Weird – Things changed randomly overnight?

  • Resolved fleetadmiralj

    (@fleetadmiralj)


    13 years, 7 months ago

    OK…I assume it wasn’t really “random” but I sure can’t tell what happened.

    This is basically the situation: We’ve installed 3.0 (recently upgraded to 3.0.1) and created Networks. We also installed several plug-ins. As of last night, we had Google Analyticator, List Authors, Stream Video Player, wpCas, WP Multi-Network (with two additional networks set up), and the New Blog Defaults plugins, with the New Blog Defaults and Stream Video Player being installed yesterday afternoon.

    Well, when we came in this morning, we found 3 things have changed since we left the server last night (that we’ve been able to find so far):

    1) One user who had been an admin over a test blog, where he was playing with stuff (we’re still in development mode with this software) found that he was no longer the admin of that blog (he wasn’t even a user of it)

    2) I had added several users to a blog before, but had to delete it and re-create it later. I had never re-added those users to that blog. Yet this morning, they were all listed as users of that blog as subscribers (which is odd because I had added them as editors before)

    3) I found that that same blog, if you tried to access any page on it, just redirected back to the wp-admin for that blog. (I can’t see anything in .htaccess that would cause this)

    This blog isn’t accessible outside of our internal network, and there is no evidence that anyone inside the network accessed any of the admin pages overnight. The only thing we saw was one person’s computer repeatedly accessing the comments RSS feed overnight (which we thought was a little weird, but shouldn’t cause any problems) and wp-cron.php running a couple times.

    I’ve disabled all of the plugins except the Multi-Network and wpcas for now, but none of the issues have been resolved, and at this point I’m at a total loss as to what might have happened overnight to cause these things occurring. It would be nice to figure out since if there is a security problem that’s causing this, we’d definitely like to know.

    If it’s a problem with one of the plug-ins we installed, or plugins not playing nice, it might be nice to know as well, but at this point, I’m looking for anything that might have caused this odd behavior.

    Thanks.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    13 years, 7 months ago

    2) I had added several users to a blog before, but had to delete it and re-create it later. I had never re-added those users to that blog. Yet this morning, they were all listed as users of that blog as subscribers (which is odd because I had added them as editors before)

    This one isn’t super weird, at least. That’s expected behavior. They probably logged back in to the blog and, when they do that, they get added as the default permission (i.e. subscriber) to that blog.

    3) I found that that same blog, if you tried to access any page on it, just redirected back to the wp-admin for that blog. (I can’t see anything in .htaccess that would cause this)

    Is the blog set to private (or some other permissions to prevent joe regular user from getting into it?). Once you’re logged in, does it STILL do that?

    1) One user who had been an admin over a test blog, where he was playing with stuff (we’re still in development mode with this software) found that he was no longer the admin of that blog (he wasn’t even a user of it)

    You mentioned in #2 that you deleted a blog. Was it the same one? Did you remember to re-add him?

    Thread Starter fleetadmiralj

    (@fleetadmiralj)

    13 years, 7 months ago

    for #2, there is no evidence that they logged in. I’m pretty sure I never sent them an email that they were users, so I’m not sure they’d do know where to go

    for #3, yes, it does that even after I’m logged in

    The blog that #1 was an admin of was a different blog as the one in question in points 2 and 3. I did delete it and re-create it at the same time, but it’s a different blog.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    13 years, 7 months ago

    For #2 – Unless you specifically checked ‘don’t email the users’ they got notified. Also, there’s no login-logging, as it were. It’s possible that since you deleted and re-created the site, somehow things got carried over, but that doesn’t make sense.

    #3 – Per this old post http://mu.wordpress.org/forums/topic/9872 it could be your hash keys and/or cookies. Start by doing ye olde flushing of the cookies.

    #1 – Okay, just making sure.

    Is anyone else a super admin to the site? Could they have played around with users?

    Thread Starter fleetadmiralj

    (@fleetadmiralj)

    13 years, 7 months ago

    #2 – Well, I think I did that (checked the checkbox) but maybe not. Even if they logged in, they’re listed as subscribers, so they wouldn’t have been able to do any other the other stuff that happened even if they had

    #3 – Did cookies, as well as a browser I know I haven’t accessed the site with. Same deal with the redirect

    a couple more notes on this one: first, this is the only site on the blog network that I can tell is redirecting. No other site does.

    second, we had changed DOMAIN_CURRENT_SITE in wp-config to

    define( ‘DOMAIN_CURRENT_SITE’, ” . $_SERVER[‘HTTP_HOST’] . ” );

    To get the site to work correctly with the Multi-Network plugin. I saw something sort of, kind of similar in the other thread, so I don’t know if that could be an issue or not.

    There is one other person who is a super user (who didn’t access the site last night either). There is a generic super admin user, but no one should be able to even log in using it, because the wpcas plugin should force people to log in using the CAS system, and I don’t think it even allows to go back to wordpress as a backup

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    13 years, 7 months ago

    the wpcas plugin should force people to log in using the CAS system

    I don’t know why that didn’t catch my attention the first time…

    Maybe THAT’S why the login-redirect is happening. Is that plugin Multisite friendly?

    Andrea Rennick

    (@andrea_r)

    13 years, 7 months ago

    #3 you didn’t make it a dashboard blog did you?

    The other issues – yes it’s possible the multi network stuff isn’t configured properly and it’s also possibly you have plugins going wonky. especially if you’re using them network-wide and they weren’t written for it.

    Thread Starter fleetadmiralj

    (@fleetadmiralj)

    13 years, 7 months ago

    I think so. I wasn’t causing any problems before, and we’ve had it active since pretty much the beginning of testing. OK. I just disabled it and tried again (again on a browser I know I hadn’t accessed the site with before). Same thing, re-directing.

    I also turned off the multi-site plugin and (interestingly) I could still access the other networks, and it was still redirecting. so turning ALL plugins off don’t seem to do anything.

    Thread Starter fleetadmiralj

    (@fleetadmiralj)

    13 years, 7 months ago

    Andrea_r – it looks like that’s exactly what I did. I went into Options under site admin, and saw it listed as “dashboard site”

    I had thought this was where you set which blog you wanted to change permissions on, but it must be where one sets, as you noted, a dashboard blog. I took it out, and viola, I could access it. So #3 seems to be solved now.

    Thread Starter fleetadmiralj

    (@fleetadmiralj)

    13 years, 7 months ago

    Additionally…actually reading the note under the field (amazing what happens when one actually reads what things are for and do!) it looks like that might explain the people being added to subscribers.

    One final thing…I had set the blog in question #1 as that blog before switching it to the other blog in question. That person was an admin and not a subscriber (and it says it moves SUBSCRIBERS of the old blog if you change it) but could that possibly even explain why they were taken off as an admin for the first blog?

    Thread Starter fleetadmiralj

    (@fleetadmiralj)

    13 years, 7 months ago

    Just to quadruple post before someone else come in here again…

    The answer to my last question is…”yes”

    I added them to site #1 as an admin, put in their site in as the dashboard site, then put the other site in as the dashboard site and viola, he was removed as an admin of the first site and added a subscriber to the second.

    So that appears to explain all of the problems I was having. And all because I didn’t know what I was doing lol. Thanks.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Weird – Things changed randomly overnight?’ is closed to new replies.