Rogue admin

[Nate95]

Admin permissions were given to someone who shouldn't have been to a new community. He deleted all other admins but himself. I have access to cpanel but can't seem to get it to work through the suggested methods in the wiki. Can I change his password, then use his account to make myself admin again? I didn't even know my account could be removed since I set it up as admin when installing the forum onto the server.

[Kindred]

You can either create a new account and manually assign it admin rights in the database(per the wiki)

Or you could restore a backup from before the bad guy took over, and then reduce his rights before he comes back

[Steve]

I thought the root admin couldn't be deleted?

[Kindred]

Yes, it can

[Steve]

Ok ... makes a note ...

[Colin]

There is no such thing as a root admin account. There are just accounts that have admin privileges.

[Kindred]

I assume that he meant the user #1 account...

[Steve]

I assume that he meant the user #1 account...

Yep.

[Sir Osis of Liver]

Go into the database with phpmyadmin (in MySQL database section of cpanel), look in smf_members, sort by id_group, change id_group from 1 to 0 for rogue admin, and change id_group for your own account to 1.

[nend]

May be best to restore a backup because all the post and other things will not be reattributed to the appropriate users if you try to recreate the accounts.

Restore the backup and once restored change the id_group to 0 and remove anything if set in the additional_groups field for his account in the database. Once you get logged in then delete his account the SMF way as this will be a cleaner way than PHPMyAdmin.

Me personally, I don't like the delete option, I rewrote my code to only deactivate the account and make it look like a guest.

Code Select Expand

// Do the actual logging...
if (!empty($log_inserts) && !empty($modSettings['modlog_enabled']))
$smcFunc['db_insert']('',
'{db_prefix}log_actions',
array(
'log_time' => 'int', 'id_log' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'action' => 'string',
'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string-65534',
),
$log_inserts,
array('id_action')
);

// Deactivate the account. No real deletion here, it just appears that way.
$smcFunc['db_query']('', '
UPDATE {db_prefix}members
SET real_name = {string:name}, gender = {string:birthdate}, birthdate = {string:birthdate}, website_title = {string:blank}, website_url = {string:blank},
location = {string:blank}, validation_code = {string:validation_code}, icq = {string:blank}, aim = {string:blank}, yim = {string:blank}, msn = {string:blank},
signature = {string:blank}, avatar = {string:blank}, is_activated = 0
WHERE id_member IN ({array_int:users})',
array(
'users' => $users,
'name' => 'Guest',
'birthdate' => '0001-01-01',
'blank' => '',
// Just in case they want to come back.
'validation_code' => generateValidationCode(),
)
);
I know the validation codes will be the same if I do a mass delete, but I don't mass delete and wanted to give an option for users that may want to delete their account. This at least keeps complications down if they decide to come back anyways.

There is more code to that, but that would be getting off topic. I do some of the routines and other stuff so they will no longer get notifications and clear out some unneeded stuff since their gone.

[Sir Osis of Liver]

Can I change his password, then use his account to make myself admin again?

Actually you can, but it's better to do what I suggested.  Haven't done it in a while, but iirc you have to delete password_salt and replace passwd hash with a plain text password, and you will be able to login with that username.  The rogue member will no longer have access to that account.