OOOOPS !!! lost access to admin..., a forum discussion on Jojo CMS. Join us for more discussions on OOOOPS !!! lost access to admin... on our Administration (backend and configuration) forum.
Where's the fun in that :-)
I'm guess that, because the rest of us aren't seeing our few hundred sites being compromised, there isn't a known (in the hacker community) vulnerability in Jojo. There could have been/be security issues in one or more of the externals that we are not aware of.
You must be logged in to post a reply
 Back to Forum Index : Back to Administration (backend and configuration) |
 |
Hi,
My jojo site was hacked sometime ago. seemed it had a security issue.... I managed to fix the front part, but did not realize at that time that i had lost access to the admin : when i go to http://demo.glouk.org/admin, i get a page with my standard front header, and nothing in it...
it's RC1. I tried upgrading to 1.0 stable but it's worse : i only get blank pages.
ran setup many times, did nothing...
Any insight ? I'm somewhat lost here, and of course i have quite an urgent need to add content to my demo site.
thanks.
glouk
My jojo site was hacked sometime ago. seemed it had a security issue.... I managed to fix the front part, but did not realize at that time that i had lost access to the admin : when i go to http://demo.glouk.org/admin, i get a page with my standard front header, and nothing in it...
it's RC1. I tried upgrading to 1.0 stable but it's worse : i only get blank pages.
ran setup many times, did nothing...
Any insight ? I'm somewhat lost here, and of course i have quite an urgent need to add content to my demo site.
thanks.
glouk
Open up phpMyAdmin (or what ever other tool you use for managing you database tables) and delete the rows from the page table that relate to the admin area.
Then run setup and it will re-add these and you should be able to log in again.
How was the site hacked? Was it the whole server that was hacked or just the Jojo site? Have you got the access logs from the time it was hacked that we could look at to investigate any possible security issue with Jojo?
- Mike
Then run setup and it will re-add these and you should be able to log in again.
How was the site hacked? Was it the whole server that was hacked or just the Jojo site? Have you got the access logs from the time it was hacked that we could look at to investigate any possible security issue with Jojo?
- Mike
Sorry for the above posts... I was on my old mobile and it gave a redirection limit error... I guess it kept posting instead of moving on to the following page.
[admin: repeated posts removed]
[admin: repeated posts removed]
About the hacking method : i do not remember exactly, but it was jojo specific :(. i did not memorize it : had something to do with php.
I'm sorry i did not post about it here, but i was so pissed off that i threw everything away.
as for the repair : i'll try it and come back to you
thanks
PS : i just understood about dwoo... 1.0 has left smarty behind ? means i have to rewrite all the smarty code ?
I'm sorry i did not post about it here, but i was so pissed off that i threw everything away.
as for the repair : i'll try it and come back to you
thanks
PS : i just understood about dwoo... 1.0 has left smarty behind ? means i have to rewrite all the smarty code ?
Rick,
I followed your instructions, deleted the rows and they were recreated by setup, but still the same problem : http://demo.glouk.org/admin leads to a page with my front theme and no content... I join a screen capture...
I created a new clean install with jojo 1.0, and i get white pages when i install my plugin and theme
I wonder if this has to do with mod_rewrite ? that would explain why the front theme is applied when i load http://demo.glouk.org/admin
Maybe i messed up rewrite rules... or there remains a trace of the hacker...
if you have an idea here, i would be grateful, since i have an urgent need to update my website.
thanks
I followed your instructions, deleted the rows and they were recreated by setup, but still the same problem : http://demo.glouk.org/admin leads to a page with my front theme and no content... I join a screen capture...
I created a new clean install with jojo 1.0, and i get white pages when i install my plugin and theme
I wonder if this has to do with mod_rewrite ? that would explain why the front theme is applied when i load http://demo.glouk.org/admin
Maybe i messed up rewrite rules... or there remains a trace of the hacker...
if you have an idea here, i would be grateful, since i have an urgent need to update my website.
thanks
The front theme will be applied to /admin/ if you're not logged in... It shows the login form within your website's theme. That may be what's happening there.
