Results 1 to 7 of 7
  1. #1
    Join Date
    Mar 2011
    Posts
    35
    Plugin Contributions
    0

    Default Can't Login as Admin; Can't Access Admin Login Dialog Box

    I've been searching the FAQ's and the forum and don't see anyone with this problem. Most of my searches result in people that can get to the Admin dialog box but can't logon. I can't even get to the dialog box.

    Zen Cart v 1.3.8a.1--I believe it was a one-click install from the hosting service. There was a security patch applied last September. Once I get it working again I WILL upgrade. In fact I attempted an upgrade today thinking it would fix the problem but the upgrade failed.

    GoDaddy web host service, Linux.
    -------------
    My website was hacked so I put Zen Cart on Maintenance mode and investigated the damage. It appeared that an additional Admin had been added so I deleted that. Some files had been added to the website, and Zencart's file index.php was altered. By comparing the files in a backup copy of the site with the files in the hacked version I was able to delete the hacker's files and deleted the hacked index.php file and replaced it with the backup version. Near as I can tell the only Zencart file that was affected was index.php.

    The website is back up and when I click on the "Shop Now" links I get the Zen Cart page showing the shopping cart is under maintanence. I want to put my shopping cart back into operation but I am now unable to access the Admin login dialog box. I had bookmarked the URL and if I try that bookmark I get a 404 (page not found error.) If I manually type in the login access URL, i.e.

    http://mydomainname.com/zencart//admin/login.php

    I get a 404 page not found error. So, I don't even have the ability to attempt to type in an Admin username and a password because I can't even get to the dialog box.

    I have tried to temporarily rename my .htaccess file to .htaccess.bak, but the problem persists.

    How can I regain the ability to login as a Admin?

  2. #2
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    4,576
    Plugin Contributions
    2

    Default Re: Can't Login as Admin; Can't Access Admin Login Dialog Box

    Quote Originally Posted by powrwrap View Post
    Zen Cart v 1.3.8a.1--I believe it was a one-click install from the hosting service. There was a security patch applied last September. Once I get it working again I WILL upgrade.
    There was a time I had a bit of sympathy for those in your position. These days, I kinda just laugh about it and say 'it serves you right'. You've been doing your customers a great disservice for a couple of years now by running software with well known vulnerabilities that allows almost anyone with no technical skill whatsoever to access to their confidential information. I'll wager that your 'excuse' was that you didn't have the time or money to update. Guess what? You now need to spend 3 or 4 times the amount of time/money to fix things, and then you'll STILL need to upgrade.

    Enough of the reprimand though, I'm sure you are already feeling bad enough about this.

    Quote Originally Posted by powrwrap View Post
    In fact I attempted an upgrade today thinking it would fix the problem but the upgrade failed.
    Sorry to say this, but this was a bad move too. Even if the upgrade was successful, the chances are the site will still have a 'back door' installed (an upgrade won't remove these), and it'll only be a matter of time before you are back here telling us that your V1.5.x installation was hacked.

    Quote Originally Posted by powrwrap View Post
    The website is back up and when I click on the "Shop Now" links I get the Zen Cart page showing the shopping cart is under maintanence.
    This is probably the result of your attempted upgrade. It is one of the 1st things the updater code does.

    Quote Originally Posted by powrwrap View Post
    I want to put my shopping cart back into operation but I am now unable to access the Admin login dialog box.
    There are ways to put it back into operation using other means, but doing so isn't going to help solve your problem. You are best leaving it in maintenance mode until it is safe to put it back online.

    Quote Originally Posted by powrwrap View Post
    I had bookmarked the URL and if I try that bookmark I get a 404 (page not found error.) If I manually type in the login access URL, i.e.

    http://mydomainname.com/zencart//admin/login.php

    I get a 404 page not found error.
    A 'page not found' error is pretty self explanatory. It means the page "zencart//admin/login.php" cannot be found on the server http://mydomainname.com

    The 1st thing you need to do here is look at the files on your server using FTP/Cpanel, etc, to ensure there is a folder called 'zencart' that contains a folder called 'admin' that in turn contains a file called 'login.php'. If *you* can't find it, then neither can the server.

    I suspect that as part of your 'security patches' last year you had changed the name of your /admin/ folder, in which case you should be accessing the site using the renamed folder name. Alternatively, your attempted upgrade may have made changes to your configure.php files, which is placing the /admin/ files somewhere else entirely.

    Quote Originally Posted by powrwrap View Post
    How can I regain the ability to login as a Admin?
    As stated above, the 1st thing you need to do is locate where your /admin/ files are *actually* located. Next you'll need to confirm that the same file path is defined in your configure.php files, and finally, point your browser to this exact same location.

    When you DO finally get the login page, that is where your problems are really going to begin. Not only will you need to deal with problems caused by the hack itself, you have compounded the issue with the failed upgrade attempt.

    The BEST advise in this situation is to restore the entire site from a backup copy (you DO have backups don't you?). Once the site is functional again, you'll need to follow the advise 'recovering from hacks', then you'll need to do the upgrade so you don't get hacked again. Then, and only then should you even consider putting the store back online.

    I realise that this reply many not appear as being exactly 'friendly' towards you (it's nothing personal), but in all honesty and seriousness, if it were possible to give you an 'easy' solution to your problems I would most certainly do so.

    Cheers
    Rod
    Ozpost - The Ultimate Shipping module for Australian Merchants. Click these links for its Homepage, or Download from Zen-Cart.com.

