Page 1 of 2

Admin Login - Urgent Help Needed!

Posted: Thu Jun 16, 2016 11:18 pm
by ASP
I've just attempted to login to my admin dashboard as per normal, but am receiving a "No match for Username and/or Password." message.

I haven't changed my password or any files since I last logged in a day or two ago.

I tried using to forgotten password link to see if this resolved the issue, but the link from the e-mail just takes me to the login page.

Please kindly help ASAP!

Re: Admin Login - Urgent Help Needed!

Posted: Thu Jun 16, 2016 11:29 pm
by IP_CAM
find a Admin Password Reset solution here:

http://forum.opencart.com/viewtopic.php ... 32#p592544

Ernie

Re: Admin Login - Urgent Help Needed!

Posted: Fri Jun 17, 2016 1:25 am
by ASP
Luckily I created a backup admin user account, so have managed to login with that. Any reason why the main account login failed?

Re: Admin Login - Urgent Help Needed!

Posted: Fri Jun 17, 2016 2:32 am
by EvolveWebHosting
ASP wrote:Luckily I created a backup admin user account, so have managed to login with that. Any reason why the main account login failed?
It would really help if you posted your OC version at a minimum. Every version is different.

There are many reasons this could happen and it's usually different for almost every site.

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 6:10 pm
by ASP
EvolveWebHosting wrote:It would really help if you posted your OC version at a minimum. Every version is different.

There are many reasons this could happen and it's usually different for almost every site.
I'm using Version 2.0.3.1 and just realised that my PayPal Express Checkout extension had been uninstalled, and PayPal Payments Standard had been enabled with someone else's details!

I have rectified this and checked that payment had been received in my account for recent orders, which they have thankfully.

Is this likely to be a glitch or a hack? Shall I report this somewhere?

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 6:16 pm
by Burt65
ASP wrote:
EvolveWebHosting wrote:It would really help if you posted your OC version at a minimum. Every version is different.

There are many reasons this could happen and it's usually different for almost every site.
I'm using Version 2.0.3.1 and just realised that my PayPal Express Checkout extension had been uninstalled, and PayPal Payments Standard had been enabled with someone else's details!

I have rectified this and checked that payment had been received in my account for recent orders, which they have thankfully.

Is this likely to be a glitch or a hack? Shall I report this somewhere?
The least you could do is share this "someone else" details here so that we can try to isolate this case

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 6:24 pm
by ASP
Burt65 wrote: The least you could do is share this "someone else" details here so that we can try to isolate this case
fr.png

fr.png (26.95 KiB) Viewed 2684 times


Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 6:39 pm
by Burt65
The email huawei.spa6145@outlook.fr does not exist and cannot be confirm by PayPal.

If someone wanted to take some transaction (money) away from you, I think they would have used a real email address.

Paypal would not work if the email cannot be confirm...
huawei.spa6145@outlook.fr
host mx1.hotmail.com [65.55.33.119]
error from remote mail server after RCPT TO:<huawei.spa6145@outlook.fr>:
550 Requested action not taken: mailbox unavailable

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 7:09 pm
by ASP
I find it deeply concerning that I was suddenly unable to login via my usual admin account, and when I logged in via the backup, I noticed that this change to my payment details had been made.

Is there anything I can do to increase admin security?

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 7:24 pm
by straightlight
ASP wrote:I find it deeply concerning that I was suddenly unable to login via my usual admin account, and when I logged in via the backup, I noticed that this change to my payment details had been made.

Is there anything I can do to increase admin security?
Here's a nice relative topic that covers the subject: http://www.inmotionhosting.com/support/ ... n-opencart

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 7:25 pm
by i2Paq
You could use directory-security as an additional security on you admin folder.

I see that your PayPal module is disabled?

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 7:42 pm
by ASP
straightlight wrote: Here's a nice relative topic that covers the subject: http://www.inmotionhosting.com/support/ ... n-opencart
Thank you, I will action these steps shortly.

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 8:58 pm
by Burt65
ASP wrote:
straightlight wrote: Here's a nice relative topic that covers the subject: http://www.inmotionhosting.com/support/ ... n-opencart
Thank you, I will action these steps shortly.

Just in case, remember that if you rename the admin folder, then every time you install an extension you will obviously have to rename the admin folder in the extension install to match your new folder name...

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 9:10 pm
by artcore
I would make sure firstly that your DB wasn't accessed remotely(you should disable this in your hosting control panel or if you have a VPS, bind SQL to localhost only) or via a script uploaded to your site.
Check the SQL logs for the time the paypal settings were modified and see what and who did this.
Renaming admin would probably give more headaches like Burt mentioned. Why not allow just your IP(s) to this.

top of .htaccess:

Code: Select all

order deny,allow
deny from all
allow from 123.123.123.123

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 9:14 pm
by straightlight
One tactic without a link would be by adding a clone login with a query string which one would constantly deny login and the query login that would accept the login.

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 9:19 pm
by Burt65
artcore wrote: Why not allow just your IP(s) to this.

top of .htaccess:

Code: Select all

order deny,allow
deny from all
allow from 123.123.123.123
What happen if your ISP is dynamic?

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 9:24 pm
by ASP
artcore wrote:I would make sure firstly that your DB wasn't accessed remotely(you should disable this in your hosting control panel or if you have a VPS, bind SQL to localhost only) or via a script uploaded to your site.
Check the SQL logs for the time the paypal settings were modified and see what and who did this.
Renaming admin would probably give more headaches like Burt mentioned. Why not allow just your IP(s) to this.

top of .htaccess:

Code: Select all

order deny,allow
deny from all
allow from 123.123.123.123
Remote DB access is not enabled. Where can I view the SQL logs?

Re: Admin Login - Urgent Help Needed!

Posted: Mon Jun 20, 2016 11:31 pm
by artcore
They usually are in var/lib/mysql on Linux but that said I'm not sure how to access this in shared hosting.
I don't recall seeing this in cpanel for instance.
Could you ask your hoster for the specific logs for that date?
You can check the apache logs to see if there is anything specific, like an file upload. Something similar to
POST - filename.xxx
And also via FTP or cpanel filemanager, latest changed files.
Should give you a clue.

Hopefully all is safe and it's just a javascript taking too long to process. This can be checked in the browser developer tools (F12)

Re: Admin Login - Urgent Help Needed!

Posted: Tue Jun 21, 2016 1:10 am
by frishops
I've always been concerned that my admin will be hacked and all my payments be taken away by hacker. I am also using 2.0.3.1, The fact that this has happened is really alarming.

Re: Admin Login - Urgent Help Needed!

Posted: Tue Jun 21, 2016 2:06 am
by straightlight
artcore wrote:They usually are in var/lib/mysql on Linux but that said I'm not sure how to access this in shared hosting.
I don't recall seeing this in cpanel for instance.
Could you ask your hoster for the specific logs for that date?
You can check the apache logs to see if there is anything specific, like an file upload. Something similar to
POST - filename.xxx
And also via FTP or cpanel filemanager, latest changed files.
Should give you a clue.

Hopefully all is safe and it's just a javascript taking too long to process. This can be checked in the browser developer tools (F12)
That is correct. On shared hosting plans, only the network team has access to database monitoring other than full or Business dedicated servers.