Reputation: 63
The security token did not match. The request was aborted to prevent any security breach. Please try again
I've got the error above in my Joomla website when I either try to log in or create a new account from the side site. I have also noticed the two following things:
- if I create a new user from the backend, this doesn't appear in the _users table;
- a file named ".myjoomla.configuration.php.md5", containing an alphanumeric string, is automatically generated in the website root every time I try to log in vainly from the frontend. Besides, it turns up again if I remove it manually through FTP.
Did my website get hacked? How could I fix it?
Upvotes: 2
Views: 4190
Answers (2)
Reputation: 63
The issue I've encountered was about the Joomla native Login module. As I published it in all the pages of my website and clicked on the login link appeared on the frontend side, I was redirected to a link that looked like
mysite.com/index.php/component/users/?view=login&Itemid=yourid
which displayed the login page correctly. Yet, once filled in the form and submitted it, the warning message in question popped out. The same problem occurred when either trying to register a new account or reset the password. Although I couldn't find an explanation to the issue, I managed to fix it by creating a Login, Reset and Registration menu items under the main menu and then hidden them as I didn't want them to show up among the other menu items on the frontend. Went back to the frontend and clicked on login, I was now redirected to a different url that looks like
mysite.com/login
where "login" is the alias that I had chosen for the Login menu item. After having filled in the form and submitted it, I was able to log in successfully. Likewise, Registration and Reset operations worked.
Upvotes: 0
Reputation:
".myjoomla.configuration.php.md5" contains the md5 hash of the configuration.php file and appears on your site as part of the mySites.guru service you either subscribed to or trialled. It is part of the near-realtime alerting service which detects when configuration.php has been changed and alerts you if you are a paying subscriber of the mySites.guru service. It is NOT an indication of a hack at all.
Disclaimer: It is code I wrote and a service I run, so I know what Im talking about.
Not being able to create users - Im guessing you have Admin Tools or RSFirewall installed and configured, both these products stop users being created IF configured that way.
Token issues: These are well covered in Joomla documentation and forums. They are CSRF tokens and if yours is not validating then try NOT double clicking the buttons, check your session handlers are working, and check your cookies are working as expected
Nothing you say leads me to believe your site is hacked
Upvotes: 1
Related Questions
- AuthenticationException A Token was not found in the TokenStorage?
- After successful authentication token is not authenticated
- 'Invalid security token' on Joomla login
- Symfony3 get security token after authentication
- Security throwns 500 exception with Token was not found in TokenStorage instead of 403 or 401
- Error while trying to login in joomla
- Joomla 3 Invalid Token error
- joomla admin login via php post script wrong token
- Joomla invalid token message
- Joomla! - Unable to log in