules :: SITE :: mod_articles_archive (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_custom (3.0.0) 1 | Facebook Widget Slider (1.1) 1 | Facebook Likebox Slider (5.4) 1 | mod_feed (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_footer (3.0.0) 1 | Custom Inline HTML (1.0) 1 | mod_languages (3.5.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | qlform (10.3.8) 1 | mod_random_image (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_search (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_tags_similar (3.1.0) 1 | Twitter Widget Slider (1.0) 1 | mod_users_latest (3.0.0) 1 | mod_whosonline (3.0.0) 1 | Widgetkit (1.0.0) 1 | Widgetkit Twitter (1.0.0) 1 | mod_wrapper (3.0.0) 1 |
Modules :: ADMIN :: Ark Editor Pro Module (1.0.0) 1 | Ark Editor Control Panel (1.0.0) 1 | Ark Editor Statistical Module (1.0.0) 1 | Ark Editor Update Module (1.0.0) 1 | Ark Editor Vote Module (1.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_sampledata (3.8.0) 0 | mod_stats_admin (3.0.0) 1 | mod_status (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_title (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_version (3.0.0) 1 |
Templates Discovered :: wrote:Templates :: SITE :: beez3 (3.1.0) 1 | protostar (1.0) 1 | purity_III (1.2.1) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 |
Last edited by toivo on Wed Apr 18, 2018 6:48 pm, edited 1 time in total.
Reason: mod note: disabled smilies in Options for readability
Reason: mod note: disabled smilies in Options for readability
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Thanks people I hope we can find something!
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
irrelevant of any of the multitude of issues that are shown in the FPA that I am sure others will point out. There is NO POSSIBLE way no matter what the settings or the host that anyone can access the admin of joomla unless they log in. Just because you can on your computer does not mean that anyone else can.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Thanks brian, that is reassuring.
BTW, I changed the name of my website to site.nl in my FPA post above.
Following the FPA output I have no clue what I should do... hope you guys can help...!
BTW, I changed the name of my website to site.nl in my FPA post above.
Following the FPA output I have no clue what I should do... hope you guys can help...!
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Still, if an administrator logs in, does some, logs out, and walks, and then someone sits at the computer and can gain access to the backend just like that, that seems pretty serious to me!brian wrote:There is NO POSSIBLE way no matter what the settings or the host that anyone can access the admin of joomla unless they log in.
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
if they log out then the next person would need to login
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
That is exactly the point of this thread: they don't! On the same machine, that is.brian wrote:if they log out then the next person would need to login
They gain access while nobody is logged in!
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
i can not replicate that at all. if i click on logout then the only way i can access the admin is to login again
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Ik could replicate it on my desktop as well as on my laptop.
BTW, sometimes it happens after reloading the login screen about ten times.
Only erasing the cookies helps.
Does the FPA output throw any suggestions here?
BTW, sometimes it happens after reloading the login screen about ten times.
Only erasing the cookies helps.
Does the FPA output throw any suggestions here?
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Is there nothing wrong with the FPA report above?
- JAVesey
- Joomla! Hero
- Posts: 2635
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: Backend wide open
Where to start... your site is wide open to hackers with the "777" folder permissions. If weren't hacked when you started this thread then there's a good chance that you have been by now.dottedhippo wrote:Is there nothing wrong with the FPA report above?
Your configuration.php is also vulnerable with "666" permissions.
Folders should be "755"
Files should be "644"
configuration.php should be "444"
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
My hosting provider explicitly told me that the permissions should be full, and that access from visitors is still read-only. But I will check with them again. BTW, it runs on an IIS server if that makes any difference.
Is there more?
Is there more?
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
I would be worried about an extension that calls itself don't by our kitchens
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I will probably have to start from scratch again with this site, right?
- AMurray
- Joomla! Exemplar
- Posts: 9713
- Joined: Sat Feb 13, 2010 7:35 am
- Location: Australia
Re: Backend wide open
I just realised from the FPA, it notes the web server being IIS and O/S Windows. Since file permissions aren't set the way they are in Linux, perhaps the permissions shown (666, 777 etc) are not the problem (or not as serious as first thought?).JAVesey wrote:Where to start... your site is wide open to hackers with the "777" folder permissions. If weren't hacked when you started this thread then there's a good chance that you have been by now.dottedhippo wrote:Is there nothing wrong with the FPA report above?
Your configuration.php is also vulnerable with "666" permissions.
Folders should be "755"
Files should be "644"
configuration.php should be "444"
Since the server is IIS, the O/S is Windows, should this thread not be on the viewforum.php?f=717 forum for Windows/IIS? Perhaps experts using IIS/Windows can help where most of us are probably using Linux/Apache.
