Help, Can't edit admins.

Involved Joined: Apr 22, 2006 Posts: 356

Ok,

One site I run for a guy, he for some reason went in and tried to change the "god" admin pwd. After that, he got himself blocked, I had sentinel set to write to htaccess. I did not know he changed it and I got blocked out. I went in and removed our ip's from the access file and the db as well, but every time either of us tried to access the "edit admins" module, we were banned. So I finally had to go into the db and turn off all sentinel blockers that way.

Now I can get into the site and the admin section but cannot login as god admin. Everytime I try to edit admins I get blocked. I tried to change the god pwd back to the original one via the db but that did not work either. I now just get a white page saying "illegal operation".

I do have the tool box installed but everytime I try to access it I get an internal server error.

What has he done?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Hard to say, for sure. Use phpMyAdmin and edit the $prefix_authors table. Reset your password and be sure to select MD5 from the drop down box to the left of the password. Otherwise the password won't be properly encrypted. That should always reset the password.

The NukeSentinel(tm) issue will have to be addressed separately but not until you get the passwords reset.

Posted: Sat Nov 03, 2007 3:09 pm

I am seeing this in my error log

[client xx.xx.xx.xx] client denied by server configuration: a/b/public_html/admin.php
[Sat Nov 3 14:24:00 2007] [error] [client xx.xx.xx.xx] client denied by server configuration: a/b/public_html/admin.php
[Sat Nov 3 14:00:04 2007] [error] [client xx.xx.xx.xx] client denied by server configuration: a/b/public_html/NTB
[Sat Nov 3 14:00:04 2007] [error] [client xx.xx.xx.xx] client denied by server configuration: a/b/public_html/NTB

[client xx.xx.xx.xx] a/b/public_html/ntb/.htaccess: Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration
[Sat Nov 3 13:45:16 2007] [alert] [client xx.xx.xx.xx] a/b/public_html/ntb/.htaccess: Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration

Does this mean they may have changed something with the server to cause this to happen?

Posted: Sat Nov 03, 2007 3:15 pm

Ok, I was not using the md5. I am able to do as I should with admins right now. I will try to activate the sentinel blockers now.

Thanks Much!

Posted: Sat Nov 03, 2007 3:16 pm

I still cannot access ntb though

Posted: Sat Nov 03, 2007 3:18 pm

Please do not post your real path(s) or IP's. You're begging to be hacked Laughing

Your host does not allow php_flag options in .htaccess. Are you using PHP Cgi or an Apache module? If using cgi then you should put that command in your local php.ini file.

The denial message is saying that your IP is blocked in the .htaccess file.

Posted: Sat Nov 03, 2007 4:10 pm

Oh, man, I thought I x'd them out.

As far as php cgi or apache, I do not know. How would I find that out.

ps, glad to see you are feeling better.

Posted: Sat Nov 03, 2007 5:51 pm

Me too

.

Save this script to a file ?????.php (you fill in the ?????). ftp it to your site. Run it as http://xxx.your_domain.yyy/?????.php. At the top of the screen (usually the 3rd line will be Server API. If it says CGI you know it's CGI. Otherwise it's being run as an Apache module. If it's Apache then your host is blocking you from executing PHP commands or at least certain ones.

Be sure to delete the script from your server after using it

Code:

<?


phpinfo();


?>

Posted: Sun Nov 04, 2007 10:45 am

Ok, it is CGI. You mentioned, "local php.ini" file. Do I need to have one? There is not one that I see.

It appears that the other issues with the admin and passwords are sorted out. I wonder if they did some upgrading that night, since those issues just happened then and not before.

For some reason on this same site, some users are being blocked when trying to access the forums. They are getting "You have been blocked from entering this site.
You have attempted to improperly access the admin area of this site."

This has happened a couple times and I do not know why. One person is still getting it. You may want this in a seperate thread, I do not know.

Posted: Sun Nov 04, 2007 12:15 pm

Make sure their IP is not blocked in NukeSentinel(tm).

Does your host use use phpsuexec? If so, all php_flag entries in .htaccess have to be moved to a local php.ini file usually in your public_html file. Your host will need to assist you with all of that.

Posted: Sun Nov 04, 2007 12:29 pm

I do not see his ip in sentinel or in htaccess. I do not even have the admin blocker on yet after the issues yesterday. So if it is off, why would it be triggering?

Posted: Sun Nov 04, 2007 12:36 pm

That is NukeSentinel(tm). If you look in abuse/abuse_admin.tpl you will see that exact message.

Posted: Sun Nov 04, 2007 12:40 pm

Thanks Raven,

I see that message, but I have the admin blocker turned off. So why would accessing the forums trigger a blocker that is not even active?

Sometimes this stuff makes my head hurt. Bang Head

Posted: Sun Nov 04, 2007 1:17 pm

Normally it shouldn't. What are your blocker settings? If you want just email be as we don't want to give any info to the enemy Wink

Posted: Mon Nov 05, 2007 2:46 pm

Oh, the pain. Had everything working good again yesterday, created the local ini file as instructed. That fixed not being able to get to the tool box. Now for some reason I am getting the "illegal operation" error page again when trying to edit admins.

wtf?

If it was my choice I would move hosts as they have not been real helpful as of yet.

Any ideas please. This all started Friday night after the site ran without issue for a month.

Posted: Mon Nov 05, 2007 3:00 pm

It really sounds like your host has made some changes recently. possibly they were running PHP as a module then switched to CGI? Who knows. Raven Web Services would be more than happy to host you RavensScripts

In admin.php you will find this code

Code:

$ops = array('mod_authors', 'modifyadmin', 'UpdateAuthor', 'AddAuthor', 'deladmin2', 'deladmin', 'assignstories', 'deladminconf'); // Raven: 10-23-2006





if(!isset($op)) {


   $op = 'adminMain';


} elseif(in_array($op, $ops) AND $rname != 'God') {


   die('Illegal Operation');


}

In order to edit admins you must be a God admin.

Posted: Mon Nov 05, 2007 3:16 pm

Oh crap. I was logged in as my admin name instead of god. This other stuff has my head hurting again. Bang Head

If it were my site, I would move it but it isn't. I think he is locked in until mid 08. I was leery of them because of their overselling for CHEAP!! I never have used a host like that.