chrisr63 Posted December 12, 2007 Posted December 12, 2007 I'm having trouble accessing my admin. My store has been working fine for ages, but suddenly I can't get into admin - after entering the first username/password I get redirected to a 401 error page. I have a feeling my site may have been hacked recently as my hosting keeps going down and various strange things keep happening to the site, which may be at the route of the problem. Can anyone point me in the right direction to diagnose the problem. I think it may be something to do with one of the .htaccess files, but I'm not technically minded, so any help would be much appreciated. Thanks
sdrio Posted December 12, 2007 Posted December 12, 2007 I'm having trouble accessing my admin. My store has been working fine for ages, but suddenly I can't get into admin - after entering the first username/password I get redirected to a 401 error page. I have a feeling my site may have been hacked recently as my hosting keeps going down and various strange things keep happening to the site, which may be at the route of the problem. Can anyone point me in the right direction to diagnose the problem. I think it may be something to do with one of the .htaccess files, but I'm not technically minded, so any help would be much appreciated. Thanks 401 should simply mean your username/pass isn't correct. that's not to say you got it wrong, but somethings up . . . There are normally 2 ways that your directory would be protected - could be a .htaccess file in the folder itself, or via your hosts admin panel. .htaccess - Assuming you have ftp access at least, check for a .htaccess file in the /admin directory, and see where it's looking for a password (should be pointing to another file, probably called .htpasswd). That file should be somewhere outside your html folder, but it can be almost anywhere. It will have the username, and a funky looking string of characters that represent the encrypted password. If so far this is all true, you can just change the password - easiest way is to use an online password generator Like this one, which will generate the correct encryption for you to copy/paste into the .htpasswd file. If there is no .htaccess it could be that your ISP uses a system where directory protection is controled via a user control panel. It's normally reasonably straightforward to use - you'll have a GUI and won't need to dig far to find directory protection. Just set a new password for the /admin directory. (be carefull not to hit the store directory with a password, as your customers will find it rather hard to buy anything!). Can't really say how to find the control panel - normally your ISP would have a link to it on their main page. See how that goes.
chrisr63 Posted December 12, 2007 Author Posted December 12, 2007 401 should simply mean your username/pass isn't correct. that's not to say you got it wrong, but somethings up . . . There are normally 2 ways that your directory would be protected - could be a .htaccess file in the folder itself, or via your hosts admin panel. .htaccess - Assuming you have ftp access at least, check for a .htaccess file in the /admin directory, and see where it's looking for a password (should be pointing to another file, probably called .htpasswd). That file should be somewhere outside your html folder, but it can be almost anywhere. It will have the username, and a funky looking string of characters that represent the encrypted password. If so far this is all true, you can just change the password - easiest way is to use an online password generator Like this one, which will generate the correct encryption for you to copy/paste into the .htpasswd file. If there is no .htaccess it could be that your ISP uses a system where directory protection is controled via a user control panel. It's normally reasonably straightforward to use - you'll have a GUI and won't need to dig far to find directory protection. Just set a new password for the /admin directory. (be carefull not to hit the store directory with a password, as your customers will find it rather hard to buy anything!). Can't really say how to find the control panel - normally your ISP would have a link to it on their main page. See how that goes. Thanks for the advice. I set up another password but didn't need it in the end. I seem to have resolved the problem by going to an admin page in my browsing history (ie not store/admin but store/admin/xxxx.php) which got me in. Now I can also access store/admin too! Maybe just the fact that I uploaded a replaced the existing password file did the trick? Anyway thanks again for your help. I'm off to find a new host.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.