-
AuthorPosts
-
September 5, 2008 at 5:01 pm #133002
I am running JA Teline II on top of Joomla 1.5.3. Everything was going along fine as I slowly added new content and replaced the sample content. Then I went away for a week.
When I got back I tried to login and I kept getting told my password or ID was wrong. So even though I was using the same computer with Firefox’s remember password feature on, I went back to my spiral notebook where I write down all of my passwords and user-IDs only to find I was using the right information.
I hadn’t recently added any components/modules/plugins so I’m at a loss for what’s different. I was not experiencing any problems before. And no one had access to my computer nor knows how to login.
I’m clueless. Please help.
tonyg Friendtonyg
- Join date:
- June 2008
- Posts:
- 197
- Downloads:
- 0
- Uploads:
- 8
- Thanks:
- 18
- Thanked:
- 46 times in 27 posts
September 5, 2008 at 6:24 pm #268971Hi
Is this on a live site or on your local computer. If it is on a live site then it sounds like you’ve been hack. On a local computer easy enough to sort out. Give a bit more info on what server you are using and I will try and help.September 5, 2008 at 9:43 pm #269006Thanks TonyG,
I’m live on a Yahoo hosting account. I think Yahoo is using PHP 4.X and an Apache server. I knew I should have printed out my config info.
pdafre4k Friendpdafre4k
- Join date:
- September 2007
- Posts:
- 13
- Downloads:
- 0
- Uploads:
- 0
- Thanks:
- 9
- Thanked:
- 4 times in 3 posts
September 5, 2008 at 11:46 pm #269014reset ur password or just reinstall everything.
and 1.5.1 – 1.5.5 is vunerable update to 1.5.6
and follow this security check list
http://docs.joomla.org/Joomla!_Administrators_Security_Checklisttonyg Friendtonyg
- Join date:
- June 2008
- Posts:
- 197
- Downloads:
- 0
- Uploads:
- 8
- Thanks:
- 18
- Thanked:
- 46 times in 27 posts
September 6, 2008 at 12:02 am #269017Hi
Try this quick way first, this depend on you knowing and having access to the super administrators email.
Use the front end login form. Type in the super administrator user name, (admin) if not changed. Now click on Forgot your password?
The idea here is to invoke Joomla to send you the password. If all is well you should be able to get the password from your email and use you it to get back in. You of course need to change the password after.
Try this first and let me know, if that doesn’t work we try using the database.
September 6, 2008 at 12:43 am #269023Thanks for the security check list. BTW, how do I reset the password. If I reinstall I’m worried that I might lose my content.
September 6, 2008 at 12:54 am #269025<em>@tonyg 78007 wrote:</em><blockquote>Hi
Try this quick way first, this depend on you knowing and having access to the super administrators email.
Use the front end login form. Type in the super administrator user name, (admin) if not changed. Now click on Forgot your password?
The idea here is to invoke Joomla to send you the password. If all is well you should be able to get the password from your email and use you it to get back in. You of course need to change the password after.
Try this first and let me know, if that doesn’t work we try using the database.</blockquote>
Unfortunately I disabled the front end login because there were too many people signing up before we were ready. (I know I should’ve had a test site on my local computer but…).tonyg Friendtonyg
- Join date:
- June 2008
- Posts:
- 197
- Downloads:
- 0
- Uploads:
- 8
- Thanks:
- 18
- Thanked:
- 46 times in 27 posts
September 6, 2008 at 8:00 am #269049Ok lets move on to plan B, lets change the admin password in the database. To do this you will need access to your control panel on your host server. Once you have log into your control panel you can use phpMyAdmin. With phpMyAdmin open you should see your database on the left hand side of the screen.
The password is stored in MySQL database jos_users table password field. Click on jos_users to open the table, now locate the password field. On the right hand side of the password field under the heading Action, click on the first icon (it should say browse distinct values when you mouse over it). You should see admin password now.
The password must be MD5 hashed; you cannot simply enter text into this field.
Set the password to a known value. In this case (secret) below is the MD5 hashed password for secret.
secret = 5ebe2294ecd0e0f08eab7690d2a6ee69
Paste the hashed password into the field, save the change, and log-in using the new password. Immediately change your password to something more secure!Try this first before we move on to the next stage of making your site a bit more secure.
1 user says Thank You to tonyg for this useful post
September 8, 2008 at 1:35 pm #269489<em>@tonyg 78049 wrote:</em><blockquote>Ok lets move on to plan B, lets change the admin password in the database. To do this you will need access to your control panel on your host server. Once you have log into your control panel you can use phpMyAdmin. With phpMyAdmin open you should see your database on the left hand side of the screen.