  3. #3
    Join Date
    Mar 2011
    Posts
    35
    Plugin Contributions
    0

    Default Re: Can't Login as Admin; Can't Access Admin Login Dialog Box

    Quote Originally Posted by RodG View Post
    Sorry to say this, but this was a bad move too. Even if the upgrade was successful, the chances are the site will still have a 'back door' installed (an upgrade won't remove these), and it'll only be a matter of time before you are back here telling us that your V1.5.x installation was hacked. This is probably the result of your attempted upgrade. It is one of the 1st things the updater code does.
    The 404 problem existed before I attempted an upgrade.

    The 1st thing you need to do here is look at the files on your server using FTP/Cpanel, etc, to ensure there is a folder called 'zencart' that contains a folder called 'admin' that in turn contains a file called 'login.php'. If *you* can't find it, then neither can the server.
    They are both present in my website folders.

    I suspect that as part of your 'security patches' last year you had changed the name of your /admin/ folder, in which case you should be accessing the site using the renamed folder name. Alternatively, your attempted upgrade may have made changes to your configure.php files, which is placing the /admin/ files somewhere else entirely.
    Security patch did not alter the name of the admin folder. The configue.php was not altered. WinMerge confirms it's the same as it was before the hack.

    As stated above, the 1st thing you need to do is locate where your /admin/ files are *actually* located. Next you'll need to confirm that the same file path is defined in your configure.php files, and finally, point your browser to this exact same location.
    I can double check this but I'm pretty sure it would be OK, since nothing was changed within these files.

    The BEST advise in this situation is to restore the entire site from a backup copy (you DO have backups don't you?). Once the site is functional again, you'll need to follow the advise 'recovering from hacks', then you'll need to do the upgrade so you don't get hacked again. Then, and only then should you even consider putting the store back online.
    Site was made operational by rolling back the files to two days before the hack. FWIW, yes, I do have backups.

  4. #4
    Join Date
    Mar 2013
    Posts
    1
    Plugin Contributions
    0

    Default Re: Can't Login as Admin; Can't Access Admin Login Dialog Box

    Hi powrwrap,

    I'm facing the same issue as you do. I, too, am using GoDaddy Linux hosting plan.

    I've tried to install and reinstall the latest version of Zen Cart, version 1.5.1, and still can't even find the correct admin page in GoDaddy.com where I can edit my site! I tried the "Applications" login (leads to a blank "error" page), and at "phpadmin" login at my GoDaddy hosting account page, but can't the correct admin page where I can edit and create my own customized ZenCart.

    I'm so frustrated. I've contacted GoDaddy for the past 1 week and have not found a solution to this matter.

  5. #5
    Join Date
    Feb 2005
    Location
    Lansing, Michigan USA
    Posts
    19,284
    Plugin Contributions
    3

    Default Re: Can't Login as Admin; Can't Access Admin Login Dialog Box

    Your Zencart admin won't be found in the GoDaddy control panel. It's at yoursitename.com/YOUR_RENAMED_ADMIN_FOLDER

  6. #6
    Join Date
    Mar 2011
    Posts
    35
    Plugin Contributions
    0

    Default Re: Can't Login as Admin; Can't Access Admin Login Dialog Box

    Working with GoDaddy they told me there are two configuration files in ZenCart

    zencart/admin/configuration.php

    and

    zencart/admin/includes/configure.php

    and they said the password in configuration.php was incorrect. Once they corrected it I was able to access the Admin Login Dialog Box and was able to gain access to the ZenCart administration functions.

    HOWEVER, if I examine the configuration.php file I don't see any place where there is a password. So I don't know if I'm getting BSed or if it was something only they can access on their side.

    In any event, I'm back in business.

  7. #7
    Join Date
    Jan 2004
    Posts
    59,807
    Blog Entries
    4
    Plugin Contributions
    133

    Default Re: Can't Login as Admin; Can't Access Admin Login Dialog Box

    Quote Originally Posted by powrwrap View Post
    Working with GoDaddy they told me there are two configuration files in ZenCart

    zencart/admin/configuration.php

    and

    zencart/admin/includes/configure.php

    and they said the password in configuration.php was incorrect. Once they corrected it I was able to access the Admin Login Dialog Box and was able to gain access to the ZenCart administration functions.

    HOWEVER, if I examine the configuration.php file I don't see any place where there is a password. So I don't know if I'm getting BSed or if it was something only they can access on their side.

    In any event, I'm back in business.
    You misunderstood the information.
    There are two configure.php files in Zen Cart:
    /includes/configure.php
    /your_renamed_admin/includes/configure.php
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. Xampp: Can't access admin login
    By MeltDown in forum Installing on a Linux/Unix Server
    Replies: 6
    Last Post: 2 Nov 2010, 08:03 PM
  2. Can't access admin login page!
    By embtreas in forum General Questions
    Replies: 2
    Last Post: 6 Aug 2009, 05:38 PM
  3. Can't access admin page/login
    By DaCubanKidd in forum Installing on a Linux/Unix Server
    Replies: 5
    Last Post: 23 Jun 2009, 01:20 AM
  4. Can't access Admin Login!
    By gizmo_girl in forum General Questions
    Replies: 0
    Last Post: 22 Apr 2009, 02:30 PM
  5. can't access admin to login
    By 3x3is9 in forum Basic Configuration
    Replies: 2
    Last Post: 12 Feb 2008, 04:34 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •