Admin password reset due to hack? [SOLVED] Not a hack!

Quote

Post by bjorn@tshirtsofoz » Thu Aug 29, 2013 10:45 am

Hi there,

I've had my site live for about a week and it appears I've been hacked already :choke:

I need to change my password in phpmyadmin but I'm not sure what encryption is used. I tried a md5 encrypted password but it didn't work. Anything to do with the salt?

Any help would be much appreciated. Any security suggestions would be extremely welcomed too. My VPS should be pretty secure but obviously OC isn't yet.

Thanks


[--EDIT--]

Also tried a SHA1 encrypted password with no luck.
Last edited by bjorn@tshirtsofoz on Sun Sep 01, 2013 7:29 pm, edited 1 time in total.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Fri Aug 30, 2013 9:34 am

Getting a little desperate here...

I should add that the obvious password reset link doesn't work.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by MarketInSG » Fri Aug 30, 2013 9:49 am

the reset link won't really work because of the length of a column in the user table for old versions, Go to phpmyadmin, and find the code column. Change in to size 40 instead of the original.

To reset password, just generate a new md5 password and paste into your password column

User avatar
MarketInSG
Guru Member
Posts
6443
Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Fri Aug 30, 2013 10:08 am

Thanks MarketInSG.

The code table was set to 40 characters. I did try an md5 encrypted hash but didn't work, I just tried again and still can't get in :(

May have to resort to a backup, bugger did it just before I added the products and haven't done another yet. Database should keep the products though I guess.

Just out of interest... I can see a couple of directories that have apparently been edited on the date it looks like my site was hacked, I can't find any files that have been edited though. What should the directory permissions be set to? They are all currently set to 0755 and files 0644. Pretty sure the permissions are ok based on other sites I work on.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by MarketInSG » Fri Aug 30, 2013 12:44 pm

the permissions are ok. Perhaps someone just gotten your database password? But if nothing was done to your website, I don't think there's much to worry. Perhaps try figuring out why your log in isn't working, as resetting the password should have work

User avatar
MarketInSG
Guru Member
Posts
6443
Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Fri Aug 30, 2013 1:42 pm

Yeah trying to figure it out. I would have thought I'd see more damage to the site. Not really sure what they've done in the Admin though.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by rph » Fri Aug 30, 2013 1:54 pm

You can try using the OpenCart Administrator Password Reset tool.

-Ryan

rph
Expert Member
Posts
4102
Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Fri Aug 30, 2013 4:30 pm

Thanks rph,
Great idea, makes live easy, it said it changed the password successfully but unfortunately I still can't login. I'm going to look at my files a bit closer there has to be some dodgy code in there somewhere.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by rph » Fri Aug 30, 2013 4:38 pm

Try a different browser.

-Ryan

rph
Expert Member
Posts
4102
Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Fri Aug 30, 2013 4:47 pm

haha please don't be that simple :P

Have been using Chrome on my PC and tried Chrome on my tablet. Will try ie and ff

---EDIT---

Tried ie and ff and no go :(
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by MarketInSG » Fri Aug 30, 2013 5:22 pm

you need to hire someone to look into it, or just clean your website. the codes on your software might had been altered

User avatar
MarketInSG
Guru Member
Posts
6443
Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore
Top

Re: Admin password reset due to hack?

Quote

Post by rph » Sat Aug 31, 2013 12:09 am

Does it actually say you have a bad password or does it just fail to log you in?

-Ryan

rph
Expert Member
Posts
4102
Joined
Fri Jan 08, 2010 5:05 am
Location - Lincoln, Nebraska
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Sat Aug 31, 2013 7:13 am

It just fails to login. Also when I do a password reset via the text link it just fails. Looks like it refreshes the page and tries to run the code but nothing happens.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by MarketInSG » Sat Aug 31, 2013 9:04 am

check if your session is working on your website. might be a host related issue, and not a hack.

User avatar
MarketInSG
Guru Member
Posts
6443
Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Sat Aug 31, 2013 9:37 am

No sessions are being set in regards to admin login. The only sessions are currency, language and cart from the frontend.

Sessions are working though, showing items added to the cart etc.

Would it be safe to overwrite admin files from a backup? All data should be stored in the database shouldn't it? except for images, they're easy to upload.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by MarketInSG » Sat Aug 31, 2013 9:59 am

yes, you can upload a back up if that's your last resort

User avatar
MarketInSG
Guru Member
Posts
6443
Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Sat Aug 31, 2013 10:32 am

Think I'll be going down that path as I can't find what files have changed.
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Sat Aug 31, 2013 11:46 am

Now this is weird. I copied backup files onto the server overwriting the files and I still can't successfully log in ???
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top

Re: Admin password reset due to hack?

Quote

Post by MarketInSG » Sat Aug 31, 2013 8:02 pm

hire someone to look into it. That's the best option.

User avatar
MarketInSG
Guru Member
Posts
6443
Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore
Top

Re: Admin password reset due to hack?

Quote

Post by bjorn@tshirtsofoz » Sat Aug 31, 2013 10:11 pm

Was kinda hoping that support and the forum would have helped me.

SO how secure is a standard installation of OpenCart considering my site has been live for almost two weeks and already I've been locked out of the Admin?
bjorn@tshirtsofoz
New member
Posts
25
Joined
Thu Aug 08, 2013 11:30 am
Top
Post Reply
Return to “General Support”
Who is online

Users browsing this forum: Bing [Bot] and 6 guests