Jump to content
Latest News: (loading..)
Blamps

Lost Admin Password

Recommended Posts

Posted (edited)

OSCommerce - Reset a lost admin password

To reset the Admin password in newer versions of OSCommerce, you will need to do the following:
 

  1.  
  2. Login to cPanel, and go to Databases -> phpMyAdmin
  3. Click on your OSCommerce database on the right
  4. On the next screen, click on the Administrators table
  5. Edit the record for the username in this table
  6. Replace the contents of the password field with this, then click Go: 6cdd7c57450225fac77427f5962bb726:40

     


This will reset the password for this user to "pass". Login to the Admin area of your OSCommerce, and then reset your password to something more secure.
 
Also is you have Additional Protection With htaccess/htpasswd  then delete that file from admin/ 
Edited by JcMagpie

 

Share this post


Link to post
Share on other sites

Just empty, NOT DELETE, just empty the administrators table. Then access your admin area again and you will be prompted to create a new username and password.

Share this post


Link to post
Share on other sites

The empty admin table is advise given on this forum over and over again! I think this is not a good idea for 2 reasons.

1) if you have more than 1 admin assigned you will lose all the admins!

2) if you empty the table you leave your website vulnerable to hacking unless you immediately log back into admin! even if its only 20-30 seconds its still open to anyone accessing for that short window! Why take the risk!

 

 


 

Share this post


Link to post
Share on other sites
Posted (edited)

If you have multiple admins then you're totally right. Then he shouldn't empty the table. Worst case you could ask your fellow admins to quickly recreate the username and psw.

Regarding point 2, i do not think that this is an issue. At least it shouldn't be unless you did the stupid mistake of naming the admin folder "admin" and even then why would someone wait to access the admin area after empty the table? Yeah OK a toilet brake maybe but that would be a very big coincidence and very important toilet brake. And getting hacked exactly in those few seconds would be really bad luck. And hopefully a htaccess file already in place should prevent that too.

Edited by Tsimi

Share this post


Link to post
Share on other sites
26 minutes ago, Tsimi said:

And hopefully a htaccess file already in place should prevent that too

😁 I bet every site ever hacked thought they had every thing secure including htaccess! But hey everyone is free to do what they think best :thumbsup: it's all good.


 

Share this post


Link to post
Share on other sites
Posted (edited)

It's interesting to read what Apache have to say about the use of .htaccess and website security!

" There is a common misconception that you are required to use .htaccess files in order to implement password authentication. "

http://httpd.apache.org/docs/2.0/howto/htaccess.html#when

The .htaccess file is one of the most common targets for hackers as most people never think to protect the file itself!

Even those who do protect the file normally use just this.

<Files .htaccess>
	Order allow,deny
	Deny from all
</Files>

This still allows attacks  using  “HTACCESS”,  Yu should go one step further and ensure a strong denial of access to your file using something like this

# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
	Order allow,deny
	Deny from all
	
</Files>

But as always get advice from an  "expert like your host support" before making any changes and oh yes backup.

Edited by JcMagpie

 

Share this post


Link to post
Share on other sites
Posted (edited)

Error in original post as hash had error and would not work if used. This below is the corrected code. Or as @Smoky Barnable says just use a hash generator.

OSCommerce - Reset a lost admin password

To reset the Admin password in newer versions of OSCommerce, you will need to do the following:
 

  1. Login to cPanel, and go to Databases -> phpMyAdmin
  2. Click on your OSCommerce database on the right
  3. On the next screen, click on the Administrators table
  4. Edit the record for the username in this table
  5. Replace the contents of the password field with this, then click Go: 6cdd7c57450225fac77427f5962bb726
This will reset the password for this user to "40pass". Login to the Admin area of your OSCommerce, and then reset your password to something more secure.
Also is you have Additional Protection With htaccess/htpasswd  then delete that file from admin/ 
Edited by JcMagpie

 

Share this post


Link to post
Share on other sites

I would just like to remind people that while we are here to assist one another, let's please do so in a safe way. If I walked up to you and said that I lost the keys to my house/car, and asked you to help me break in, would you?

M


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release here

Share this post


Link to post
Share on other sites

😂 A bit late to the game no! 😂 Nothing posted here that has not already been discussed many times and a simple google for anyone!

If he has access to the db and phpadmin then the damage is already done, nothing advised here will help anyone get access to a properly secured website.  

Edited by JcMagpie

 

Share this post


Link to post
Share on other sites

This was a brand new member, his first post, and posted only minutes after joining. And, this member has not been back here since then.

(don't you just love it when people ask a question here and never come back for an answer?)

I saw the post when he first posted it, and considered saying something then, but others answered before I could.

M


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release here

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×