Table of Contents
It was all good until a couple of day back, when one of our Magento website was hacked. The hacker did many changes – the entire Magento’s folder permissions were messed up, loads of unneeded files were placed inside sub-folders & the site wasn’t working. Here is how I fixed it up, including the 404 Error on Admin Dashboard which drove me nuts.
First things first
The first thing I could notice was missing `index.php` on the root. So, replaced it with new from the Magento package.
Second thing I looked into was, the .htaccess files. There were two – one in the root of my `domain.com` & the other one inside the subfolder `domain.com/magento`
Now because, I still wanted this new store to render URLs like `domain.com/product-url`– I ensured the .htaccess files have the following
Situation 1: 404 Error on all pages except home page
Despite all these correct changes, my Magento website’s all pages (product categories & product pages) were throwing me default 404 Error “Whoops, our bad…”
The store itself was correctly set to use “SEO URLs” & the mod_rewrite was also functioning fine on the server. Cache was cleared by deleting the folders, but the URLs were still carrying `index.php` – resulting into broken pages.
So I decided to ensure all folder permissions are set correctly. Many folders were set (during the hack attempt) to use CHMOD 777 & I changed them all to use 755 as they should be. (Some of you may have different advice on these)
And, this solved my problem for the front end. All URLs were now working perfectly as desired.
Situation 2: 404 Error on Admin Dashboard after login
After these front-end pages were fixed, I went into `/admin` & tried logging in. To my surprise, despite correct login details I was thrown these default 404 error pages saying “Whoops, our bad…”
I noticed that, `index.php` was still showing up on admin dashboard URLs. Like:
And if I delete `/index.php` from that part – the admin dashboard was showing up fine.
None of the rewrites were working fine. Then I realized the problem is lying with not been able to correctly handle `Request_URI` which is actually looking for using the `SCRIPT_FILENAME` variable.
To override _updatePathUseRewrites method, go to: /app/code/core/Mage/Core/Model/store.php & find the following snippet
And replace it with the following:
This is ensure we’ve hardcoded the admin URL generations & eliminated `index.php` prefix on the dashboard.
This works perfectly as desired & the site is back online. 🙂
There could be numerous other reasons why your site is having similar issues. I merely tried to explain steps I took to fix it. Please ensure you’ve backups of each file & database before your proceed for any change. There’re tons of similar issues mentioned on Stackexchange & you can search for correct answers there for your issue. None of them directly helped in solving my issue but none the less, they were great help.
Hope this works for you & save few hours. And if it does, then do say hello in comments.