Hey all. Back a few years ago, I was running a PHP nuke site. It was php nuke 7.6.0.3.1, which is patched to 3.1 of course as you can see from the version #.
Now I was also running NukeSentinel 2.5.01.
The site went down around August 06. The server host lost all data and he said none was recoverable. Luckily I performed random full site backups, database and all.
Right after that I got a new job, had moved, had a ton of things going on. Point is, I owned domain, didn't have space for nearly 3 years due to not having time to work on anything.
Well now it is back up, restored DB, and all. Site displays perfectly and all data just as it was the day I backed it up. However none of the admin logins work.
When I go mydomain.com/admin.php it won't authenticate.
I have changed the passwords in the DB. It just isn't authenticating.
I haven't done anything for updating as I just got it back online last night and I am sure being so old it has major holes. Anywho first things first is logging into the admin panel, which I can't.
Any help would be mucho appreciated.
EDIT::: I meant to add that I can login with my regular user account and verified that another user could as well. Just can't login via admin panel.
emptify your nuke_author table in your SQL db.
Then go to admin.php which will ask you a new root name and password.
Create a new admin root ID and PASSWD (if you want, type in the same ID and password as before).
Good Luck.
Hey toolbox, right before you posted this my host fixed it and said this:
I removed the use of .staccess authentication.
That was causing the problem. But I specifically remember that my old host put that in purposely. So I would have a pop-up box to authenticate, then the phpnuke login again after the pop-up box.
Isn't removing the use of .staccess make is less secure?
You don't remove .staccess.
when shtml and normal html may not found in the target directory where your site users access, your hosting company will show their own screen as default path to guide. That's not a good way.
Absolutely, directory access permission might prevent your login as an admin. However, if it was true and they fixed it out, then that's fine.
As long as you concern security issue, the best way is to proect your web-hosting directory in Apache (like .htaccess with IP prevention specification). Next is your subj-directory access permission. Then, your phpnuke security.
.staccess, .htaccess (shtml and html) files should be in there if you want.
Ya I have been out of hosting for 3 years now, so I am rusty and a n00b.
Not sure, but with it enabled I can't login. So you say I should put the website back like it was using st and ht access and then delete all accounts and do what you said?
Will that fix the problem if staccess was what was causing the original login issue?
some of .staccess configuration is not simple to normal hosting users.
But .htaccess is recommended.
Once again, .staccess file might be the cause that you could not log in.
Deleting .staccess is ok, as long as your hosting is not secure html.
However, I would like you to keep .htacess file to control some directories that you want to give access permission selectively.
Also, I don't think sentinel is working correctly after the move. I tried editing admins without being GOD admin and I got the normal blocked page for an authors table attack. But I entered the site without removing IP from ban list, so this would tell me it isn't banning correctly right??
Also, when going into the admin of nukesentinel, it says that my files aren't chmod correctly for .htaccess, .staccess, etc. the error is: File does not exist or is not correctly CHMODed.
But they are, here are the chmod for them both:
rw- r-- r--
rw- r-- r--
Which I believe is correct. Also, I am using Admin CGIAuth.
Joined: Aug 29, 2004 Posts: 9070 Location: Arizona
Posted:
Mon Jun 08, 2009 6:23 am
thebaddestass, regarding this last post, two things:
1. Check your NukeSentinel(tm) blockers to make sure they are set to actually "block", and
2. No, those are not the right permissions. .htaccess should be rw-rw-rw- (666) in order to NS to write to it the ban IP. .staccess would need to be 666 to begin with until you have saved the hashed passwords for your admins into it and then it can go back to 644.
I have went through all blocker settings and all are set to email, block, & default page. Except for Flood blocker, it says it can't be due to .ftaccess not existing. But it does exist, however I can't open it, gives an error something about binary data. Should I leave it as is or should I just put a blank one out there? Also, what are the file permissions for .ftaccess?
Also, my host has disabled the use of .staccess because I couldn't login to admin of the site until they disabled .staccess. The reason I couldn't login to admin is because I had wrong permissions on .htaccess and .staccess?
Also, the entry below is from .htaccess, is this where it calls .staccess?
#<Files admin.php>
#<Limit GET POST PUT>
#require valid-user
#</Limit>
#AuthName "Restricted"
#AuthType Basic
#AuthUserFile /var/www/vhosts/mydomain.org/httpdocs/.staccess
#</Files>
So should I re-enable .staccess and set correct file permissions and try it? Should I clear .staccess before re-logging in since it has all the old admin usernames and hashes in it?
Can anyone help me get my .staccess back working??
When I take out the # and use .staccess it blocks me. I can delete my login and encrypted password from the .staccess and it still won't let me login. How do I get that back working? Any help would be greatly appreciated.
EDIT:: I wanted to add that that file is chmod to 666.
Joined: Aug 29, 2004 Posts: 9070 Location: Arizona
Posted:
Wed Jun 10, 2009 7:04 pm
thebaddestass, you should probably start over with a new blank .staccess. You really should get up on the latest NukeSentinel(tm) and follow the instructions to re-create .htaccess and .staccess.
Although you are not running RavenNuke(tm), the page on NukeSentinel(tm) setup might be of some use to you. You can find it here:
Only registered users can see links on this board! Get registered or login to the forums!
Thanks for the reply. I plan on upgrading to the latest nuke sentinel but first off I wanted to get the .staccess working before upgrade so as to not to change too many things at once until I get the site back as it was, then I was going to upgrade nukesentinel. I will try the blank .staccess and see what happens. But I do have some questions, the only install for NS that I can find is to upgrade from 2.6 to 2.6.01, but I don't have 2.6 yet, so how do I upgrade without having 2.5 to 2.6 upgrade file, and without removing and re-installing full package or is this possible?
Also, last week I ran into this link:
Only registered users can see links on this board! Get registered or login to the forums!
and when I got down toward .staccess problems I was like, AWESOME this is gonna be my fix, and the page says this:
Quote:
If you find yourself locked out of your ACP after these steps you can temporarily comment out the lines that you have just added to .htaccess. Just put a # character in front of all the lines you added. This will give you access again while you resolve the problem.
Which was my exact problem after restoring website, but I couldn't resolve my problem and there was no further information on the page to help solve the issue, so I was at a loss.
Also, what is the best way to delete old admins that no longer exist, one of which was an original god admin, but my account is also a god admin by editing via mysql, will there be an issue if I delete the original GOD account even though mine is now God account as well?
Joined: Aug 29, 2004 Posts: 9070 Location: Arizona
Posted:
Sat Jun 13, 2009 8:51 am
Wow, lots of questions embedded in one post. My apologies up front if I miss one...
thebaddestass wrote:
the only install for NS that I can find is to upgrade from 2.6 to 2.6.01, but I don't have 2.6 yet, so how do I upgrade without having 2.5 to 2.6 upgrade file, and without removing and re-installing full package or is this possible?
You are right. Not possible. (Well, anything is possible with time and the right skills.) But, it would ensure you are working with the latest, most secure and most bug free release and starting from scratch will ensure you are not carrying over any past issues.
Quote:
Also, what is the best way to delete old admins that no longer exist, one of which was an original god admin, but my account is also a god admin by editing via mysql, will there be an issue if I delete the original GOD account even though mine is now God account as well?
Toolbox had the right suggestion further up by deleting all your nuke_authors records, and I would add removing the lines from .staccess, and then start from scratch with setting up your admin account.
Regarding getting admin auth protection working, it is also absolutely critical that the "AuthUserFile" directive in .htaccess is the correct full (absolute) path to your .staccess, otherwise, game over before you even begin. (BTW, whatever you do, do NOT post this path here in the forums, just make sure it is correct to YOUR user account.)
Not sure what else we can do except log in and try and help set you up. But, unfortunately, my time is too limited to do that at the moment. Sorry.
Thanks for the replies guys. The path to .staccess is correct in the .htaccess file.
First things first, should I fix the admins and .staccess before messing with NS? Also since I can't upgrade NS, then that means uninstall and do full install, right?
Now do I leave my tables in DB as is or delete them? Delete all files and modules associated with NS or do I delete nothing and I just overwrite everything with the full 2.6.01 and follow normal install procedures?
Joined: Aug 29, 2004 Posts: 9070 Location: Arizona
Posted:
Mon Jun 15, 2009 6:24 am
The full install kit has an option to Remove NS tables. Do this first. Then install the fresh 2.6.1 tables. The key here, though, is you are also needing to go through the core file edits and just make sure that something doesn't have to be "tweaked". I know there was a slight change, but if memory serves me, it wasn't a big one between 2.5. and 2.6. But, would be good to sync up anyways.
Ok, so first things first, I started with blank .staccess, chmod to 666 and then deleted everything in nuke authors table. Checked path in .htaccess and path was correct for .staccess.
I left .staccess disabled to create the admin account, so I created a new admin account and logged in as admin, works wonderfully. Then I re-enabled .staccess.
Now I still can't get past the .staccess login box, fails after all 3 tries.
.staccess is empty and chmod to 666, but still just keeps popping up the login box for 3 times, then unauthorized.
Also, in my NS menu, it says .ftaccess isn't chmod correctly or doesn't exist, but it does and path is correct, what is file permissions for .ftaccess, could this be causing hte problem with .staccess?
Just want to get that .staccess working before updating NS.
Joined: Aug 29, 2004 Posts: 9070 Location: Arizona
Posted:
Tue Jun 16, 2009 6:13 am
thebaddestass, your .staccess file cannot be empty. That could very well be the problem. You need to go to "HTTPAuth Menu" link and then "Admin Auth List". Look at the table of admins and right above it should be a link to Build CGIAuth File. You missed that step I think.
BTW, that was in the HowToInstall manual page in the steps.
Great, thanks I got my .staccess back working and am going to update to the newest sentinel, but a couple of questions.
Even though IP tracking is setup, there are no ip's in the database, set for 7 days as well, but no ip's, but don't know why, maybe it will work after I upgrade?
Also, in the NS setup page, it says this:
Change your permissions on both .htaccess and .staccess back to 666.
But you said .staccess should be 644, right?
one more thing, how do you make an .ftaccess page, that isn't really covered in the setup and what should the file permissions be?
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
