Shop hacked ?

fredman11 · May 14, 2013, 9:07pm

hallo
i run oxid ce 4.6
no admin can login to backend. the password recovery function does not help. always: Error! Incorrect username and/or password!

what can i do ?

thank you for any help.

fred.

marco.steinhaeuser · May 14, 2013, 9:25pm

Hi fred,

why doesn’t the password recovery help - what happens, do you receive the email?
And no, your shop is probably not hacked

Regards

fredman11 · May 14, 2013, 9:31pm

i receive the mail and set the passwort new. looks good. but can not log in even with the new password.

marco.steinhaeuser · May 14, 2013, 10:36pm

Did you check your installation with an oxchkversion yet? Looks like the routine of your PW-reset doesn’t work properly. Do you have any modules installed concerning this issue?

Regards

Hebsacker · May 15, 2013, 12:37am

did it work some time before?
has the hoster maybe upgraded the mysql version?

KaiNeuwerth · May 15, 2013, 7:14am

You can also try to reset you password manually…
Go to you phpMyAdmin database manager and join the table “oxuser”…
Then search for your user, edit it, write a new password in the field “OXPASSWORD”, set the field type to “MD5” and clear the field “OXPASSSALT”.
Then save your user and try to log in with your new credentials

Hebsacker · May 15, 2013, 7:51am

If I am right with my guess, this will not help (but anyway worth a try).
With MySQL 5.5 (if the hoster changed it) there is a known problem with different collations of fields OXPASSWORD & OXPASSSALT and the database itself. Here you can find a simple solution (german, but code is international )

https://gn2hosting.zendesk.com/entries/22981248-Loginprobleme-in-den-Admin-bei-Verwendung-von-MySQL-5-5

fredman11 · May 15, 2013, 8:14am

@KaiNeuwerth
thank you but it is not working.

@Hebsacker
yes, it worked a few days before.
mysql server version is 5.5.30-30.2-log
MySQL client version is 5.1.66

the collation of OXPASSWORD and OXPASSSALT is both latin1_general_ci.
so the collation is not different.
can your link help me in this case ?

KaiNeuwerth · May 15, 2013, 8:22am

Okay this is strange…

Try the following SQL query:

UPDATE oxuser SET `OXPASSWORD` = MD5( 'YOUR_NEW_PASSWORD_HERE' ), `OXPASSSALT` = '' WHERE `OXUSERNAME` = 'YOUR_USERNAME_HERE';

Please edit the values “YOUR_NEW_PASSWORD_HERE” and “YOUR_USERNAME_HERE”.
Can you log in after executing this query?

fredman11 · May 15, 2013, 8:23am

the database is utf8, the tables are latin1.
the link from Hebsacker solved the problem.
now the password recovery is working, i can log in.

thank you very much !

fred.