Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Admin Login Hacked Rate Topic   - - - - -

 
  • jknapp
  • Member
  • Members
  • Join Date: 23-Dec 06
  • 73 posts

Posted 12 February 2007 - 02:46 AM #1

Hi:

My admin login somehow was hacked and I cannot log into my cart as the admin.

I was so worried someone was in my website admin making changes etc that I went into my FTP account and change the admin.php to something else so they could not log in at this time.

I do need to know how I am going to be able to get back in as the administrator?

How can I fix this from going forward as well?

Please any help would be very appreciative.

Thanks.

 
  • TonyK
  • Member
  • Members
  • Join Date: 03-Mar 06
  • 1686 posts

Posted 12 February 2007 - 03:13 AM #2

Run this sql command against your database.

Then immediately login as Admin and change the password. (admin/admin) is the default.

Delete from Cscart_users where user_id = 1;

INSERT INTO cscart_users (user_id, active, user_type, user_login, cart_content, wishlist, membership_status, membership_id, referer, last_login, timestamp, password, card_name, card_type, card_number, card_expire, card_cvv2, title, firstname, lastname, company, email, phone, fax, url, tax_exempt, lang_code) VALUES ('1', 'Y', 'A', 'admin', '', '', 'P', '3', '', '1137583097', '1112556008', '21232f297a57a5a743894a0e4a801fc3', '', '', '', '', '', 'mr', 'Admin', 'Admin', 'Your company', 'admin@yourcompany.com', '555-55-55', 'test', 'test', 'N', 'EN');


Pimpin' skins since v1.0

 
  • arlen
  • Senior Member
  • Members
  • Join Date: 25-Sep 06
  • 284 posts

Posted 01 March 2007 - 10:09 PM #3

I'm guessing my password got corrupted or something. I'm working locally via apache on XP, just tweaking templates, but am unable to login this afternoon. I've run the above in phpmyadmin and it appeared to be successful, however the login is still rejected (using admin/admin).

I had to reset my modem + router this morning due to web connection problems, this forced me to update the hosts file (XP) and httpd.conf w/ new ip addresses, however apache is up and running and I can log in to another earlier experimental installation, so it's not apache, and appears to be only this one installation. I've had to do this before and not had a login problem. I could login fine last night before the modem issue.

A rebuild isn't a disaster, most work has been on templates which are safe, w/ a few minor changes to core files for the mini-cart and I've documented every change. But this sucks, and I don't know why it happened. I can't imagine I was hacked, but something went buggy.

Any ideas and/or solutions you can offer? I'll probably need to reinstall this evening, what a pain.

 

Posted 02 March 2007 - 02:55 PM #4

I installed 1.3.4 this week and the admin/admin account worked fine. I then changed the admin password and it worked fine too. I then changed the admin user's information which caused the admin login screen to prompt for an email address verses a username. The admin's email name did not work with neither of the previous two passwords. So I used phpMyAdmin to delete the encrypted password field for the admin user. Then I could login to the admin account using the email name and no password and then recreate a password. The login screen still prompts for emailname verses the username. Does anybody knows why? I would rather type in admin verses a long email name.

 
  • snorocket
  • Forum Janitor
  • Members
  • Join Date: 15-Mar 06
  • 2519 posts

Posted 02 March 2007 - 08:42 PM #5

in general settings uncheck User e-mail is used as login checkbox...
SNOROCKET.COM, Now Accepting PRE-ORDERS:
Customer Service (Helpdesk) Addon for CS-Cart v4.3.1
Quote and Invoicing Addon for CS-Cart v4.3.1

 
  • Alfie
  • Senior Member
  • Members
  • Join Date: 06-Jun 06
  • 132 posts

Posted 29 March 2007 - 10:24 AM #6

Hi, i have this same problem

i have tried removing the password and tried replacing the sql data with what what suggested above and i still could not get in (saying the user did not exist).

In the end i had to change the sql data for the customer and change the account type from C (customer) to A (admin)

Is there any reason for this as i've been messing around for ages trying to sort this, this morning.

cheers

Alfie

 
  • boggyman
  • Junior Member
  • Members
  • Join Date: 12-May 08
  • 2 posts

Posted 12 May 2008 - 09:52 PM #7

I can't log into my admin. It is now requesting an email address. The password doesn't work with the email address. And when I click on forgot password - it tells me I don't exist.
What do I need to do?

 
  • VGC
  • Member
  • Members
  • Join Date: 17-Jul 08
  • 33 posts

Posted 17 July 2008 - 08:09 PM #8

I can't log into my admin. It is now requesting an email address. The password doesn't work with the email address. And when I click on forgot password - it tells me I don't exist.
What do I need to do?


This happened to me last night after Siteground installed my cart for the first time. When your data gets initialized for the first time, your email address for the admin will be set to something like ADMIN@DOMAIN.COM. In my case, my login was set as the default of USERNAME and when I first went in, I started changing settings everywhere, including use email for user logins and then updated. Because I never set the email to a correct email I was screwed. First thing is, make sure your host has you setup to send emails. If so, then use phpMyAdmin to access the user table and change that email address for the admin to the one that you use and save.

Then, go to login screen for the admin page and click on forgot password and an email will be sent to that email address you changed with a link that takes you back in the admin home page. Change your password and update and you should be ok.

VGC