2121 pointsLike some sort of WPMU DEV God"Mindblowingly helpful memberLifetime member
Ovidiu
Member
—
28th April 2011 11:17
I can see two blogs listed as my sites while they are not.
I can't find where to remove myself from these blgos so that they do not show up as my sites anymore.
I can see two blogs listed as my sites while they are not.
I can't find where to remove myself from these blgos so that they do not show up as my sites anymore.
You should be able to go to Network Admin > Sites and click on the Edit link for each site. That will show you a list of users of which you should be one of them and you can simply remove yourself there.
That issue with "No matching users" even though the count says there are looks like something I had a while ago where people were able to sign up whilst injecting a bit of script which hides them from the user page. I'll try and find detailed solution for that now.
I'm struggling to find great, step-by-step instructions anywhere so read this and then try this:
1. You need to get access to phpMyAdmin
2. Click on your wp_users table
3. Click Browse
4. Find the users that aren't appearing in the WordPress dashboard.
5. Edit each one, change anything that looks like script or HTML
6. Return to WordPress and reload the Users page
7. They *should* appear
8. Delete them
If that doesn't help you may want to consider flushing WP completely and doing a fresh install. If they are hacks then there is always the possibility that they've left malicious code in various places that you'll want to get rid of. A fresh install is the only sure-fire way.
going to the site with ID=6 I (the 3rd in the previous screen shot) see one user but there should be two of them: http://screencast.com/t/yEc9IxHuT9
now I am going to edit the other site, ID=4 (the second in the first screen shot where I can see myself as admin) and again I can only see one user while there clearly should be two: http://screencast.com/t/gBbiKDayPS
so in the first case, some unknown user is missing from the list while in the second one me, the site admin is missing from the lsit !?
Let me understand you case well. So tell me if I'm wrong.
- in the sasha subdomain, you have the hidden user "admin" but it's not count as a site's administrator (as per this screenshot).
- in the adi subdomain you have a hidden user who is subscriber (as per this screenshot).
All the users you found in the SQL table are legit and all have an email adress.
No user in the SQL table is super administrator except you.
Can you check the integrity of the Wordpress core files ?
You have to copy all the productions site's files and folders (except the folder /wp-content/) to your computer and bulk compare all the files at once with the files of a freshly downloaded wordpress (the same version, the same language).
Expect for the files you added yourself or edited yourself like wp-config.php - you have to manually check these files, don't consider that the changes are all yours), you should have no difference.
If you find nothing bad, you have to perform the very same thing with the themes and plugins.
A lot of themes have big security holes.
Please do the check and confirm so that we can move to the next step.
Anyway, it's always better to perform a regular backup (frequent differential backup and weekly full backup) so that you can spot any hack even the most dangerous one.
I perform a regular CRC check of all my customers sites in a daily basis this is a big time saver. In the most paranoid configurations, you can even load an Apache dll so that if perform an integrity check on-the-fly.
I really appreciate your offer for help and you spotted the situation correctly, except that I shut down the public registration of this installation and am keeping it as a pet project so I am not going to invest any more time into it. Therefore I can't do a crc check and verify the integrity of any files.
It is a rather huge installation with about 100 plugins and 50 in the mu-plugins folder.
It's a very basic scirpt but it does the job by comparing the hash of every single file with the reference hash file. You justy have to upate the hash everytime you update your installation (when adding, editing or replacing files).
For a full protection you should add a protection against SQL injectons attacks.
Both of these security measures are part of my full methodology and they are great because they mix a proactive and an a posteriori security measure.
Responses (11)
Sales & Support Pro — 28th April 2011 15:12 #
Hiya,
You should be able to go to Network Admin > Sites and click on the Edit link for each site. That will show you a list of users of which you should be one of them and you can simply remove yourself there.
That issue with "No matching users" even though the count says there are looks like something I had a while ago where people were able to sign up whilst injecting a bit of script which hides them from the user page. I'll try and find detailed solution for that now.
