Hi,
today someone or some bot changed my admin username and password.
Someone has had this bad experience?
To protect my /admin folder i use this extension:
https://www.opencart.com/index.php?rout ... n_id=24045
and also i protected via Plesk panel my /admin folder with extra username and password see: https://prnt.sc/1qyfjxi
how could this happen and why? sql injection?
how can i prevent future attacks?
Thank you in advance for your suggestions!
today someone or some bot changed my admin username and password.
Someone has had this bad experience?
To protect my /admin folder i use this extension:
https://www.opencart.com/index.php?rout ... n_id=24045
and also i protected via Plesk panel my /admin folder with extra username and password see: https://prnt.sc/1qyfjxi
how could this happen and why? sql injection?
how can i prevent future attacks?
Thank you in advance for your suggestions!
Restore your database, or at least the oc_user table, from a backup, to gain access again to your OpenCart admin.
Then look through the server's access logs to see whether there were any suspicious activities.
You may have to switch to a better webhost, too.
Then look through the server's access logs to see whether there were any suspicious activities.
You may have to switch to a better webhost, too.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Protecting the admin folder won't change anything based on the database connection method itself. However, by default, the DB connection's hostname should always be set to localhost by your host. Not to a remote IP address nor hostname.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Hi,
thanks for your reply.
If i set hostname to localhost i will be able to access my db through PhpMyAdmin only?
I will no longer be able to access through external applications or backup cloud services for backup, is this correct?
Thanks
thanks for your reply.
If i set hostname to localhost i will be able to access my db through PhpMyAdmin only?
I will no longer be able to access through external applications or backup cloud services for backup, is this correct?
Thanks
I am not sure I understand what you are suggesting because your database has to be accessed - without the database there is no access to anything, just a bunch of pages with no information ?
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
That would be normally correct since this method is already not suggested to be used on anyhow. The use of REST APIs are considered the best practices these days.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Who is online
Users browsing this forum: No registered users and 46 guests