I used admin tools to secure my admin page behind a ?####### in the url. It appears I have been hacked in some other way, again, and now i get a 404 error on the both the /administrator page and the /administrator/?###### what do i do now?
#25267 Hacked again, now unable to get to url protected admin page
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by on Sunday, 03 July 2016 17:20 CDT
Monday, 30 May 2016 07:09 CDT
user82230
Monday, 30 May 2016 08:45 CDT
tampe125
Akeeba Staff
Hello Kiera,
we have a detailed walkthrough here that will guide you in the steps on how restore your site after an hack occurred.
we have a detailed walkthrough here that will guide you in the steps on how restore your site after an hack occurred.
Davide Tampellini
Developer and Support Staff
๐ฎ๐นItalian: native ๐ฌ๐งEnglish: good โข ๐ My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Tuesday, 31 May 2016 00:18 CDT
user82230
I ended up rolling my site back a week and was able to get back into the admin page. However, the fact that i was locked out from even getting to my admin screen *really* concerns me! The page you sent me to has *nothing* to say on this point so the answer really wasnt useful.
Before we close this ticket, can you please explain to me HOW someone - who clearly did NOT get into my backend the usual way was able to lock me out of my own administration site?
Also, is there a way to set it up so that it is not possible to block people from using urls on my site that arent there?
ie mainsite.com/index.php?start=p2pzk475frsf8kz so that only pages actually IN the site work? I have everything set up to go to nice clean urls without any of those ugly ?options in them. Hmm... of course that would break the admin page, LOL.
I preferred the old protection for the admin page where it was actually a different base url - why did you guys change that anyways?
Before we close this ticket, can you please explain to me HOW someone - who clearly did NOT get into my backend the usual way was able to lock me out of my own administration site?
Also, is there a way to set it up so that it is not possible to block people from using urls on my site that arent there?
ie mainsite.com/index.php?start=p2pzk475frsf8kz so that only pages actually IN the site work? I have everything set up to go to nice clean urls without any of those ugly ?options in them. Hmm... of course that would break the admin page, LOL.
I preferred the old protection for the admin page where it was actually a different base url - why did you guys change that anyways?
Tuesday, 31 May 2016 05:39 CDT
tampe125
Akeeba Staff
If your site is compromised, changing the secret param is not the solution. The solution is explained inside the guide I posted before, where it suggests to revert to a previous backup (thing that you already did on your own).
If your site is vulnerable (ie a vulnerable extension, another site on the same server compromised and the server is poor configured etc etc), an attacker has access to all of your files. It's pretty easy to change some configuration values.
Finally, blocking all non existent pages is a really bad thing: any attacker could simply perform a Denial of Service by visiting ANY of your pages, since you are going to log and store all those information to block the user.
Regarding changing the administrator folder, the feature is still there, you can see that inside the WAF configuration page. We no longer offer support since we saw that the majority of servers have a poor setup, leading to users being blocked and locked out from their sites as soon as they enabled such feature.
If your site is vulnerable (ie a vulnerable extension, another site on the same server compromised and the server is poor configured etc etc), an attacker has access to all of your files. It's pretty easy to change some configuration values.
Finally, blocking all non existent pages is a really bad thing: any attacker could simply perform a Denial of Service by visiting ANY of your pages, since you are going to log and store all those information to block the user.
Regarding changing the administrator folder, the feature is still there, you can see that inside the WAF configuration page. We no longer offer support since we saw that the majority of servers have a poor setup, leading to users being blocked and locked out from their sites as soon as they enabled such feature.
Davide Tampellini
Developer and Support Staff
๐ฎ๐นItalian: native ๐ฌ๐งEnglish: good โข ๐ My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thursday, 02 June 2016 15:33 CDT
user82230
Ok now i have managed to get my own IP blocked so I cant get to anything. The how to unhack yourself page is NOT useful for that. Help!
Thursday, 02 June 2016 15:35 CDT
dlb
But this page will be helpful: https://www.akeebabackup.com/documentation/troubleshooter/atwafissues.html!
Dale L. Brackin
Support Specialist
English: nativePlease keep in mind my timezone and cultural differences when reading my replies. Thank you!
????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)
Thursday, 02 June 2016 15:43 CDT
user82230
I sorted that by going directly to the database and removing the address manually.
I had added my ip to the white list - yet it banned me still when I inadvertently clicked a bad link. When i used http://whatismyipaddress.com/ it showed one of the IPv6 addresses rather than the old-fashioned one, is this why?
I had added my ip to the white list - yet it banned me still when I inadvertently clicked a bad link. When i used http://whatismyipaddress.com/ it showed one of the IPv6 addresses rather than the old-fashioned one, is this why?
Friday, 03 June 2016 01:45 CDT
tampe125
Akeeba Staff
If you are using a v6 IP, you use to save that one inside Admin Tools.
Please remember that if you add your IP to the Whitelist, you have to enable the option Allow only access to Whitelisted IP inside WAF configuration page.
If you simply don't want to be blocked, please add your IP in the field Never block these IP inside WAF configuration page.
Please remember that if you add your IP to the Whitelist, you have to enable the option Allow only access to Whitelisted IP inside WAF configuration page.
If you simply don't want to be blocked, please add your IP in the field Never block these IP inside WAF configuration page.
Davide Tampellini
Developer and Support Staff
๐ฎ๐นItalian: native ๐ฌ๐งEnglish: good โข ๐ My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Sunday, 03 July 2016 17:20 CDT
System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.