Support

Admin Tools

#25267 Hacked again, now unable to get to url protected admin page

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 03 July 2016 17:20 CDT

user82230
 I used admin tools to secure my admin page behind a ?####### in the url. It appears I have been hacked in some other way, again, and now i get a 404 error on the both the /administrator page and the /administrator/?###### what do i do now?

tampe125
Akeeba Staff
Hello Kiera,

we have a detailed walkthrough here that will guide you in the steps on how restore your site after an hack occurred.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user82230
I ended up rolling my site back a week and was able to get back into the admin page. However, the fact that i was locked out from even getting to my admin screen *really* concerns me! The page you sent me to has *nothing* to say on this point so the answer really wasnt useful.

Before we close this ticket, can you please explain to me HOW someone - who clearly did NOT get into my backend the usual way was able to lock me out of my own administration site?

Also, is there a way to set it up so that it is not possible to block people from using urls on my site that arent there?
ie mainsite.com/index.php?start=p2pzk475frsf8kz so that only pages actually IN the site work? I have everything set up to go to nice clean urls without any of those ugly ?options in them. Hmm... of course that would break the admin page, LOL.

I preferred the old protection for the admin page where it was actually a different base url - why did you guys change that anyways?

tampe125
Akeeba Staff
If your site is compromised, changing the secret param is not the solution. The solution is explained inside the guide I posted before, where it suggests to revert to a previous backup (thing that you already did on your own).

If your site is vulnerable (ie a vulnerable extension, another site on the same server compromised and the server is poor configured etc etc), an attacker has access to all of your files. It's pretty easy to change some configuration values.

Finally, blocking all non existent pages is a really bad thing: any attacker could simply perform a Denial of Service by visiting ANY of your pages, since you are going to log and store all those information to block the user.

Regarding changing the administrator folder, the feature is still there, you can see that inside the WAF configuration page. We no longer offer support since we saw that the majority of servers have a poor setup, leading to users being blocked and locked out from their sites as soon as they enabled such feature.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user82230
Ok now i have managed to get my own IP blocked so I cant get to anything. The how to unhack yourself page is NOT useful for that. Help!

dlb
But this page will be helpful: https://www.akeebabackup.com/documentation/troubleshooter/atwafissues.html!


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

user82230
I sorted that by going directly to the database and removing the address manually.

I had added my ip to the white list - yet it banned me still when I inadvertently clicked a bad link. When i used http://whatismyipaddress.com/ it showed one of the IPv6 addresses rather than the old-fashioned one, is this why?

tampe125
Akeeba Staff
If you are using a v6 IP, you use to save that one inside Admin Tools.
Please remember that if you add your IP to the Whitelist, you have to enable the option Allow only access to Whitelisted IP inside WAF configuration page.
If you simply don't want to be blocked, please add your IP in the field Never block these IP inside WAF configuration page.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!