ZOOM47 Posted May 14, 2016 Share Posted May 14, 2016 I can't log in to my Admin this morning. Being told 'Invalid username or password' although I know that both are correct. Have tried many times. Anyone else having the same problem please? Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted May 14, 2016 Share Posted May 14, 2016 I've replied to your support ticket. Quote Link to comment Share on other sites More sharing options...
ZOOM47 Posted May 14, 2016 Author Share Posted May 14, 2016 Further to the above, am in now with a new password. Have no idea why this should have been necessary. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 14, 2016 Share Posted May 14, 2016 What is the exact version of CubeCart are you running - is it the latest one ? If you are now in, check the Staff Access Log to see if there are any recent logins that you don't recognize, especially if the admin name is blank or the login is from an unusual IP address Ian Quote Link to comment Share on other sites More sharing options...
naturalsigns Posted May 15, 2016 Share Posted May 15, 2016 I had the exact same issue, (same time, same error). I reset the password to get in. I visited the staff access log and see a rouge ID as below. Gulp... not good!, then viewed admin activity and see a code snippet has been added by the same IP (also attached). Ohh dear. I have a few sites and most are on the latest version, but this one is on 6.0.7 as i've done a fair few tweaks and was dredding the upgrade (stupid really as i know one of the upgrades was a security fix). I've looked on the manage hooks and see an entry "ccss" that i don't recognise (as attached) Any thoughts on best fix, just backup and try and upgrade?...disable rouge hooks?, or is there a better way? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 15, 2016 Share Posted May 15, 2016 You have been hacked and the reason you couldn't log in was because they changed your password. Until you upgrade or at least implement the security fixes, you will continue to be a target - we are seeing a lot of automated hacking attempts against all CubeCart sites. The CCSS looks like part of the CubeCart Security Suite - do you have that installed ? You need to check the snippets installed as the rogue one could be doing literally anything. Also check other settings especially payment gateways as they can often change the email address on store PayPal settings. ANY site on a version less than the current one is open to this security issue and needs to upgrade immediately Ian Quote Link to comment Share on other sites More sharing options...
naturalsigns Posted May 15, 2016 Share Posted May 15, 2016 Thanks Ian, yep upgrading now. Indeed ccss is the security suite!, looking at the code snippets its a rouge 'google entry' as attached (now deleted). Thanks for the advice at checking payment fields all looks ok...touch wood. Rob Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 15, 2016 Share Posted May 15, 2016 Also check to make sure the snippet is no longer in the includes/extra directory. If you are interested in knowing what the snippet does, then it can be decoded using various websites - I haven't seen this specific snippet so it seems like there are a variety of different exploits using this security hole Quote Link to comment Share on other sites More sharing options...
ZOOM47 Posted May 15, 2016 Author Share Posted May 15, 2016 Thanks Ian I am running 6.0.8 and will take your advice and upgrade to latest 6.0.11 Have looked at the Staff Access Log and can't see any rogue entries as yet. It's less than 3 months since I upgraded from V5 to V6 after being hacked. An expensive period as I am not able to do the work myself. Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted May 15, 2016 Share Posted May 15, 2016 Make sure you check snippets, admin login details, payment gateway details and anything else sensitive - if you weren't hacked then you need to think about an explanation for why your admin login password wouldn't work. Upgrades are relatively simple if you ensure you take file and database backups before and then either do the upgrade through CubeCart or do a manual upgrade. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.