When you upgraded to 1.0, did the templating engine get automatically set to Dwoo? Usually a completely blank screen means that Dwoo couldn't run some code that was intended for Smarty. Eg section tags.
My initial thought was that you'd overridden the login template with a blank one... but I just tried loading your demo site and none of the asset files (images, css, javascript etc) are loading.
/ - loads
/index.php - redirects to /
/index.html - fails
/admin/ - loads (empty content area)
/css/styles.css - fails
/js/common.js - fails
/images/logo.jpg - fails
/images/newheader.gif - fails
/admin/edit/ - fails
/favicon.ico - loads
It almost looks like the whole site has been stripped back to two html files (/index.php and /admin/<something>).
I'd suggest fixing your htaccess file. To do this you simply need to make sure the directory has appropriate permissions, delete the file and load up your website. Jojo will recreate the file for you. See what that fixes. I hope this helps, keep us posted.
Also, does your template have stylesheet includes at the top? I see lines for stylesheets named header/home/films/film/plan etc. If you really want these to be separate files instead of combined into styles.css then you can add the rows in a customhead.tpl file in your theme's template folder. That will put them inside the head tags.
If you remember how the site was compromised, you might want to let the main devs know via the contact form rather than posting here :)
When you upgraded to 1.0, did the templating engine get automatically set to Dwoo? Usually a completely blank screen means that Dwoo couldn't run some code that was intended for Smarty. Eg section tags.
My initial thought was that you'd overridden the login template with a blank one... but I just tried loading your demo site and none of the asset files (images, css, javascript etc) are loading.
/ - loads
/index.php - redirects to /
/index.html - fails
/admin/ - loads (empty content area)
/css/styles.css - fails
/js/common.js - fails
/images/logo.jpg - fails
/images/newheader.gif - fails
/admin/edit/ - fails
/favicon.ico - loads
It almost looks like the whole site has been stripped back to two html files (/index.php and /admin/<something>).
I'd suggest fixing your htaccess file. To do this you simply need to make sure the directory has appropriate permissions, delete the file and load up your website. Jojo will recreate the file for you. See what that fixes. I hope this helps, keep us posted.
Also, does your template have stylesheet includes at the top? I see lines for stylesheets named header/home/films/film/plan etc. If you really want these to be separate files instead of combined into styles.css then you can add the rows in a customhead.tpl file in your theme's template folder. That will put them inside the head tags.
If you remember how the site was compromised, you might want to let the main devs know via the contact form rather than posting here :)
Rick said...
If you remember how the site was compromised, you might want to let the main devs know via the contact form rather than posting here :)
If you remember how the site was compromised, you might want to let the main devs know via the contact form rather than posting here :)
Where's the fun in that :-)
I'm guess that, because the rest of us aren't seeing our few hundred sites being compromised, there isn't a known (in the hacker community) vulnerability in Jojo. There could have been/be security issues in one or more of the externals that we are not aware of.
Well, it seems i have lost everything but my data here.
i've managed to access administration by reinstalling RC1 and deactivating my theme in phpMyadmin, but :
- all the specifics of my plugin, and especially administration pages, have disappeared in the process (maybe the setup ?)
- the front is not working anymore - i get this message :
"Your Jojo theme doesn't have a template.tpl file. It needs this to work.
For more information, you may want to try the Jojo documentation."
(of course this is not true)
- when i reactivate my theme it is automatically also applied to the admin, and everything disappears.
which means everything has to be rebuilt from scratch... i guess
unless someone has a way out of this...
i've managed to access administration by reinstalling RC1 and deactivating my theme in phpMyadmin, but :
- all the specifics of my plugin, and especially administration pages, have disappeared in the process (maybe the setup ?)
- the front is not working anymore - i get this message :
"Your Jojo theme doesn't have a template.tpl file. It needs this to work.
For more information, you may want to try the Jojo documentation."
(of course this is not true)
- when i reactivate my theme it is automatically also applied to the admin, and everything disappears.
which means everything has to be rebuilt from scratch... i guess
unless someone has a way out of this...
| Back to Forum Index : Back to Administration (backend and configuration) |
|
