You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
We are having issues with logging in to the admin on our shop at http://www.contextinteriors.co.uk. After login we get a blank page only displaying 'Thank You. Your Login information has been validated' and nothing else.
A quick search on the forum indicates that this might be related to the cookie doman path. I ran the installer again and checked all was ok. Cookie domain path is set to: '.contextinteriors.co.uk'. Still not resolved after re-running the installer.
We had a DNS issue about a week ago after discovering that http://contextinteriors.co.uk (whithout the www) was still pointing to the old site. This is now set up to point to the correct server, but seems to have created this issue with the cookie domain.
Can I change the cookie domain to wwwcontextinteriors.co.uk or similar to avoid this or is there a way of debugging to find out why this is happening.
We are panicking a bit as we cant access the admin and process orders. Please help.
NB! and we cant call support as no one is picking up the phone
Last edited by jonasaedin (05-08-2009 05:28:40)
Offline
A cookie domain with the www would not be correct and the way you have it right now is correct.
Is your hosting account set up to have separate directories for secure and non-secure content? If I hit admin.php on your site using the non-secure URL it looks different than hitting it with a secure URL which shouldn't happen.
Offline
Basically I have been supplied with a thawte secure site which is set up at ip 217.72.171.117. The server itself is on 217.72.171.49. I was told that should basically mirror the non-secure site.
I can see your point with the admin.php being different on the non-secure and secure, so could be a problem with the hosting company's setup.
Any ideas why it breaks at that particular place? secure pages works fine from front-end?
Going to call the hosting company tomorrow.
Offline
I don't have any ideas I'm afraid but perhaps it would shed some light on things if you posted the secure and non-secure URLs you have configured for CCP (just run the installer to the step where they're entered to get them).
As I said earlier, hitting admin.php should look identical using the secure and non-secure URLs so something is definitely amiss.
Offline
The URL's entered in the installer is straight forward:
non-secure: http://www.contextinteriors.co.uk/
secure: https://www.contextinteriors.co.uk/
The site has been working fine for a month. And the only addition last week was adding Google Analytics script to the front end skin.
Hopefully the hosting comapny will shed some light on this tomorrow, but if I know them right they will pass the blame on to the software.
Dave, I can PM you login for the admin if you feel like taking a further look.
Offline
would it be worth running the installer and chagning the secure url back to http://www.contextinteriors.co.uk/ just to see if backend is working off the non-secure site?
Offline
You could try that. The secure link is used in the front end too during checkout and some other processes but it won't break anything to give it a try.
Offline
I tried changing both URLs to http://www.contextinteriors.co.uk without any change in behaviour. Still breaks at exactly same place.
Contacted the hosting company which replied:
Netcom wrote:
Hi Jonas, Further to your email below, I have had a look on our server and am unable to find anything that would be causing the issue that you are experiencing. I am also unable to find anything in our logs that could offer further information as to what is happening.
It would appear that the full source code is not being loaded when accessing any page on the site, however we are unable to look into this further as the source code is encrypted. I have asked our web developer to have a look and he has suggested that there could be a php file with a space left after the closing '?>' as the closing tags are being cut off?
You mentioned that the ecommerce software was working fine until last week. I can confirm that nothing on the server would have changed at this time, but would this have coincided with an update that was made to the ecommerce software?
If you have any further queries or problems please do not hesitate to contact me or any other member of the technical support staff.
Does that make any sense? and how can I check for the above suggested php errors? I can access database.
We are getting desperate.
Last edited by jonasaedin (05-11-2009 05:38:02)
Offline
just realised that all pages are breaking, frontend seems to not fully load the page either.
Offline
Nothing in CCP is encrypted so I haven't got a clue where that statement may have come from. Take a very close look at your skin.php file for the skin you are using and compare it to one of the default supplied skins. Without seeing the actual file it would appear, from looking at the site, as though skin.php may have been altered (without your knowledge if you didn't touch it).
Further checking in some of the other directories that are part of CCP indicates that it is likely your site has been compromised. Suggest you change your control panel, FTP and shell (if you have it) passwords immediately and let your provider know that you believe your site has been compromised.
Offline
Ok I have asked for new passwords for ftp and Mysql. I have a complete backup of the files and a recent database backup, would it be best to simply reinstall CCP, and would that be straight forward?
Offline
In situations like this you want to completely delete the directories used by CCP and recreate them. The "infections" I've seen are fairly pervasive and it would take you longer to find and fix everything than it would to simply start with a clean slate. Chances are the database itself is just fine. The config.php file in the CCP private directory has all of the details you need to run the installer again but you don't want to use that file in the fresh installation (grab a copy for reference then delete it when you're done).
Changing passwords is usually feasible through your providers control panel. I'd also open an incident with them as the intrusion may have come via another account on the server if you are using a shared server.
Offline
Ok all working again.
Changed passwords, uploaded the latest working backup (thank god for backups), ran installler script and all back to normal although I had to weed out the PC's and SCSI hardrives that comes with the demo install - must have missed the bit where you turn that off.
Still no clue exactly why or how the site got corrupted (or hacked).
Dave, thanks for your help - good to know that someones here with good advice when it is impossible to get hold og the UK support on the phone.
Offline