Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Cannot login? Hackers?


Comesticage

Recommended Posts

Hi,

 

My website is still working. www.oxytarm-ap.com

 

But when i try to login the admin module at

 

http://oxytarm-ap.com/shop/catalog/admin/

 

All i get is

 

Unauthorized

 

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Apache Server at oxytarm-ap.com Port 80

1) password never been changed before 2) i can login about a week ago 3) i used several different dates of backups (of the admin folder) and re upload via ftp.

But still can't login.

This is panicking help someone! =)

TIA

Link to comment
Share on other sites

Having access to your cPanel, you can reset the admin password, there are several posts here explaining this

 

You need basically to empty table "administrators" from the DB and remove the password related entries from files .htaccess and htpasswd_oscommerce in folder /admin/

Link to comment
Share on other sites

@@multimixer

 

Thanks, i followed the instructions online and manage to empty the table and login.

 

Now, i am trying to re set up the htcaccess...

 

don't really know how to.

 

Is there any feature that i can add to beef up the security of my admin page?

 

TIA

 

Admin directory should be renamed and the pertinent line in configure.php changed to match.

I like the new IP trap by Fimble. It has one feature I wanted to utilize years ago; the ability to block an ip from my admin. no need to log into Cpanel and add the ip to htaccess http://addons.oscommerce.com/info/5914

Also, one of the sitemonitor addons is a great addition. Set up as a cron and get notified if any files are added, altered, or deleted.

 

Tim

Link to comment
Share on other sites

Now that you can login again, go to admin>configuration>administrators, click edit on your admin name, and add the password again, make sure to click the checkbox about adding htaccess protection

 

When i followed this steps, there was no checkbox. i am using 2,3.1 - i dunno sometimes i have missing check box...

 

just like when i upload the images for the products, there's suppose to have a delete option to delete the image. that is also missing. so what i always do is just upload the pictures and it will overwrite the original ones...

 

so about the checkbox of the htaccess. is there anything that is wrong with my oscommerce?

 

Regards,

Link to comment
Share on other sites

 

so about the checkbox of the htaccess. is there anything that is wrong with my oscommerce?

 

 

No, there is probably something wrong with the server environment or the file permissions. Do you have any message regarding file permissions in admin>configuration>administrators?

 

You can also set htaccess protection to the admin folder via cPanel, there must be a feature like "password protect categories" or similar

Link to comment
Share on other sites

No, there is probably something wrong with the server environment or the file permissions. Do you have any message regarding file permissions in admin>configuration>administrators?

 

You can also set htaccess protection to the admin folder via cPanel, there must be a feature like "password protect categories" or similar

 

Yes i do, as below

 

Msg is

 

Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

The following files need to be writable by the web server to enable the htaccess/htpasswd security layer:

  • /home/content/17/8283017/html/shop/catalog/admin/.htaccess
  • /home/content/17/8283017/html/shop/catalog/admin/.htpasswd_oscommerce

Reload this page to confirm if the correct file permissions have been set.

 

What do you think?

Link to comment
Share on other sites

You need to change the file permissions on those to files so osC can write the appropriate information to them. Usually you can CHMOD (change the file pemissions) using your FTP Client. I use FileZilla and if I right mouse click on the file I want to change there is a "File Permissions" option that will allow me to do that...if you are using a cpanel I can't help (I don't) but look around and you should find some way to change the permissions.

Link to comment
Share on other sites

I am having the same problem.

 

I cleared the administration table. What am I clearing in the other files? (.htaccess and htpasswd_oscommerce)

 

The htpassword_oscommerce file is blank.

 

The htaccess file reads:

 

# $Id$

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

# AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

#<IfModule mod_setenvif.c>

# <IfDefine SSL>

# SetEnvIf User-Agent ".*MSIE.*" \

# nokeepalive ssl-unclean-shutdown \

# downgrade-1.0 force-response-1.0

# </IfDefine>

#</IfModule>

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

# AcceptPathInfo On

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

# php_value session.use_trans_sid 0

# php_value register_globals 1

AuthType Basic

AuthName "osCommerce Admin Access"

AuthUserFile /home/content/xx/xxxxxxx/html/YY/catalog/admin/.htpasswd

Require valid-user

Link to comment
Share on other sites

For .htpasswd_oscommerce: remove all content, leave the file empty

 

For .htaccess: Remove following lines

 

AuthType Basic
AuthName "osCommerce Admin Access"
AuthUserFile /home/content/xx/xxxxxxx/html/YY/catalog/admin/.htpasswd
Require valid-user

Link to comment
Share on other sites

I was able to recover the admin console. I changed the admin directory to something else and changed the configure file to reflect the change. Now I am getting this error for the store:

 

 

Warning: mysql_connect() [function.mysql-connect]: Access denied for user '[email protected]' (using password: YES) in /home/content/xx/xxxxxxx/html/directory1/catalog/includes/functions/database.php on line 19

Unable to connect to database server!

 

I feel that I am close. What is this error?

 

Also, does anyone know why the admin login error occurred in the first place? This is something new to our site.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...