Critical Report - There was an attempt to change a protected user!

The Report

If you receive messages stating that there was an attempt to modify a protected user using password hashes, similar to the following:

	User 'mark' change attempt: column 'password' value attempted to change from '$2g$32$...' to '$2g$33$...'. Prevented.

...then this is not related to the plugin itself but rather to RSFirewall!’s protection mechanism. This is due to the fact that you have enabled the 'Protect the following users from any changes' option from Components > RSFirewall! > Firewall Configuration > Lockdown.

Joomla! updates changed the way passwords are encrypted and when you've used the RSFirewall! protected user feature, the user(s) snapshot were captured with the older password hashing algorithm thus no longer matching the current one.

 

What to do

Joomla! is updating passwords with the new algorithm on login, and thus RSFirewall! kicks in because it sees that your database is being altered. You can try following these steps and a new snapshot of your user(s) will be created:

 
Step 1

Go to Components > RSFirewall! > Firewall Configuration > Lockdown. and remove all users from 'Protect the following users from any changes' area.

  • Step 1
 
Step 2

Save your configuration (this has to be saved first, so the user snapshots are removed from the database).

  • Step 2
 
Step 3

Login with each protected user - you have to login so that Joomla! updates the password field with the new hashing algorithm.

  • Step 3
 
Step 4

Add the users back to the 'Protect the following users from any changes' area.

  • Step 4
 
Step 5

Save your configuration once again (this will re-create the user snapshots with the new data).

  • Step 5
 

After completing these steps, the reports regarding password hash changes should no longer appear when the protected users log in.

 

Was this article helpful?

Yes No
Sorry about that