Regards - A Murray
General Support Moderator
General Support Moderator
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Backend wide open
I've watched this saga unfold and continue without resolution over time and I think we can conclude a few things:
1) The problem relates to a "website" (if it's possible to categorise an under-development experiment on a PC-hosted system that not connected to the internet as a real website), operating an unspecified AMP stack. In this regard, I would refer readers of this topic to viewtopic.php?f=48&t=925348
2) @brian mentions the kitchen extension which is part of the JCE Editor component. It's called the "k*tchen sink".
3) If the backend is "wide open", the FPA shows that it's exposed to users on the LAN (because the site is not connected to the internet). In the interests of the OP, if there's a problem elsewhere then the FPA for a [PC-hosted] website is useless.
4) If any "webhosting provider" to explicitly advised me that "the permissions should be full" then I would be changing webhosting providers in an instant! What utter rubbish! On the other hand, it's not my website and it's not my business and I'm thankful I don't have this question to deal with.
5) No-one else can reproduce this issue. Therefore, the problem affects one person.
If this were my website I would start again using a reliable Joomla installation package—there is only one reliable way to install Joomla—and I would be considering switching over to a reputable webhosting provider.
1) The problem relates to a "website" (if it's possible to categorise an under-development experiment on a PC-hosted system that not connected to the internet as a real website), operating an unspecified AMP stack. In this regard, I would refer readers of this topic to viewtopic.php?f=48&t=925348
2) @brian mentions the kitchen extension which is part of the JCE Editor component. It's called the "k*tchen sink".
3) If the backend is "wide open", the FPA shows that it's exposed to users on the LAN (because the site is not connected to the internet). In the interests of the OP, if there's a problem elsewhere then the FPA for a [PC-hosted] website is useless.
4) If any "webhosting provider" to explicitly advised me that "the permissions should be full" then I would be changing webhosting providers in an instant! What utter rubbish! On the other hand, it's not my website and it's not my business and I'm thankful I don't have this question to deal with.
5) No-one else can reproduce this issue. Therefore, the problem affects one person.
If this were my website I would start again using a reliable Joomla installation package—there is only one reliable way to install Joomla—and I would be considering switching over to a reputable webhosting provider.
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
Good spot about jce I didn't know about it as I stopped using it a few years ago
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Yes, and I already requested that but oddly enough the mod didn't move my topic there...AMurray wrote:Since the server is IIS, the O/S is Windows, should this thread not be on the viewforum.php?f=717 forum for Windows/IIS? Perhaps experts using IIS/Windows can help where most of us are probably using Linux/Apache.
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I checked with the hosting provider and they confirm that Unix-like access rights do not apply to IIS servers. So that is ok.dottedhippo wrote:My hosting provider explicitly told me that the permissions should be full, and that access from visitors is still read-only. But I will check with them again. BTW, it runs on an IIS server if that makes any difference.
And now, since my topic has moved here, does anyone in the business of IIS have a clue what is wrong with my site?
Thanks!
-
- Joomla! Champion
- Posts: 5932
- Joined: Tue Aug 23, 2005 1:56 pm
- Location: South coast, UK
- Contact:
Re: Backend wide open
An url to the site would help.
https://gadsolutions.biz Electrical services
https://electrical-testing-safety.co.uk Testing services
https://electrical-testing-safety.co.uk Testing services
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Why would it help?gws wrote:An url to the site would help.
-
- Joomla! Champion
- Posts: 5932
- Joined: Tue Aug 23, 2005 1:56 pm
- Location: South coast, UK
- Contact:
Re: Backend wide open
Because source code can be examined .
https://gadsolutions.biz Electrical services
https://electrical-testing-safety.co.uk Testing services
https://electrical-testing-safety.co.uk Testing services
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
I am more than happy top try and replicate this "issue" on your site. If you want to send me an admin login to your site via private message I will take a look.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
I have sent you a PM, Brian.brian wrote:I am more than happy top try and replicate this "issue" on your site. If you want to send me an admin login to your site via private message I will take a look.
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
I tried with three different web browsers and as expected i could not replicate this
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Intern
- Posts: 75
- Joined: Wed Aug 29, 2012 7:41 pm
Re: Backend wide open
Thank you Brian, much appreciated.brian wrote:I tried with three different web browsers and as expected i could not replicate this
So how do I approach my problem?
(Did you reload at least ten times?)
- brian
- Joomla! Master
- Posts: 12785
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Backend wide open
Yes I did everything you suggested.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/