Support

Admin Tools

#10004 Super Administrator ID - Error Message and note

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 21 August 2011 12:58 CDT

Friday, 19 August 2011 15:58 CDT

muddauber

Re: JUser::_load: Unable to load user with id: 62

PHP Version: 5.2.11
Web Server: Apache
Web Server to PHP interface: cgi
Version: Joomla! 1.5.23 Stable


Description of my issue: Unable to change Super Administrator ID.

I get the following error:
JUser::_load: Unable to load user with id: 62

I did get message of "Congratulations! You are already using a secure Super Administrator ID. Click on the Back button to return to the Control Panel page." but the error message is something I wanted to post, as I did not get this with my other sites that I have made a change of Admin ID.

Incidently, my site was recently hacked, starting with a change in my super admin and password. They altered the home page in template, adding some additional injection into server and site.

Changing the ID before this hack might have help prevent this.


Friday, 19 August 2011 16:03 CDT

nicholas
The message you get means that there is no user with an ID of 62 on your site. Since the scope of this feature is to change the default Super Administrator user ID from 62 to something else, there is nothing to do. The "JUser::_load: Unable to load user with id: 62" is normal. When you launch that feature, we ask Joomla! to check if there is a user with an ID of 62. When there is not, Joomla! throws this error message (which can not be suppressed). It's confusing, but it's normal.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 19 August 2011 17:13 CDT

muddauber
Thanks, Nick, but I don't see that message when I tried it
on my other site install. I was concerned because I was hacked
and didn't want ANY lingering problems. thanx

Saturday, 20 August 2011 05:04 CDT

nicholas
That makes sense. This error message only appears when the default user (ID=62) is completely deleted. If it is just renamed and disabled -what Admin Tools does- Joomla! doesn't complain and prints no error message. In both cases, your site is equally protected, though :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 21 August 2011 12:42 CDT

muddauber
One last thing. After my site was exploited with new/modified super-admin, I looked to see if there was any Akeeba security tool that would fix this.

Even though I was logged in as another administrator, I received
a 404 file not found error when I tried to access Akeeba Admin Tools or Backup. Once I removed the exploited admin account via MyPhpAdmin, all was accessible.
Examining the exploit of admin email account ( I now have a changed admin id) and the hacked template index.php, i was able to diagnose the malware in the index.php file. It was a Backdoor.PHP.C99Shell
script.

Based on the hack starting with a changed admin account and password, is there any additional safeguards you would recommend?

Sunday, 21 August 2011 12:49 CDT

slaes
im sure niko's got more experience on this one than i do, but these days i even see (what should be standard daily crons on any linux box) tools like clam Av and RK hunter collecting c99 and similar all day. having said that, im sure there plenty that can hide and besides prevention is better than cure as which i most cases would be too late

Sunday, 21 August 2011 12:58 CDT

nicholas
I am also pro-prevention. Curing happens when it's too late.

That said, the major question is not what the attacker did to your site, but how he did that. The former allows you to cure the symptoms, the latter allows you to cure the root cause. Since you had a malicious script uploaded to your site, the most probable causes are:
- Unsafe permissions (e.g. 0777 in a web accessible directory).
- Unsafe ownership, e.g. all files and folders owned by the user the web server runs under on a shared server.
- A vulnerable script which allows upload of arbitrary PHP files, with easily predictable names, in a web accessible directory
- Stolen FTP and/or hosting account credentials, e.g. due to malware or social engineering

All of these are easy to prevent, at least in a large degree. As I always say, there is no point believing that you can make your site unhackable. There is no such thing and whoever says that is a dangerous fool. What you can do is to harden your site, making it more difficult for an attacker to succeed. Unless you are a highly valuable target (like a bank, CIA, NSA or NASA) this is enough to force an attacker to stop wasting too much time on your site and move on.

I have written up a guide to unhacking and hardening your site. I recommend starting by reading it and apply the hints contained therein.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!