WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Multisite lost (11 posts)

  1. AudieM
    Member
    Posted 9 months ago #

    Hello,

    I have a little question. My site (www.madameaimee.fr) was hacked 10 days ago, and after a long and exhausting battle to find where the backdoors were (I didn't find them), I thought it better to trash everything but my database, my images, my wp-config.php and my .htaccess to upload new WP and my theme files.
    I did it, but now I have lost access to the multisite panel and the dashboard of my second site (www.madameaimee.fr/en, which still exists, but is totally "naked" - for lack of a better word), despite the fact that I pasted the multisite codes that were written in my previous wp-config.php and .htaccess files (which didn't make "network" reappear in "TOOLS", though).

    So my question is: should I start everything over (paste the "allow Multisite" code in wp-config.php) and do everything from scratch to get my multisite back in order (even if http://www.madameaimee.fr/en already exists)? Or is there a magic code somewhere that will allow the return of my dear multisite dashboard?

    Thanks.

  2. AudieM
    Member
    Posted 9 months ago #

    Oh, and I forgot to add: I still have my backup on my computer, should I copy and paste something.

    (And I tried to reinstall the multisite but it told me that one was already detected, so I guess, I have to copy and paste something, but what?...)

    Thank you.

  3. mardesco
    Member
    Posted 9 months ago #

    Actually, if your site was so badly compromised that you decided to start over from scratch, you could be better off re-installing the database too; because the data in it may be compromised. For example, your page content data could now include hidden links to malicious sites. Then go through your file system with a tool like lookforbadguys.php and see if it helps you find the elusive back door. Finally be sure you've changed all your passwords, both for your WordPress installation and your account on the server as well.

    But starting from your present situation, I understand you've replaced all your WordPress files except for wp-config.php and .htaccess, which both presumably have the multisite code in them. If you're not sure, I'd recommend FTP-ing in your backup copies of those files, and overwriting whatever is on your server; it could be backdoored or otherwise broken by the hackers.

    Short answer is "yes", if you have backups, now is the time to use them.

    Final thought, you may not require a full-fledged multisite installation if you're just running an english language translation in its own directory. You could create a page named "en" and have all the pages in that section of your website be child pages of that one page (by selecting it as the "Parent" for each of the subsite pages, from the Edit Page screen). Assuming you're using Pretty Permalinks, this would give you /en/your-page/ without the multiste complexities. I know this isn't what you asked, and if you have a large site it could take a while to set up; but it might be simpler for you to maintain in the long run, especially if the "en" site uses the same theme and plugins as your primary site.

  4. In general when you delete the files, you can totally just reupload them, even with Multisite.

    http://www.madameaimee.fr/en loads for me so ... I don't know what you think is wrong.

  5. AudieM
    Member
    Posted 9 months ago #

    Hi Mardesco,
    In fact, I replaced everything. I copied and pasted the codes on brand new wp-config.php and on .htaccess, de-installed and re-installed the database (changed its name and the password), but I didn't check if there were backdoors in them. Thanks for the tip, I'll definitely use lookforbadguys.php to see if the monster is still around.

    Hi Isptenu,
    I have absolutely no idea what happened between yesterday afternoon when I posted my message and this morning. The French version of the site has been back on for 2 days and http://www.madameaimee.fr/en wouldn't load for a reason I couldn't figure out. Well, I guess it's all good then.

    I still don't have the network admin panel, and the English version of the site has no admin, though. Any idea how I could get them back?

    Thank you so much.

  6. You're looking here, right? http://www.madameaimee.fr/wp-admin/network

  7. AudieM
    Member
    Posted 9 months ago #

    Yes, and it tells me that I haven't got the rights to access the page. I have the same message when I try http://www.madameaimee.fr/en/wp-admin.

    What happened is that before my site was totally hacked (blank page with "this site was hacked by BulkaHackers"), my network admin was already down. How? I have no idea - well, I guess the hackers were already working hard to annoy me. What I do know is that my user name and password were removed and I had to log usin "admin" username and change my password every 30 minutes through phpMyAdmin. I made a backup of my site and tried to find the backdoors but two days later the site was hacked. That's why I decided to replace every WordPress files with brand new ones.
    I didn't think about the Multisite, then...

  8. What I do know is that my user name and password were removed and I had to log usin "admin" username and change my password every 30 minutes through phpMyAdmin.

    Okay, that's new information. Important information.

    Read http://halfelf.org/2013/recovering-your-cape/ - See if you can find the admin settings and if your account is listed as the super admin.

  9. AudieM
    Member
    Posted 9 months ago #

    Hi Ipstenu,
    Thanks for the link.

    I've checked my wp_sitemeta table, and everything is just like you wrote it (wp_capabilities: a:1:{s:13:"administrator";b:1;})

    Concerning the wp_sitemeta table, I'd have a question. If I have :
    a:1:{i:0;s:5:"MyFormerUserName";}, should I change it to a:1:{i:0;s:7:"MyNewUserName";} to a:1:{i:0;s:8:"MyNewUserName";}, like written in your post, or leave a:1:{i:0;s:5:"MyNewUserName";}?
    If yes, is there a reason why we should go from 5 to 7 or to 8?
    So far, I have a:1:{i:0;s:5:"MyNewUserName";} and when I log out and back in WordPress, I still have only 1 site.

    Just so that you know, to keep things logical, I also changed my admin_user_id (in wp_sitemeta table) from 1 to 2 since I had to change it when I uploaded everything 4 days ago and in wp_users, my ID is now n°2. Should I change it back to 1?

    Oh and one last question, do you happen to know why everytime I close my wp_users table more than 30 mn, the password that is crypted there changes?

    Thank you.

  10. The S number changes because of stringlength -- administrator is 13 characters. Ipstenu is 7. And so on and so forth.

    Now that out of the way:

    Just so that you know, to keep things logical, I also changed my admin_user_id (in wp_sitemeta table) from 1 to 2 since I had to change it when I uploaded everything 4 days ago and in wp_users, my ID is now n°2. Should I change it back to 1?

    Yeeeaaaaaaaaaah that's what you did to break it. Change it back in sitemeta.

    Why on earth would you change it in the first place!?

  11. AudieM
    Member
    Posted 9 months ago #

    Because it seemed logical to have the same number everywhere... I guess web science is not my forte.

    Anyway, I changed the user ID and the stringlength and it works ! I can't say how much this makes me happy and how thankful I am, half-elf, half-unicorn ! If there was a shrine dedicated to you, I think I'd go there and worship you :)*. Thank you, thank you, thank you, thank you, thank you, thank you, THANK YOU.
    And if I may, can I ask you if you have some information about how to protect a multisite? I have read everything and their contrary on different posts, so now that it's etablished that you are my goddess, I feel like I'd rather ask you.
    Thank you.

    *On a more serious note, is there a way to help our dear WordPress helpers? I'd love to have the opportunity to give back. Thanks.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.