Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Cannot login as customer or admin


Guest

Recommended Posts

I can suddenly no longer login as a customer or even into admin. It does process the password, as I get an error if I enter a wrong password. Entering the correct one just takes me back to the login screen.

 

Not sure where to go from here.

 

Keith

Link to comment
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Keith,

 

If you can post your URL we will better be able to help you. If you don't want to post the url here, you can PM it to me.

 

 

 

 

Chris

Link to comment
Share on other sites

Keith,

 

Your website has been hacked !

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) If you feel you can not perform any of the above steps, you should seek professional help to ensure all malware is removed.

 

 

Chris

Link to comment
Share on other sites

Your website has been hacked !

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

Chris

 

Can you provide me what any docs on the above two steps?

 

Keith

Link to comment
Share on other sites

Keith,

 

There are no docs on those two steps.

 

 

Log into your hosting account control panel, use file manager to locate the root directory of your osCommerce installation. Click password protect and create a username and password to lock it down.

 

Once you are done cleaning it, reverse those steps.

 

 

 

Chris

Link to comment
Share on other sites

Keith,

 

There are no docs on those two steps.

 

 

Log into your hosting account control panel, use file manager to locate the root directory of your osCommerce installation. Click password protect and create a username and password to lock it down.

 

Once you are done cleaning it, reverse those steps.

 

 

 

Chris

 

Got it.

 

How did you know that it was hacked? How to check if it is cleaned out?

 

Keith

Link to comment
Share on other sites

Keith,

 

The error message on your site with eval() was the first indication. The second was your http://www.k-wbookworm.com/catalog/images/ directory. The hacker has a file in there that displays his logo when you go to the directory. And finally, your /admin folder still has the filemanager.php in it and the directory is still called /admin. So, non of the basic security patches have been applied.

 

 

 

 

Chris

Link to comment
Share on other sites

Keith,

 

The error message on your site with eval() was the first indication. The second was your http://www.k-wbookworm.com/catalog/images/ directory. The hacker has a file in there that displays his logo when you go to the directory. And finally, your /admin folder still has the filemanager.php in it and the directory is still called /admin. So, non of the basic security patches have been applied.

 

 

 

 

Chris

 

Actually, /admin was renamed. I just named it back to have access to the admin program.

 

I was sure I deleted filemanager.php.

Link to comment
Share on other sites

Keith,

 

 

Read step 4 I posted above about the security support forum and look for all of the listed vulnerabilities. The site is definitely hacked and needs to be cleaned and then secured.

 

 

 

 

 

Chris

Link to comment
Share on other sites

Keith,

 

Read step 4 I posted above about the security support forum and look for all of the listed vulnerabilities. The site is definitely hacked and needs to be cleaned and then secured.

 

Chris

 

Thanks Chris,

 

I've spent the day searching and cleaning. I think I have it all fixed up. All passwords changes.

 

Now, I still cannot login. As either a customer or an admin.

 

Keith

Link to comment
Share on other sites

Keith,

 

 

If you host upgraded to PHP 5.3, you will receive Deprecated Ereg errors.

 

If you want to update your files to be PHP 5.3 compatible, use this

 

 

 

 

Chris

Link to comment
Share on other sites

Keith,

 

 

Confirm your settings in admin>>configuration>>sessions

 

The should appear like this:

 

Session Directory /tmp

Force Cookie Use False

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session True

 

 

Chris

Link to comment
Share on other sites

Keith,

 

 

Confirm your settings in admin>>configuration>>sessions

 

The should appear like this:

 

Session Directory /tmp

Force Cookie Use False

Check SSL Session ID False

Check User Agent False

Check IP Address False

Prevent Spider Sessions True

Recreate Session True

 

 

Chris

 

admin>configuration>sessions? I have no such path/file

Link to comment
Share on other sites

Keith,

 

 

Are you positive you have identified and removed ALL hacker files and malicious content from your website ?

 

I just created an account on your site, and lost the osCID when I clicked Continue and also when I tried to add an item to the shopping cart

 

 

Since your site is mostly unmodified, have you considered re-installing the files ?

 

Just some thoughts.

 

 

 

Chris

Link to comment
Share on other sites

Keith,

 

 

Are you positive you have identified and removed ALL hacker files and malicious content from your website ?

 

I just created an account on your site, and lost the osCID when I clicked Continue and also when I tried to add an item to the shopping cart

 

 

Since your site is mostly unmodified, have you considered re-installing the files ?

 

Just some thoughts.

 

 

 

Chris

 

I'm as sure as I can be. The only way I guess is to install each individual .php file from scratch until I find the issue.

 

I assume if I d/l and extract, the full directory structure will be there for me on my local machine? I can then work on file at a time.

Link to comment
Share on other sites

Also, how do I confirm what version I'm running?

 

My head is spinning here. I've been at this for two days and cannot find the issue.

Link to comment
Share on other sites

Also, how do I confirm what version I'm running?

 

My head is spinning here. I've been at this for two days and cannot find the issue.

 

V2.2 RC2a

Link to comment
Share on other sites

I have now overwritten all files that come with a fresh download of the same version. Still I cannot log in as a customer.

 

I am pretty sure it is not a hacker issue anymore.

Link to comment
Share on other sites

Actually, /admin was renamed. I just named it back to have access to the admin program.

 

I was sure I deleted filemanager.php.

 

When it is 'named back' are you able to log in at all?

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

When it is 'named back' are you able to log in at all?

 

Nope, just keeps taking me back to the login screen.

Link to comment
Share on other sites

Keith,

 

I once cleaned a site where the hacker corrupted the password_func.php, validation.php and the database tables. I ended up re-creating the site and database, importing the information after the database was re-created.

 

I know it is not what you want to hear, but with all of the time you have already invested, you could have a new site installed.

 

 

 

 

 

Chris

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...