Someone changed my Joomla Administrator password. How is that possible because only I have all cpanel details. But I found several unwanted entries in my data base table. Is it hacking or something, please guide me.
Probably your website has been hacked.
Do you have any components/modules/plugins from third parties? They can have some vulnerabilities that had been exploited by someone (already happened to me).
Related
I'm using magento 1.9, and made sure that my var and media folder's permissions are on 777.
I can't seem to login into the admin panel even with the correct login details.
The problem seems to be frequent in many installation,i guess it the the cookie problem.
Have a look at the link below it may solve the issue.
https://www.facebook.com/notes/rohit-patel/after-installing-magento-cant-log-in-to-admin-panel/256699557722386
If the above link doesnot help try following the answer that i have provided in below link this should work.
Magento Can't login to my account on ios server
Hope this will help.
I know that that similar issues and topics exist, however my issue differs slightly and none of the proposed fixes have worked.
I was accessing the Magento backend as normal. Approximately 10 minutes after that I could no longer access the Magento backend.
What I mean is that when I go to the admin url login page, I get a 404. However the 404 isn't generated by my host, it's generated by my webstore.
Everything about my webstore works as normal.
I've seen a number of fixes, mainly this one...
http://www.magentocommerce.com/boards/viewthread/207981/#t274443
I have a few main issues.
Admin Custom URL had been set (but not by me). It was set over a year ago when Magento was installed. It worked entirely fine until today.
I do not even have "admin/url/custom" and "admin/url/use_custom" in my "core_config_data" PHP table. It simply does not exist so I cannot change it. I looked manually for it and did a search for it. Nothing.
I tried updating the local.xml file and clearing "var/caches" and "var/sessions" but that did not work either.
I've been working this for hours and it's beyond frustrating. It's imperative that this be fixed ASAP because we are a fairly sizeable company.
Thanks ahead for helping. Anything at all would be appreciated.
First Check your Apache configurations
I know that you said you were only in the Magento admin but I would first check that apache was configured correctly. This is the first point of contact and you need to ensure that it's working right.
You need to locate a default Magento htaccess file that you can upload to your server. There's additional configurations that you need to make if you're in a subdirectory and also check to make sure that your mod_rewrite is working properly. There's an extensive tutorial on these things here, magento htaccess.
Make sure that you have the right magento admin url
I have to assume that you know what your magento admin url is, but of course I would double check that you're getting it right. There is an option in the admin area to change the admin url, you could have adjusted that on accident.
You say that you don't have "admin/url/custom" and "admin/url/use_custom" in your core_config_data table. This actually means that you didn't set the magento admin url from the admin area. However there is a third place that you can look for your admin url. This is in app/etc/local.xml but you couldn't have changed this from the administration area.
Did you turn off search engine friendly urls?
If you had been accessing your administrative area using /admin and then accidentally turned off SEF urls, then your admin area could have just simply moved to /index.php/admin. Of course you mentioned that you have a custom admin url, but I don't know what that is, so I'm giving examples with the default.
I can't really give you any more suggestions without more information. I hope that this helps!
Found this and thought I would post here since it shows up in google.
http://sourcelibrary.org/2011/05/19/magento-404-page-not-found-error-for-admin-panel-access/#comment-8444
Unfortunately today I got my Joomla 1.5 site hacked- the index.php has been overwritten and I've found as well a php script which does something nasty with the config.php file.
I've changed the FTP password, however since the config.php file contains as well the database user/password I'd like to change it as well. What is the right place to change it ? should I change it just in config.php or somewhere else ?
Changing the database password must be done via your hosting cPanel and then in the config.php.
Once you have done this, I would suggest upgrading to Joomla 2.5 as it is far more secure and has more features. You should also consider installing some security extensions. I answered a question regarding security which you can find in the link below:
Joomla! 2.5.4 Hacked: Having trouble with diagnosis
Here is also another bit of information I added regarding why keeping your Joomla version up to date is a good idea, if you don't already:
Why should I keep my Joomla version up to date?
Hope this helps
My client has Joomla! ver 1.5.14 installed on the remote server. I logged in using the url /administrator/ with login 'admin'. When landed on the admin page after successful login, I observed that the top menu has only two elements, Site and Help. All other elements like Menus, Content, Components, Extensions etc are not there.
Also I do not find any way to access those elements (menus, components). There are not icons on the screen to access them.
Could someone please help me figure out this issue?
Thanks in advance
Regards,
MulC
EDIT:
Following is the screenshot of the admin page
http://postimage.org/image/youvqynh7/
user admin belogs to the group 'Super Administrator'
Thank you
It's very strange that this should happen unless your client has been fiddling with the core Joomla files or database tables.
Update the site to the latest version of the 1.5 series (1.5.26)
Download the full Joomla package, extract the administrator, components, includes, libraries, modules and plugins folder, zip them up and upload to the server, replacing the current folder. Not to worry, this will only override the core files which I assume haven't been edited.
Try downloading and installing another admin template.
Else the only other thing I can think of is reconstructing the website which might take a while, depending on the amount of work that went into it.
In Joomla! 1.5.x a common security step was to create an alternate "super user" and downgrade the default admin account to a standard registered. Due to issues in early versions of 1.5 though it wasn't recommended to delete or disable this account.
This sounds like what is going on with your admin account.
You can check this by looking at the database checking the table jos_users look for the username admin and see what it's usertype is set to. At the same time look for a user that has an usertype of Super Administrator (yes, really the words Super Administrator).
Once you have the username of the Super Administrator, you will need to find the password. If the client doesn't know it then you will have to recover the admin password.
For some reason, when I log into my joomla 1.6 backend, it is now empty, displaying only a logout button. Any Ideas?
I just went through the same problem but on J!1.7.3. There may be many, many reasons but please check using just URL if you can see for example:
[YourDomainHere]/administrator/index.php?option=com_content or
[YourDomainHere]/administrator/index.php?option=com_modules
If content is listing and you're missing just Admin-menu and sub-navigation in back-end --> this means you messed-up with access levels and viewing access.
If you can't see content listing - ignore the rest of this post :-)
...with access levels and viewing access. To check that, try entering [YourDomainHere]/administrator/index.php?option=com_users&view=levels and enter each position in the list. Joomla backend navigation module usually has Access set to Special, so focus on this one. When enter Special - manager, author and super administrator should be ticked. If everything empty in any from the list - this is your issue :)
You need to add manager, author and super administrator to your Special access level. Obviously you can't see Save button, so you need to use database. [wrrr :) sounds scary?] Not a big deal, just go there using for example phpMyAdmin and find _viewlevels table. In there just edit Special and add [6,2,8] values to set up manager, author, super.....
Update database. Try to log-in one more time (close browser and clean cache before).
I hope if this wasn't helpful for you, will be for somebody else.
p.s. There may be a way of 'saving' changes in you joomla access levels with URL. Then you don't need to go to DB .. but I don't know if this is feasible at all :)
Check the rewrite of htaccess and the $mosConfig_absolute_path variable in config.php
Apparently, the Bluestork Template (admin template) has some security issues. In my case there were some missing files in the template folder /administrator/templates/bluestork/ that caused the administrator screen to appear blank. I've copied a clean version of the template in the bluestork folder and after that I was able to see the backend admin area.
I've removed the bluestork templates entirely for now, which seems to be the best option. Joomla installs 2.5.8, 2.5.6, 2.5.2, 1.7.0, 1.6.3 are affected. The Blustork Template is a target for hacks with old Joomla.
this happening becoz of admin user lost his permissions. see below article to fix this issue
http://www.codentalk.com/joomla-admin-showing-blank-page/