tmomas
I just noticed that a possibly malicious user has registered in our wiki which does not have an email and no user group assigned.
User: admin2:5f4dcc3b5aa765d61d8327deb882cf99:pwned
Real name: admin
email: none
Groups: none
When I try to delete the user by checking the checkbox in the user manager I get the error message back "0 users deleted, 1 failed deleting."
When I try to access the users details by clicking on the username I get back the error message "Selected user not found, the specified user name may have been deleted or changed elsewhere."
Questions:
1) How is it possible that a user can register himself in this faulty way?
2) How can this be avoided in the future?
3) How can I delete this user?
andi
This looks like you had a security breach. You should consider your wiki and possibly your server to be compromised.
From the info you posted it seems somebody added their own user manually (that means not by using the DokuWiki methods) to the users.auth.php file and fucked up the format a little. But someone being able to write to your users file without going to DokuWiki's own methods is a security issue.
It's impossible to say what happened exactly without more info. What version of DokuWiki are you running, what plugins are installed, what other software is installed, etc. You should try to reconstruct the exact time the breach happened and check the logs to see if you can find out more about the attacker's way in.