Administration Control Panel Login Loop

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Administration Control Panel Login Loop

Post by ErikMouse »

Support Request Template
What version of phpBB are you using? phpBB 3.3.11
What is your board's URL? https://www.kingdommythica.info
Who do you host your board with? A2 Hosting
How did you install your board? I used the download package from phpBB.com
What is the most recent action performed on your board? Upgrade to 3.3.11
Is registration required to reproduce this issue? Yes
Do you have any MODs installed? No
Do you have any extensions installed? Yes
What extensions do you have installed? I have installed a style called "Prosilver Dark Edition"
What styles do you currently have installed? I have ACP Add User, NavBar Search, and VigLink installed
What language(s) is your board currently using? English
Which database type/version are you using? MySQL(i) 8.0.32-cll-lve
What is your level of experience? Somewhat new to phpBB
What username can be used to view this issue? ErikMouse
What password can be used to view this issue? No answer given
What actions did you take (updating your board; installing a MOD, style or extension; etc.) prior to this problem becoming noticeable? Nothing, I just found this ACP Login Loop going on today.
Please describe your problem.Hi, I have a forum at kingdommythica.info and I'm having a major issue with it. I can't even login to it on any browser on any computer because it's going back to asking for the username and password. I have already tried to contact my hosting about it and so far, I'm not having any luck getting it fixed. If anyone can help me with this, please let me know. The forum is at kingdommythica.info
Last edited by Mick on Tue Mar 05, 2024 9:58 am, edited 2 times in total.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

Okay, I just got off the phone with my hosting provider and they have been no help with this and say I need phpbb support as to why this login loopback is happening.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

Just to let you know, I had made some headway on this on my own. I found a fork of an admin tool kit that stated to be known to work with phpbb version of 3.3.11. Extracted and uploaded that, which allowed me to finally get into my forums ACP. I was then able to clear cache and logout all user instances in case the issue is the sessions is being flooded with bots for some reason. I also was able to check the cookies domain just in case and that appears to be set to .kingdommythica.info which looks to be correct.

Edit: The ACP Loop appears to still be happening when I normally login, but support toolkit is allowing me in as a secondary way in for now until someone can help me figure out what is causing this issue.

Second Edit: I just realized that I forgot about the support template, which I was able to fill out now since I was able to get access to my own ACP via a working support toolkit.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6433
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Administration Control Panel Login Loop

Post by thecoalman »

What does the address say in the browser after getting 404?
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

thecoalman wrote: Fri Mar 01, 2024 2:03 am What does the address say in the browser after getting 404?
I'm not getting a 404 anywhere, the browser URL basically just shows

Code: Select all

https://www.kingdommythica.info/adm/index.php
with an sid number on the end on the login prompt it loops me back to.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6433
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Administration Control Panel Login Loop

Post by thecoalman »

My mistake, another topic. :D Does issue persist switching to prosilver? Did you upgrade the style when you upgraded forum?

If you haven't already done so clear the cache manually. Using FTP delete everything in the cache folder except .htaccess and index.htm.


May not be your problem but it's a problem. At the top of the page is the text error_reporting(E_ALL - E_NOTICE);, determine where that is coming from.

That's used to override the default error logging level and would only be used in php script. It should not be displayed as output. Additionally the default error logging level can be changed in the php.in so it affects all scripts.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

thecoalman wrote: Fri Mar 01, 2024 2:30 am My mistake, another topic. :D Does issue persist switching to prosilver? Did you upgrade the style when you upgraded forum?

If you haven't already done so clear the cache manually. Using FTP delete everything in the cache folder except .htaccess and index.htm.
The last time I updated the forum, it was several months back, and the style was upgraded as well, but this acp login loop wasn't happening back then.

thecoalman wrote: Fri Mar 01, 2024 2:30 amMay not be your problem but it's a problem. At the top of the page is the text error_reporting(E_ALL - E_NOTICE);, determine where that is coming from.

