Support

Admin Tools

#10211 Site with Admin Tools Pro is hacked, please advice.

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by user41123 on Sunday, 08 January 2012 07:53 CST

Sunday, 08 January 2012 05:33 CST

user41123
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the forum before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)


Description of my issue: I'm hacked

Hi Nicholas,

I'm afraid I'm hacked despite using of Admin Tools Pro.
When I entered a new range ban in my blacklist T recieved a 403 error with the message I Dutch)"Ask yourself one question, are you happy now?"
Now my entire site is down and I'm not sure what to do. I'm feeling quite desperate now.

Can you please advice me?

Greetings, Paul

Sunday, 08 January 2012 05:59 CST

user41123
Hi Nicholas,

I just renamed the plugin pro.php to pro.php.bak and now I have access again so it seemed I was blocked from my site?
That's very strange because I'm in the whitelist from the first day I use Admin Tools Pro. Also I cannot find my IP-adress in the blacklist or in the autoban list.
Do you know what's going on and is the 403 error with that message a typical Admin Tools message or am I really hacked?

Greetings, Paul

Sunday, 08 January 2012 06:00 CST

user54642
I am no expert with Admin Tools Pro but it sounds like you have done what I did and blocked your own IP address. Have a read of this as it helped me a lot.

https://www.akeebabackup.com/troubleshooter/admintools.html

John

Sunday, 08 January 2012 06:02 CST

nicholas
You are not hacked :) That's the normal Admin Tools message when you block yourself. In English it reads "You have to ask yourself one question: are you feeling lucky?", an allusion to Dirty Harry. John's right. Just take a look at the troubleshooting articles on that page.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 08 January 2012 06:13 CST

user41123
I still don't get it. You can trust me that I've read the manual very good before installing Admin Tools and my Ip-adres is defined in the whitelist and in WAF-settings (fields white-list and autoban). This worked already for months now!
Also my IP-adres is NOT in the autobanlist and also NOT in the blacklist. I've checked it twice...
What I did was entering a new ip-adres in a totally other range like mine for a blacklist ban. After trying to save I got this 403-page?
What do I miss?

Sunday, 08 January 2012 06:21 CST

user41123
I just tried to rename pro.php.bak back to pro.php and I'm immidiatly blocked??
I also checked the SQL-database and can't find my IP-adress anywhere in blacklists and it's correct defined in the whitelist and the admin ip-adresses.

Sunday, 08 January 2012 06:30 CST

user41123
I removed the last range I had entered in the blacklist and renamed pro.php back and I have access again.
Then I reentered the same range in the blacklist and it is accepted without 403-page. This is really really weird!

Sunday, 08 January 2012 06:33 CST

nicholas
Regarding the missing whitelist IP, did you at any point uninstall Admin Tools? If you do, all settings are reset.

Regarding the IP range you entered, it seems that you made a typo the first time you entered it and accidentally block everybody, or at least your IP. When you retried, you obviously entered that correctly and didn't block yourself.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 08 January 2012 06:45 CST

user41123
Hi Nicholas,

Off course I checked everything 5 or 6 times and all settings where still OK. I have never uninstalled Admin Tools. I run the latest version 2.1.14 and only installed the new testversion in my WAMP environment.

I agree with you that I possibly made a typo but why I am then blocked myself although I'm in the WAF-settings and in the White-list??

And now I urgently need a cappucinno. My hair turned a little more gray the last hour! ;-)
And thanks again, Nicholas, for being such a great support, also on a sunday!

Greetings, Paul

Sunday, 08 January 2012 06:48 CST

nicholas
Hi Paul,

Well, the black list runs before everything else. The idea is that if you're black-listed you should not access the site, no exceptions, period. Obviously, if you black-list yourself, you have to work around the protection by renaming Admin Tools' plugin files.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 08 January 2012 07:25 CST

user41123
Hi Nicholas,

I don't quite understand what you mean with renaming the Admin Tools plugin files in the last sentence? If I do so will Admin Tools stops working.
Or do you mean I have to rename the files core or/and main.php to .bak first before editting the blacklist?

Thanks and have a nice weekend,

Paul

Sunday, 08 January 2012 07:46 CST

nicholas
Hi Paul,

I mean that if you accidentally block yourself, you can always rename pro.php to pro.php-bak to remove the blocked IP range, rename the file to pro.php and continue as if nothing happened.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 08 January 2012 07:53 CST

user41123
Got it, thanks!

Greetings, Paul

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!