The password is stored in MySQL database jos_users table password field. Click on jos_users to open the table, now locate the password field. On the right hand side of the password field under the heading Action, click on the first icon (it should say browse distinct values when you mouse over it). You should see admin password now.
The password must be MD5 hashed; you cannot simply enter text into this field.
Set the password to a known value. In this case (secret) below is the MD5 hashed password for secret.
secret = 5ebe2294ecd0e0f08eab7690d2a6ee69
Paste the hashed password into the field, save the change, and log-in using the new password. Immediately change your password to something more secure!Try this first before we move on to the next stage of making your site a bit more secure.</blockquote>
I must be a real dummy. I followed your directions and went to phpmyadmin. I selected the jos_users table, pasted in the secret password you suggested into the default value field, saved the change and tried to login…nothing. I got the same result as before. I even went back to the jos_users table and changed the user name to admin and still nothing.I have no idea what’s wrong. I’m thinking I may need to reinstall and start over. There was some documentation in phpmyadmin that showed me how to use the export tab to create a backup of the database and table.
Before I go any further TonyG, is there anything else you would recommend or else I’m throwing in the towel. Thanks for all of your help.
tonyg Friendtonyg
- Join date:
- June 2008
- Posts:
- 197
- Downloads:
- 0
- Uploads:
- 8
- Thanks:
- 18
- Thanked:
- 46 times in 27 posts
September 8, 2008 at 6:17 pm #269538Hi
That didn’t work because the hacker also changed the Super Admin user name (It appears that way)Follow this link it will show you how to create another Super Admin http://docs.joomla.org/Administration_FAQs_Version_1.0#How_do_I_recover_my_admin_password.3F
Scroll down to How do I recover my admin password?
You need to start again anyway but it will be nice if you can retrieve your contents first.
The following process works for me, it may work for you too. I’ve installed a local server (XAMPP), I complete every site locally first. Locally I install two copies of the same site, one for testing new things on and the other, develop to go live. I installed JoomlaPack on the local and live sites. On live sites I use JoomlaPack to back up the entire site including the database, how regular I back up depends on how regular the site changes. Every backup you make from a live site test restoring it on a local server to ensure it actually works. Always change the Super Admin user name (admin) to anything you want.I’m about to test a new security plugin sounds useful, read more here..http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,5809/Itemid,35/
All the best with the site and keep me posted
felsimedia Friendfelsimedia
- Join date:
- April 2008
- Posts:
- 84
- Downloads:
- 0
- Uploads:
- 0
- Thanks:
- 4
- Thanked:
- 9 times in 1 posts
September 16, 2008 at 9:20 pm #270898also, upgrade to joomla 1.5.7
check joomla.org forum for security issuesgoodluck
cgc0202 Friendcgc0202
- Join date:
- August 2007
- Posts:
- 2244
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 206
- Thanked:
- 262 times in 1 posts
September 17, 2008 at 9:03 pm #271072<em>@lcgrant 77940 wrote:</em><blockquote>I am running JA Teline II on top of Joomla 1.5.3. Everything was going along fine as I slowly added new content and replaced the sample content. Then I went away for a week.
When I got back I tried to login and I kept getting told my password or ID was wrong. So even though I was using the same computer with Firefox’s remember password feature on, I went back to my spiral notebook where I write down all of my passwords and user-IDs only to find I was using the right information.
I hadn’t recently added any components/modules/plugins so I’m at a loss for what’s different. I was not experiencing any problems before. And no one had access to my computer nor knows how to login.
I’m clueless. Please help.</blockquote>
Does Yahoo allow you to have your own Control Panel? There is a C-Panel used by The Planet hosting service that I think allow you to change the admin password.
Or, does Yahoo have technical service that will allow them to change the password? If they do not have technical support, I suggest you change webhosting service.
As suggested by others, if you do not have much content, and all the solutions suggested do not work, it might be much easier to start anew. One of the problems is that you have Joomla 1.5.3 — there are several security upgrades since then. Someone might have hacked your site.
Cornelio
September 18, 2008 at 10:01 pm #271214<em>@felsimedia 80335 wrote:</em><blockquote>also, upgrade to joomla 1.5.7
check joomla.org forum for security issuesgoodluck</blockquote>
Thanks all for your guidance, it really helped.After what seemed like days looking at the table in phpmyadmin I noticed that there was extra code at the end of the MD5 hash after a semicolon. I was only replacing the password before the semicolon when I should have replaced the entire password. DUH.
Anyway, I’m back in business and will upgrade to Joomla 1.5.7, back-up my website (already backed up the database in phpmyadmin) and implement every other security measure all of you have patiently pointed out.
Thanks a million.
-
AuthorPosts
This topic contains 13 replies, has 5 voices, and was last updated by lcgrant 16 years, 3 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum