| Author |
|
Rovanov
Newbie
Joined: 18 January 2022
Location: Netherlands
Online Status: Offline
Posts: 33
|
| Posted: 30 April 2024 at 1:37am | IP Logged
|
|
|
Hi Forum,
Suddenly, over night - unable to login.
1: DAV filesharing says: HTTP-error: Forbidden.
2: User- login says: "Cookies need to be updated. To continue click here or reload this page" I can log in, but the contentfield and left-sidebar remains blank.)
3: addminpanel says: Wrong login and/or password. Login failed. (InvalidToken)
Does anyone have a solution for me?
Thanks and best regards,
Rovanov
|
| Back to Top |
|
| |
Rovanov
Newbie
Joined: 18 January 2022
Location: Netherlands
Online Status: Offline
Posts: 33
|
| Posted: 30 April 2024 at 3:04am | IP Logged
|
|
|
Do I have a VIRUS?
I found curious folders in the root of the aurora installation:
wp-admin
wp-content
wp-includes
and a "x" folder
Moreover, there is a file index.php0 and an index.php.
The index.php file starts with:
<?php @'$
x3=
x7=https://jan03.hmfsunsl3qfy/saiga.py
sps=00
urlgz=^[0:5]/!.html
Moreover, there is a file index.php0 and an index.php.
The index.php file starts with:
<?php @'$
x3=
x7=https://jan03.hmfsunsl3qfy/saiga.py
sps=00
urlgz=^[0:5]/!.html
';
and then a bunch of letters and characters
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 30 April 2024 at 3:07am | IP Logged
|
|
|
Not entirely sure what could cause that, did you try deploying a blank installation of Aurora Files next to your existing one?
And it could be that your server was accessed by a malicious third party. The "wp-
wp-content" and "wp-includes" folder names are specific for Wordpress, and the file you're referring to has absolutely nothing to do with Aurora Files.
--
Regards,
Igor, Afterlogic Support
|
| Back to Top |
|
| |
Rovanov
Newbie
Joined: 18 January 2022
Location: Netherlands
Online Status: Offline
Posts: 33
|
| Posted: 30 April 2024 at 3:13am | IP Logged
|
|
|
Thank you Igor!
What about the index.php file?
That one does look a little different from the original one.
Can I post my .htaccess file here?
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 30 April 2024 at 3:19am | IP Logged
|
|
|
The content of index.php you posted isn't from Aurora Files.
Not sure why posting .htaccess content, but there's always a chance someone from the community here would assist. We only really help with the product itself when time permits (Aurora Files does not come with guaranteed free support from Afterlogic).
--
Regards,
Igor, Afterlogic Support
|
| Back to Top |
|
| |
Rovanov
Newbie
Joined: 18 January 2022
Location: Netherlands
Online Status: Offline
Posts: 33
|
| Posted: 30 April 2024 at 4:39am | IP Logged
|
|
|
Thank you Igor!
I have restored a backup from two days ago. Now everything works again via the web interface. Also the files look normal.
Only the DAV connection to my file manager (Ubuntu) still gives the HTTP error:Forbidden
Do you have a solution for this?
Thanks!
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 30 April 2024 at 4:42am | IP Logged
|
|
|
Does it work if you access DAV via web browser, with the browser plugin enabled? See Troubleshooting section at:
Configuring DAV server
--
Regards,
Igor, Afterlogic Support
|
| Back to Top |
|
| |
Rovanov
Newbie
Joined: 18 January 2022
Location: Netherlands
Online Status: Offline
Posts: 33
|
| Posted: 30 April 2024 at 5:22am | IP Logged
|
|
|
Sorry Igor,
I don't know exactly what you mean.
I haven't changed anything on the server.
But I just discovered that there are multiple web applications with the same strange files and folders.
I'm afraid I need to restore the entire server.
Regards,
Rovanov
|
| Back to Top |
|
| |
Rovanov
Newbie
Joined: 18 January 2022
Location: Netherlands
Online Status: Offline
Posts: 33
|
| Posted: 03 May 2024 at 12:37pm | IP Logged
|
|
|
Hi Igor,
Sorry for all. My server was hacked!
As far as it looks, they did not come in through the Aurora Files installation (it is installed on a subdomain) but through the main domain with a WP installation.
Thanks and sorry for your time
Warm regards,
Rovanov
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: Can’t login anymore
Privacy policy |
Refund policy