New to the community? Start here

Other people posting under user_id 1 / super admin

Hello,

I am just throwing this out there for a bite if anyone has seen this. I have been searching for a couple hours but haven’t come up with much.

I am getting users posting to their blogs but the post ends up going under super admin account id which is 1. It shows up under the blog and in buddy press that way. It happens on several blogs though I have not been able to match up the log files with the occurrence.

Long story short it makes me look like a douchebag splogger, pushing ugg boots, made out of skinned dogs. Which is totally not my thing.

Sun, 15 Apr 2012 3:03:31
  • Timothy
    • Chief Pigeon

    Hey there.

    Are they posting on your main site, or is this a multisite and they submit on a subsite?

    What plugins you running there? Anything to let them submit?

    I would consider disabling all your plugins and testing, although its going to be time consuming as you need to wait for those spammers/sploggers.

    And then test with each plugin on/off.

    Take care.

  • jozwikjp
    • The Incredible Code Injector

    It seems like they are posting through the regular method as a user.

    This is a multi-site with about a 33k blogs using multi-domain.

    Attached is some further weirdness. The revision history shows the correct user created the post. But the post actually has a different author.

    [attachments are only viewable by logged-in members] [attachments are only viewable by logged-in members]

  • jozwikjp
    • The Incredible Code Injector

    Hi Tim,

    I am running version 3.0.5. I have not been able to replicate the problem. The only main plugins I have that are activated are the supporter plugin and multi-db, we have several plugins that the members can enable on their own. Disabling them all is not a realistic option as we have 30k sites.

    I could setup another installation with the same setup but I would still be stuck with not knowing how to replicate the problem.

    Them are about as up to date as 3.0.5 so not really that up to date.

    I will try updating the themes available to free members and see if that makes a difference.

  • Timothy
    • Chief Pigeon

    Ah, well there could be issues there.

    Keeping your WordPress site up to date ensure all known security fixes are made. Here was just one update between your version and the most recent:

    http://codex.wordpress.org/Version_3.1.2

    Fix a vulnerability that allowed Contributor-level users to improperly publish posts. (r17710)

    Its not the same issue but it is similar. Here are a load of other security releases:

    http://wordpress.org/news/category/security/

    Then you have plugins as well which could cause security issues. (the several that your clients can use) as well as other third party themes.

    Disabling them all is not a realistic option as we have 30k sites.

    I could setup another installation with the same setup but I would still be stuck with not knowing how to replicate the problem.

    If that is true then you might consider updating and then hiring a php developer to run a security audit on your site, plugins and themes. Unfortunately that could get costly.

    You can find these for bash scripts to replicate an install:

    http://www.wilhelser.com/2012/01/wordpress-database-migration-bash-script/

    And:

    http://pp19dd.com/2011/01/bash-script-to-mirror-wordpress-mu-installation-into-a-sandbox/

    If they can post to your site without the appropriate permissions then it could post some security issues for you and your clients personal details.

    Take care.