Jump to content

Can't login to admin


ZOOM47

Recommended Posts

I had the exact same issue, (same time, same error).  I reset the password to get in.  I visited the staff access log and see a rouge ID as below. Gulp... not good!, then viewed admin activity and see a code snippet has been added by the same IP (also attached).  Ohh dear.

I have a few sites and most are on the latest version, but this one is on 6.0.7 as i've done a fair few tweaks and was dredding the upgrade (stupid really as i know one of the upgrades was a security fix).

I've looked on the manage hooks and see an entry "ccss" that i don't recognise (as attached)

Any thoughts on best fix, just backup and try and upgrade?...disable rouge hooks?, or is there a better way?

Image1.jpg

Image2.jpg

manage hooks.jpg

Link to comment
Share on other sites

You have been hacked and the reason you couldn't log in was because they changed your password. Until you upgrade or at least implement the security fixes, you will continue to be a target - we are seeing a lot of automated hacking attempts against all CubeCart sites. The CCSS looks like part of the CubeCart Security Suite - do you have that installed ? You need to check the snippets installed as the rogue one could be doing literally anything.  Also check other settings especially payment gateways as they can often change the email address on store PayPal settings.

ANY site on a version less than the current one is open to this security issue and needs to upgrade immediately

Ian

Link to comment
Share on other sites

Also check to make sure the snippet is no longer in the includes/extra directory.

If you are interested in knowing what the snippet does, then it can be decoded using various websites - I haven't seen this specific snippet so it seems like there are a variety of different exploits using this security hole

Link to comment
Share on other sites

Thanks Ian

I am running 6.0.8 and will take your advice and upgrade to latest 6.0.11

Have looked at the Staff Access Log and can't see any rogue entries as yet.

It's less than 3 months since I upgraded from V5 to V6 after being hacked.

An expensive period as I am not able to do the work myself.

Link to comment
Share on other sites

Make sure you check snippets, admin login details, payment gateway details and anything else sensitive - if you weren't hacked then you need to think about an explanation for why your admin login password wouldn't work.

Upgrades are relatively simple if you ensure you take file and database backups before and then either do the upgrade through CubeCart or do a manual upgrade.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...