Phil
Sales & Support Pro — 28th April 2011 15:21 #
I'm struggling to find great, step-by-step instructions anywhere so read this and then try this:
1. You need to get access to phpMyAdmin
2. Click on your wp_users table
3. Click Browse
4. Find the users that aren't appearing in the WordPress dashboard.
5. Edit each one, change anything that looks like script or HTML
6. Return to WordPress and reload the Users page
7. They *should* appear
8. Delete them
If that doesn't help you may want to consider flushing WP completely and doing a fresh install. If they are hacks then there is always the possibility that they've left malicious code in various places that you'll want to get rid of. A fresh install is the only sure-fire way.
Phil
Member — 28th April 2011 15:24 #
ok, here is the initial situation: http://screencast.com/t/YgueZoUu
going to the site with ID=6 I (the 3rd in the previous screen shot) see one user but there should be two of them: http://screencast.com/t/yEc9IxHuT9
now I am going to edit the other site, ID=4 (the second in the first screen shot where I can see myself as admin) and again I can only see one user while there clearly should be two: http://screencast.com/t/gBbiKDayPS
so in the first case, some unknown user is missing from the list while in the second one me, the site admin is missing from the lsit !?
Member — 28th April 2011 15:25 #
will try your above solution and post back.
Member — 28th April 2011 15:35 #
manually browsed through 18 pages of phpmyadmin listing wp_users :-) and found nothing suspicious...
except one thing: a user without email address see this topic here too: http://premium.wpmudev.org/forums/topic/ive-got-a-user-without-email-address-wtf
hmmm... let me go home now and check with Mr. Google later on tonight.
thanks for the excellent feedback so far.
Sales & Support Pro — 28th April 2011 16:35 #
Cool, let me know how you get on.
Certainly is weird what you're seeing. There's a logical explanation somewhere!
Phil
Member — 6th October 2011 05:56 #
I'm running into this issue. Did anyone figure out how to remove the superadmin from a user's site?
Member — 6th October 2011 09:51 #
@VT: sorry, never managed to solve this :-(
Member — 6th October 2011 14:02 #
Hi,
Let me understand you case well. So tell me if I'm wrong.
- in the sasha subdomain, you have the hidden user "admin" but it's not count as a site's administrator (as per this screenshot).
- in the adi subdomain you have a hidden user who is subscriber (as per this screenshot).
All the users you found in the SQL table are legit and all have an email adress.
No user in the SQL table is super administrator except you.
Can you check the integrity of the Wordpress core files ?
You have to copy all the productions site's files and folders (except the folder /wp-content/) to your computer and bulk compare all the files at once with the files of a freshly downloaded wordpress (the same version, the same language).
Expect for the files you added yourself or edited yourself like wp-config.php - you have to manually check these files, don't consider that the changes are all yours), you should have no difference.
If you find nothing bad, you have to perform the very same thing with the themes and plugins.
A lot of themes have big security holes.
Please do the check and confirm so that we can move to the next step.
Anyway, it's always better to perform a regular backup (frequent differential backup and weekly full backup) so that you can spot any hack even the most dangerous one.
I perform a regular CRC check of all my customers sites in a daily basis this is a big time saver. In the most paranoid configurations, you can even load an Apache dll so that if perform an integrity check on-the-fly.
Member — 14th October 2011 09:52 #
Hey Salim,
I really appreciate your offer for help and you spotted the situation correctly, except that I shut down the public registration of this installation and am keeping it as a pet project so I am not going to invest any more time into it. Therefore I can't do a crc check and verify the integrity of any files.
It is a rather huge installation with about 100 plugins and 50 in the mu-plugins folder.
I manually check every theme I upload. => http://premium.wpmudev.org/forums/topic/has-it-been-updated#post-96281
Member — 15th October 2011 11:24 #
You can run a cron job with a file integrity checker like with wonderful one:
http://code.google.com/p/websitecds/
It's a very basic scirpt but it does the job by comparing the hash of every single file with the reference hash file. You justy have to upate the hash everytime you update your installation (when adding, editing or replacing files).
For a full protection you should add a protection against SQL injectons attacks.
Both of these security measures are part of my full methodology and they are great because they mix a proactive and an a posteriori security measure.
Become a member