2

I've got the error above in my Joomla website when I either try to log in or create a new account from the side site. I have also noticed the two following things:

  1. if I create a new user from the backend, this doesn't appear in the _users table;
  2. a file named ".myjoomla.configuration.php.md5", containing an alphanumeric string, is automatically generated in the website root every time I try to log in vainly from the frontend. Besides, it turns up again if I remove it manually through FTP.

Did my website get hacked? How could I fix it?

Samuel Leanza
  • 63
  • 3
  • 10
  • This looks like a good question for [joomla.se] Stack Exchange. – mickmackusa Mar 18 '20 at 13:01
  • I've already sorted that out by assigning the module to a menu item of type "Login". – Samuel Leanza Mar 21 '20 at 11:31
  • In that case, please resolve this page by posting an informative/educational answer that explains what you did and why; then mark your own answer with the green tick. All questions deserve to meet a system-recognized resolution. – mickmackusa Mar 21 '20 at 11:56

2 Answers2

1

".myjoomla.configuration.php.md5" contains the md5 hash of the configuration.php file and appears on your site as part of the mySites.guru service you either subscribed to or trialled. It is part of the near-realtime alerting service which detects when configuration.php has been changed and alerts you if you are a paying subscriber of the mySites.guru service. It is NOT an indication of a hack at all.

Disclaimer: It is code I wrote and a service I run, so I know what Im talking about.

Not being able to create users - Im guessing you have Admin Tools or RSFirewall installed and configured, both these products stop users being created IF configured that way.

Token issues: These are well covered in Joomla documentation and forums. They are CSRF tokens and if yours is not validating then try NOT double clicking the buttons, check your session handlers are working, and check your cookies are working as expected

Nothing you say leads me to believe your site is hacked

  • Oh I see. I don't have any of those plugins. I've emptied the _session table and seen that every time I try to login several rows are dumped into it with user_id 0. What could it cause this strange behaviour? – Samuel Leanza Mar 14 '20 at 17:07
  • well if you are EVER getting a user id of 0 then your database schema is incorrect and the id column is missing PRIMARY and AUTO_INCREMENT and probably indexes too –  Mar 14 '20 at 19:16
  • I meant the field user_id is 0 which I think is associated to a session where the user hasn't logged in. The primary key, session_id, is set correctly and table indexed as they should be. – Samuel Leanza Mar 15 '20 at 08:24
  • ah sorry I misread your previous. I missed where you said the sessions table... I had assumed the users table –  Mar 15 '20 at 21:32
0

The issue I've encountered was about the Joomla native Login module. As I published it in all the pages of my website and clicked on the login link appeared on the frontend side, I was redirected to a link that looked like 

mysite.com/index.php/component/users/?view=login&Itemid=yourid

which displayed the login page correctly. Yet, once filled in the form and submitted it, the warning message in question popped out. The same problem occurred when either trying to register a new account or reset the password. Although I couldn't find an explanation to the issue, I managed to fix it by creating a Login, Reset and Registration menu items under the main menu and then hidden them as I didn't want them to show up among the other menu items on the frontend. Went back to the frontend and clicked on login, I was now redirected to a different url that looks like

mysite.com/login

where "login" is the alias that I had chosen for the Login menu item. After having filled in the form and submitted it, I was able to log in successfully. Likewise, Registration and Reset operations worked.

Samuel Leanza
  • 63
  • 3
  • 10