sunshynecraftsbeads Posted February 4, 2011 Share Posted February 4, 2011 Hi, Last night when I was on my website I noticed some changes made to my items so I did the security check from my website admin and it showed that someone had made a bunch of changes to my website. It provided me with a list of area's that changes were made. Today I went to sign in to my website/admin ( actually different ) but it will not allow me to sign in. Error: Invalid administrator login attempt. I have looked at my website www.sunshynecraftsbeads.com and it is still up and running. I know my password so I know that I am typing it in right. Is there anything I can do ??? Thank you in advance, Tracie Link to comment Share on other sites More sharing options...
Xpajun Posted February 4, 2011 Share Posted February 4, 2011 Tracie, access your database via phpMyAdmin BROWSE the administrators table, EMPTY it, now go back to your admin login, it will tell you there are no administrators and request you to enter one with password do this and then log in with your new user name and password My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
Guest Posted February 4, 2011 Share Posted February 4, 2011 Tracie, In the past few months I have cleaned several websites where the hackers have changed the password validation file so no matter how many times you truncate your administrators table (as Julian suggested) and re-create your username and password, you will always receive the 'Invalid Administrator' error. If you have a clean backup, I suggest uploading clean copies of these files into your admin: /admin/administrators.php /admin/index.php /admin/login.php /admin/includes/functions/password_funcs.php /admin/includes/functions/validations.php However, you will also need to identify and remove the anomalous files and malicious code from your website and then apply the security patches found in the security forum. Once that is done, install the security contributions. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 5, 2011 Author Share Posted February 5, 2011 Thank you so much for the quick reply. I have gone to the website phpMyAdmin and I am not sure how I am to get my database there to make the changes. I add my website to the database and the following information came up which is all foreign to me. I am toally lost here. Error MySQL said: #1045 - Access denied for user 'root'@'localhost' (using password: NO) Connection for controluser as defined in your configuration failed. phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should check the host, username and password in your configuration and make sure that they correspond to the information given by the administrator of the MySQL server. Current Server: (Servers) ... MySQL (root) MariaDB (root) Drizzle (root) Warning in ./libraries/dbi/mysqli.dbi.lib.php#111 mysqli_real_connect(): (28000/1045): Access denied for user 'pma'@'localhost' (using password: YES) Backtrace ./libraries/dbi/mysqli.dbi.lib.php#111: mysqli_real_connect( object, string localhost, string pma, string heslo, string , integer 0, string /var/run/mysqld/mysqld.sock, integer 0, ) ./libraries/common.inc.php#909: PMA_DBI_connect( string pma, string heslo, boolean 1, ) ./server_databases.php#11: require_once(./libraries/common.inc.php) Warning in ./libraries/dbi/mysqli.dbi.lib.php#111 mysqli_real_connect(): (28000/1045): Access denied for user 'root'@'localhost' (using password: NO) Backtrace ./libraries/dbi/mysqli.dbi.lib.php#111: mysqli_real_connect( object, string localhost, string root, string , string , integer 0, string /var/run/mysqld/mysqld.sock, integer 0, ) ./libraries/common.inc.php#914: PMA_DBI_connect( string root, string , boolean , ) ./server_databases.php#11: require_once(./libraries/common.inc.php) Notice in ./libraries/header.inc.php#20 Undefined index: is_ajax_request Backtrace ./libraries/common.lib.php#548: require_once(./libraries/header.inc.php) ./libraries/auth/config.auth.lib.php#117: PMA_mysqlDie( string #1045 - Access denied for user 'root'@'localhost' (using password: NO), string , boolean 1, string , boolean , ) ./libraries/dbi/mysqli.dbi.lib.php#130: PMA_auth_fails() ./libraries/common.inc.php#914: PMA_DBI_connect( string root, string , boolean , ) ./server_databases.php#11: require_once(./libraries/common.inc.php) Notice in ./libraries/footer.inc.php#91 Undefined index: is_ajax_request Backtrace ./libraries/auth/config.auth.lib.php#134: require(./libraries/footer.inc.php) ./libraries/dbi/mysqli.dbi.lib.php#130: PMA_auth_fails() ./libraries/common.inc.php#914: PMA_DBI_connect( string root, string , boolean , ) ./server_privileges.php#11: require_once(./libraries/common.inc.php) Notice in ./libraries/footer.inc.php#201 Undefined index: is_ajax_request Backtrace ./libraries/auth/config.auth.lib.php#134: require(./libraries/footer.inc.php) ./libraries/dbi/mysqli.dbi.lib.php#130: PMA_auth_fails() ./libraries/common.inc.php#914: PMA_DBI_connect( string root, string , boolean , ) ./server_privileges.php#11: require_once(./libraries/common.inc.php) Notice in ./libraries/footer.inc.php#209 Undefined index: is_ajax_request Backtrace ./libraries/auth/config.auth.lib.php#134: require(./libraries/footer.inc.php) ./libraries/dbi/mysqli.dbi.lib.php#130: PMA_auth_fails() ./libraries/common.inc.php#914: PMA_DBI_connect( string root, string , boolean , ) ./server_privileges.php#11: require_once(./libraries/common.inc.php) Link to comment Share on other sites More sharing options...
Guest Posted February 5, 2011 Share Posted February 5, 2011 Tracie, Using phpmyadmin, you can see all of the database tables. Select the administrators table and truncate it (empty it). DO NOT DELETE IT. Then, go to your admin url again and it will tell there are NO administrators and you must create one. So, create an administrator account and try to log into your admin area again. HOPEFULLY, it will let you in. If not, you may have to do as I suggested above, replacing the key files associated with your administrator account. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 5, 2011 Author Share Posted February 5, 2011 Tracie, Using phpmyadmin, you can see all of the database tables. Select the administrators table and truncate it (empty it). DO NOT DELETE IT. Then, go to your admin url again and it will tell there are NO administrators and you must create one. So, create an administrator account and try to log into your admin area again. HOPEFULLY, it will let you in. If not, you may have to do as I suggested above, replacing the key files associated with your administrator account. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 5, 2011 Author Share Posted February 5, 2011 Hi Chris, I do not see the administration tables you are referring to. This is what I am getting. Am I in the wrong area ? Please advise and thank you so much for your time. MySQL phpmyadmin StructureSQLSearchTrackingQueryExportImportDesignerOperationsPrivilegesDrop Table Action Records 1 Type Collation Size Overhead pma_bookmark 0 MyISAM utf8_bin 1.0 KiB - pma_column_info 0 MyISAM utf8_bin 4.0 KiB - pma_designer_coords 0 MyISAM utf8_bin 2.0 KiB - pma_history 0 MyISAM utf8_bin 4.0 KiB - pma_pdf_pages 0 MyISAM utf8_bin 1.0 KiB - pma_relation 1 MyISAM utf8_bin 9.1 KiB - pma_table_coords 0 MyISAM utf8_bin 2.0 KiB - pma_table_info 0 MyISAM utf8_bin 2.0 KiB - pma_tracking 0 MyISAM utf8_bin 2.0 KiB - pma_userconfig 0 MyISAM utf8_bin 1.0 KiB - 10 table(s) Sum 1 MyISAM utf8_bin 28.1 KiB 0 B Check All / Uncheck All With selected: Empty Drop Print view Check table Optimize table Repair table Analyze table Export -------------------------------------------------------------------------------- Link to comment Share on other sites More sharing options...
Guest Posted February 5, 2011 Share Posted February 5, 2011 Tracie, It doesn't appear you are looking at the correct database. There should be 46+ tables in the osCommerce database. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 5, 2011 Author Share Posted February 5, 2011 Hi Chris, Thank you so much. I have figured it out. I did not have my own cpanel available so I was looking for oscommerce admin on the website provided. Dah.. Once I had my cpanel back I was able to change the password and I now have access to my account. I did a manual check for hacked files using my site monitor but it is saying that there is no hacked files although some of my products have been partly removed. I also have the FWR Security Pro value as true and file exclusions "on". Is there anything more that I can do once I have found all the files that have been hacked? I am not sure what to look for but I will go through the folders slowly and hopefully I catch them all. Thank you so much for your help. As always it just shows how great oscommerce is with amazing staff helping others. I am truly greatful to all of you who work so hard for all of us. Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted February 5, 2011 Share Posted February 5, 2011 If you installed the must have security patchs then site monitor can check for the suspicious strings, you might want to install VTS as well. Links to threads listing all the changes required are in my profile/about me pages. I need to update VTS as I have just found a couple of new strings that need to be checked for, am on a public PC at the moment and don't have access to these strings. HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Hello, I have been away in hospital and just returned to find that my website does not exist. It was there earlier today as I deleted all my products because every time I tried to correct a hacked product it would disappear again. Now it says I do not have a admin. I printed off the information you gave me about securing my site and found this message; 1146 - Table 'tracie_osc1.administrators' doesn't exist select id from administrators limit 1 [TEP STOP] Is there anything I can do at this point ? I went into my phpmyadmin and the admin is not under tracie_osc1 (46) There is however a folder in my database called information_schema (17) I have no idea what this is ?? Does anyone have any suggestions on what I can do at this point ? Thank you kindly, Tracie Link to comment Share on other sites More sharing options...
Guest Posted February 11, 2011 Share Posted February 11, 2011 Tracie, Is the OSC1 database still there and how many tables are in it ? Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Hi Chris, Yes there are 46 files under tracie_osc1 but admin is not one of them. Link to comment Share on other sites More sharing options...
Guest Posted February 11, 2011 Share Posted February 11, 2011 OK Tracie, I think that you DROPPED the table instead of TRUNCATING it. One delete it the other empties it. So, you need to create the table again. DROP TABLE IF EXISTS administrators; CREATE TABLE administrators ( id int NOT NULL auto_increment, user_name varchar(255) binary NOT NULL, user_password varchar(60) NOT NULL, PRIMARY KEY (id) ); Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Hi Chris, I am in my phpmyadmin At the bottom there is a area that says create new table on database tracie_osc1 It asks for a name : I entered " administrators " It then takes me to the following area that has the following information; Field - 2 blank boxes next to it Type - 2 boxes that have INT in both Length/Values - 2 Boxes that are blank Default - 2 boxes that both say None and has a drop down list Collation - 2 boxes that have a drop down list Attributes - 2 Blank boxes that has a drop down list Null - 2 boxes that can be ticked Index - 2 boxes that are blank but has drop down list Auto_Increment - 2 boxes that can be ticked Comments - 2 boxes to include information Then below that information it has the following; Table comments, Storage Engine ( with drop down list ), Collation ( with drop down list ) Then it tells me to " save " or add a # field then " go " Link to comment Share on other sites More sharing options...
Guest Posted February 11, 2011 Share Posted February 11, 2011 Tracie, Use the SQL tab to enter the statement above. Don't use insert table. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Thanks Chris. That worked. I am able to sign in to my admin now. I noticed that when I do a manual check for hacked files using my site monitor it is telling me that it can not open my configure file so I am assuming that was hacked as well. Thank you so much for your help. Tracie Link to comment Share on other sites More sharing options...
Guest Posted February 11, 2011 Share Posted February 11, 2011 site monitor it is telling me that it can not open my configure file Check the permissions first before assuming that. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Chris, I am so sorry to bother you again but the following is now coming up when I try to go to mt admin; http://gogvo.com/404.html I can bring up the website but not the admin I am so sorry Tracie Link to comment Share on other sites More sharing options...
Guest Posted February 11, 2011 Share Posted February 11, 2011 Tracie, Are you certain your site was cleaned? Check you admin login URL again. Check the admin/includes/configure.php file for the correct paths. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Hi Chris, I have checked my admin log on again and I keep getting this ; http://gogvo.com/404.html No, I am not certain that all my files are clean as I can not get into them to check and the site monitor is not working when I was able to get into my admin. I do not have a admin/includes/configure.php The configure file is in public_html/includes/configure.php My configure.php file is below. I have changed the password to XXXXX for this posting; <?php define('HTTP_SERVER', 'http://sunshynecraftsbeads.com'); define('HTTP_CATALOG_SERVER', 'http://sunshynecraftsbeads.com'); define('HTTPS_CATALOG_SERVER', 'https://sunshynecraftsbeads.com'); define('ENABLE_SSL_CATALOG', false); define('DIR_FS_DOCUMENT_ROOT', '/home/tracie/public_html/'); define('DIR_WS_ADMIN', '/cassidy/'); define('DIR_FS_ADMIN', '/home/tracie/public_html/cassidy/'); define('DIR_WS_CATALOG', '/'); define('DIR_FS_CATALOG', '/home/tracie/public_html/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('DB_SERVER', 'localhost'); define('DB_SERVER_USERNAME', 'tracie_osc1'); define('DB_SERVER_PASSWORD', 'XXXXXX[XXXXX'); define('DB_DATABASE', 'tracie_osc1'); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); ?> Thank you again, Tracie Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Hi Chris, No, I am not certain that my files are clean. I can not get into them to check and I don't know exactly what I am looking for. I tried to sign in to my admin again with no luck. I do not have a admin/includes configure.php It is in the public_html/includes/configure.php Here is what it is telling me. I have changed the password for the posting here to XXXXX XXXXX. <?php define('HTTP_SERVER', 'http://sunshynecraftsbeads.com'); define('HTTPS_SERVER', 'https://sunshynecraftsbeads.com'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'sunshynecraftsbeads.com'); define('HTTPS_COOKIE_DOMAIN', 'sunshynecraftsbeads.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/tracie/public_html/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DB_SERVER', 'localhost'); define('DB_SERVER_USERNAME', 'tracie_osc1'); define('DB_SERVER_PASSWORD', 'XXXXXX[XXXXX'); define('DB_DATABASE', 'tracie_osc1'); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); ?> Does this help ? I am so lost now. Tracie Link to comment Share on other sites More sharing options...
Guest Posted February 11, 2011 Share Posted February 11, 2011 Tracie, You MUST have an youradmindirectory/includes/configure.php for your admin area to function. The configure.php file you provided looks normal enough, but your admin has been corrupted or compromised. You need to look at your files from your hosting providers file manager or your FTP to determine what the condition is. Chris Link to comment Share on other sites More sharing options...
sunshynecraftsbeads Posted February 11, 2011 Author Share Posted February 11, 2011 Thanks Chris. I talked to someone from my host provider and they just told me to re install oscommerce so I am not getting any help there. I think I may have to do it because every time I try to upload a php from my person folders on my computer I get C:\fakepath\files.def: 1.21 KB Complete Thank you for your help and patience. It was greatly appreciated. Tracie Link to comment Share on other sites More sharing options...
barrycaine Posted February 25, 2011 Share Posted February 25, 2011 When you find out how to change admin and password let me know, I have the same problem Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.