That's used to override the default error logging level and would only be used in php script. It should not be displayed as output. Additionally the default error logging level can be changed in the php.in so it affects all scripts.
I found where that was coming from and was a suggested fix from another topic, but I have removed the line and it should be gone.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

Right now, I'm still having this ACP Login Loop going on and waiting to see if there is anyone who can help me figure out what the problem is.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

Just to let you know, this ACP Login Loop is still happening and I'm still waiting for some solutions to it, or if I need to have someone here FTP into it and try to figure out what is causing this issue.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6433
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Administration Control Panel Login Loop

Post by thecoalman »

Open your hosting control panel and see if there is setting for mod_security, turn it off and see if that helps.

If that works let your hosting support know about the issue so they can resolve the problem and you can turn it back on.

If you would check your server error logs, if you see any lines related to mod_security post them here please. You can also relay them to the host.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

thecoalman wrote: Mon Mar 04, 2024 3:25 pm Open your hosting control panel and see if there is setting for mod_security, turn it off and see if that helps.

If that works let your hosting support know about the issue so they can resolve the problem and you can turn it back on.
Alright, I found ModSecurity in the cpanel and turned it off for that domain. and turning it off appears to solve the issue with the ACP Login Loop that I'm having, so I'm going to update the ticket that I have with my hosting provider about this since ModSecurity may be causing the issue.
thecoalman wrote: Mon Mar 04, 2024 3:25 pm If you would check your server error logs, if you see any lines related to mod_security post them here please. You can also relay them to the host.
I looked through the server error logs as well and didn't see anything that mentions mod-security.
ErikMouse
Registered User
Posts: 48
Joined: Wed Mar 27, 2013 9:04 am
Name: Erik Mouse

Re: Administration Control Panel Login Loop

Post by ErikMouse »

Another thing I have noticed and should make a mention of, is while I was looking through my forum's ACP via the Support Toolkit I was using, my Malwarebytes Browser Guard suddenly flagged something as malicious, and I don't know what. After telling it to let me continue, Imunify360 suddenly popped in saying there is malicious activity coming from my IP and wanted me to do a captcha clicking on images of buses to verify that I'm not a robot. I don't know what was going on there, but I had gone to check the Imunify360 logs and there is nothing new showing up there telling me what is going on. The last thing it did was cleaned /public_html/kingdommythica/bin/include.php due to an infection, and that was back on February 23rd, and I'm not sure what that file was for though.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26874
Joined: Fri Aug 29, 2008 9:49 am

Re: Administration Control Panel Login Loop

Post by Mick »

What is Imunify360 set to, I saw another post mentioning that only yesterday? A2 should be able to help you with that.

viewtopic.php?p=16001419#p16001419
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6433
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Administration Control Panel Login Loop

Post by thecoalman »

Mick wrote: Tue Mar 05, 2024 9:57 am What is Imunify360 set to, I saw another post mentioning that only yesterday? A2 should be able to help you with that.

viewtopic.php?p=16001419#p16001419
Imunify is apparently providing the rule set for mod_security. It's triggering on a path traversal, the redirect is using ./../adm/index.php. It's used as hidden input value posted by the user so that is probably why it's being triggered. I recall there being a post about same issue a year or two ago but I think that was OWASP rules. If there is any other inputs with hidden redirect input values they aren't being affected because they are in the same directory.

These are just educated guesses because I don't have the product to test it and I can't find a copy of the rule being triggered. It's proprietary product so you can't just download them and look at it. I'm going to post a ticket.

The relevant error is posted here: viewtopic.php?p=16001707#p16001707
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26874
Joined: Fri Aug 29, 2008 9:49 am

Re: Administration Control Panel Login Loop

Post by Mick »

I can’t believe that so many different hosts are causing exactly the same issue and that they just decide to slap this stuff on probably under the impression they’re helping their customers without testing properly and then denying it’s them.
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧

Return to “[3.3.x] Support Forum”