Skip to Content Skip to Menu

[SOLVED] Hack to CB User view in admin user management

7 years 4 months ago - 7 years 4 months ago #294924 by Thelowlandpiper
[SOLVED] Hack to CB User view in admin user management was created by Thelowlandpiper
Something is causing an edit to user data when user record is opened from CB User Management (but not in front-end profile view); I had hoped that this had been dealt with but it is still present. The attempted edit is lost if the user view is closed without saving, and the record can be viewed normally in Joomla User view; This hack has been in place for three weeks so I'm reluctant to try another backup restore; any help in locating where this intrusion might be would be very welcome.
Joomla 2.5.27 ; 2.1.2+build.2017.05.04.16.30.55.c67734e1f (updated from 1.9 after the hack was first detected)
Last edit: 7 years 4 months ago by krileon. Reason: Added [SOLVED] tag to subject

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48448
  • Thanks: 8280
  • Karma: 1443
7 years 4 months ago #294927 by krileon
Replied by krileon on topic Hack to CB User view in admin user management
What do you mean an edit to user data? Can you be more specific as to what is being edited and exactly when? Just viewing a profile doesn't save anything in backend. Are you sure a hack is in place and it's not just a Joomla system plugin acting on Joomla user triggers or a CB plugin acting on CB user triggers? CB also completely overrides every core file on install so if it's a core file compromised simply install CB and that compromise is gone. The compromise would have to be coming from outside of CB.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

7 years 4 months ago #294934 by Thelowlandpiper
Replied by Thelowlandpiper on topic Hack to CB User view in admin user management
If I open a record from the CB User management list, I see the data as expected for a second or so and then it is overwritten; the name, username and password are replaced with mine (the super-user), or at least, with what they were before I changed them when I first thought a back-up would resolve the issue;. The same data is overwritten in any user i open. It is not preserved if I close the record without saving.

Will a complete re-install overwrite my configurations? Can I just override the files and leave the database un-affected/ (assuming I install the same version...

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48448
  • Thanks: 8280
  • Karma: 1443
7 years 4 months ago #294960 by krileon
Replied by krileon on topic Hack to CB User view in admin user management
That's not a hack. That's just your browsers autocomplete trying to fill out your login or profile data. Turn off your browsers autocomplete or if you're using something like LastPass configure it to not autofill.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: Thelowlandpiper

Please Log in or Create an account to join the conversation.

7 years 4 months ago #294967 by Thelowlandpiper
Replied by Thelowlandpiper on topic Hack to CB User view in admin user management
thanks for that insight and apologies for thinking it wa CB-related - it was totally new behaviour to me; eventually i managed to find the place to set my LastPass preferences to not autofill; seems a weird thing to do, to overwrite existing details...

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum