Author Topic: Incredible situation found bt mistake... googling email of any customer and boom  (Read 251 times)

quintangai

  • Beginner
  • *
  • Posts: 4
  • A beginner
As hard to believe that I cannot find any guide to my poor knowledge...
I was advised by a friend that googling my own email address "quintangai@gmail.com"
or any of the customers on WM and clicking on the results that point to our shop "El Rebost CatalĂ " takes directly to the backend !! right on the orders or customers Virtuemart page...

Deleting orders from or even customers does not affect at all...  you keep going directly to backend without having to enter administrator area...

Any idea on how to deal with it...??   
Since I cannot delete searches from google I should be able to stop entering backend from any link without passing first from login page...

Thanks to anybody how can enlighten me...


Studio 42

  • Contributing Developer
  • Full Member
  • *
  • Posts: 2101
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3.0.x.y
Check your settings right for Virtuemart here https://elrebostcatala.com/administrator/index.php?option=com_config&view=component&component=com_virtuemart
And yes, mange front is visible in Google.
So best redirect any access from fron-end for now
Something so in your .htaccess
RewriteCond %{QUERY_STRING} (^|&)manage= [NC]
RewriteRule ^ index.php [L,R=301]

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 25695
  • Always on vacation
    • Jenkin Hill Internet
Which Joomla/VM versions? http://forum.virtuemart.net/index.php?topic=118683.0

Sounds like you have some incorrectly set ACL, or may have been hacked!
Kelvyn

Jenkin Hill Internet,
Keswick, Lake District

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM3.2.1 on Joomla 3.6.5 PHP 7.0.12

Testing VM3.2.2 on J!3.6.5 and J!3.7

quintangai

  • Beginner
  • *
  • Posts: 4
  • A beginner
thanks for your replies
My joomla is 3.6.5 and VM 3.0.18 ...that is last versions... php is 5.6

I guessed it is something of ACL and yesterday I kept on messing around 2 more hours ending with the expected behaviour of google search links ending to a Not allowed message and getting directed to the front end... 
all looked OK, until I tried to enter backend... that I could not do ... so you may guess that I am not a top level user...
I spent whole morning trying to enter as admin, but it has been easier to restore all from a backup and start over again...

I wil appreciate if you teach me what  ACL is correct for Virtuemart ...

Meanwhile I will also try the .htacess guides and see what happens...

Many thanks to all of you for your time and patience

Regards

Studio 42

  • Contributing Developer
  • Full Member
  • *
  • Posts: 2101
  • Joomla & Virtuemart addon developper
    • Studio 42 - Virtuemart & Joomla extentions
  • VirtueMart Version: 2.6 & 3.0.x.y
I can only confirm that something is better as before, but you always see your front management.
So your ACL are not set.
All need to be red for all user groups except super user and admin accounts

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 25695
  • Always on vacation
    • Jenkin Hill Internet
Be aware that many Joomla sites that were slow to update when security releases were made available were hacked - and many also before the security patches were publicly available. Some of the hacked sites had changed ACL, opening the site to all and changing the password(s) of super admins. If the backup, was from before the 3.6.4/3.6.5 updates then you should be OK.
Kelvyn

Jenkin Hill Internet,
Keswick, Lake District

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VM3.2.1 on Joomla 3.6.5 PHP 7.0.12

Testing VM3.2.2 on J!3.6.5 and J!3.7