I can't even explain this (( Ghost Admin ))

[hcfwesker]

there's a member on my site, who I allowed FTP access awhile back, and gave him temp admin group permissions.  Well, those were removed a LONG time ago, that member isn't in ANY membergroups, but STILL has ALL admin permissions. 

I've tried everything.  Can someone please explain to me why this is not resolved by simply removing the member from the membergroup?  It's really becoming a pain for our staff and members, cause I really can't ban or delete the account since they seem to have full control of the site ... so I'm trying to be as calm as can be until I find some solution, but nothing is working

I'm on SMF2 , site link  http://www.brawldomain.com/index.php

[SlammedDime]

Have you gone to his profile and checked the 'View Permissions' option to see what member groups are giving him what permissions?  If that doesn't reveal anything, can you please attach Load.php to your next post?

[aishaweb]

Check his additional membergroups too, see attached screenie:

[hcfwesker]

Have you gone to his profile and checked the 'View Permissions' option to see what member groups are giving him what permissions?  If that doesn't reveal anything, can you please attach Load.php to your next post?

Ok, I did check his profile, under Permissions, and it does say he only has regular permissions given to regular members, along with restricted board access as a regular member.  BUT i promise you, he can do ANYTHING he wants on the site.   And he is not assigned to ANY membergoups, primary or secondary groups.  He even shows in the Ajax chat as an admin (red color) and can do anything there.

I'll attach my Load.php file, I appreciate any help.

Also, I would just simply delete the member account, but I'm not sure if that's going to solve the problem, or he returns and STILL has full admin permissions and retaliates.

[Sir Osis of Liver]

Found this in Load.php -

Code Select Expand



$user_settings['lngfile'],
'is_guest' => $id_member == 0,
'is_admin' => in_array(1, $user_info['groups']) || $id_member == 1692,



It's not in the original.  Can you determine his user #? 

Just a wild guess, but he may have hardcoded admin permissions for himself.


Sorry, here's the same code from a clean Load.php -

Code Select Expand



$user_settings['lngfile'],
'is_guest' => $id_member == 0,
'is_admin' => in_array(1, $user_info['groups']),



[SlammedDime]

I"m going to guess that his member id is 1692... He modified your Load.php to always make him an admin...

Open Load.php, search for the following and replace the code below it:

Code Select Expand

'is_admin' => in_array(1, $user_info['groups']) || $id_member == 1692,


Code Select Expand

'is_admin' => in_array(1, $user_info['groups']),


[hcfwesker]

OMG!!! i love you, that is his member number.  do i just change that last line to

      'is_admin' => in_array(1, $user_info['groups']),


I was offering $10 for help with this, I'll gladly offer it to both of you.  If this permanently solves the issue  http://www.simplemachines.org/community/index.php?topic=434860.msg3050874#msg3050874

[Sir Osis of Liver]

Hey, Dime, read my sig!

What are the odds that's all he did?

[hcfwesker]

What are the odds that's all he did?

thats what i'm afraid of.  Sad thing is he's a MOd developer on this SMF Support site, had no involvement with my community or the genre it was based on.  I asked for help on a MOD, and weeks later he just came in and trolled, changing members names, removing staff from their groups, etc.  Makes it hard to trust new coders with my info and access when i need help, now.

Thanx again, to you both, my offer still stands for the payment.  I just hope that's really all he did.

[Sir Osis of Liver]

Have your host run a security scan on your account for possible hack, asap.  No telling what your guy might have done with ftp access.  If he's done anything else on your forum, guess you'll find out soon enough once you dump him.

What an asshole.

[SlammedDime]

No need to send me any money.... happy to help when people decide to ****** up others' forums... I would like it if you could PM their username here though

[Baby Daisy]

This isn't the only time I've seen someone hardcode admin permissions, make sure to always be wary of who you give FTP to and run programs that check files for edits when compared to the originals

[billy2]

... I would like it if you could PM their username here though

* billy2 hopes the SMF lynch mob stop the perp from doing this again - christ knows what his mods contain

[aishaweb]

No, need for the PM, i found the user on your forum using action=profile;u=**** on the end of your url

[Ozzie]

hey peeps

reading this made me a bit paranoid, so i opened my load.php file and ran a search for $user_settings['lngfile'], and i have came up with entries like this

" if (empty($modSettings['cache_enable']) || $modSettings['cache_enable'] < 2 || ($user_settings = cache_get_data('user_settings-' . $id_member, 60)) == null) "

there are 3 entries in my load.php which as $id_member, 60,checking my member list this gives me a member who as only ever been here to register and never been

seen again .He/She as never had any sort of access to my ftp or admin so i am wondering how they show in load.php is it a security glitch ?? or have i been hacked and what if anything it may be compromising........

[vbgamer45]

Ozzie that is a caching function save to ignore 60 is the time to live value.

[Ozzie]

thanks vb but i get so paranoid ...pleased you cleared that up    learn sommat new everyday

thanks