For very long time we have a webshop running without problem. A couple of weeks ago it was probably hacked and used for spam. We never found out what had really happened but after blocking a port the spam sending stopped and all has worked as normal. Until today
When I try to reach the backoffice on https://jv74.se/admin123jv74/ I get that I have no access. There is no trace in any logs. To be sure it was not the shop platform itself, I restored a 24 hour old backup from when I know the shop worked without a problem. The shop works normal on https://jv74.se
Where to start looking? 3 other domains on the same server works normal
@Havouza is that prestashop? I would check apache error logs in virtualmin for that domain. I’ve see the issue like this when prestashop was restored from backup and there was issue with htaccess file - missing or misconfigured. Check if the file exist.
Also I would suggest you never give out your admin link login which is unique for each prestashop install
Thats what I mean - once setup during install = unique. I think you cannot change admin link just like that as it will result 403 error as well. Is there htaccess file in place?
Ah I just saw your new reply while replying to previous, I can confirm that https://jv74.se/ is running on prestahop and not wordpress. Folder /wp-admin is for wordpress which is different cms
Great, then log in to prestrashop as admin and regenerate htaccess and it should be fine. or keep admin logging locked and edit htaccess file each time you need to login to backend as admin (which is noisy - I would rather setup some 2fa with admin page) anyway this is not related to virtualmin.
The strange thing is we have a second shop, a clone of number 1 except products. This shop has NO .htaccess in the admin folder. Can the one in the affected shop been planted there when it was hacked
thats why I suggested once you in admin panel, regenerate htaccess from within prestashop, that will make sure site will work correctly and will replace any mess within existing '‘planted’ htaccess with correct permissions. It looks like the deny all in that htaccess file was indeed planted to prevent you to be able to login.
Also, it’s very likely many other files were modified. It would be extremely unusual for someone to gain the ability to write to your web root, and only do obvious stuff. They almost certainly added many ways to get back in.