Plugin Says Users Deleted, But Still There

Home Forums Bulk Delete Plugin Plugin Says Users Deleted, But Still There

We have replaced our forums with email based support system.

Please open a support ticket from our new support page.

This topic contains 6 replies, has 2 voices, and was last updated by  Sudar 7 years, 10 months ago.

  • Author
    Posts
  • #9451

    Scott Riley
    Participant

    I spent a couple of hours deleting 145,000 bogus subscribers, 5,000 at a time using your plugin. It indicated that it was successful, but all of the names, emails, etc. are still listed, with the role displayed as “none”. The plugin though, says that there are 0 users with the “none” role. What should I do? Is this a problem?

    A System Info text file is attached.

    Attachments:
    You must be logged in to view attached files.
  • #9453

    Sudar
    Keymaster

    Hello Scott,

    Please answer the following questions, so that we can debug this issue further.

    • How were the users created initially? Were they directly inserted into DB?
    • Is your site a multisite?

    Also can you please post the screenshot of your users page with the ‘none’ user role selected. Thanks.

  • #9459

    Scott Riley
    Participant

    Hi Sudar,

    • I believe these were sploggers, so I don’t know how they were created or if they were directly inserted into the DB. They just kept appearing until there were close to 145,000.

    • No, it is not a multisite.

    • As you requested, a screen shot of the first page of users with “None” roles is attached.

    • I also attached a screenshot of the bulk delete users admin page. Note that the select list to delete users (at the top) includes: “none (0 users)”, while the user list shows 140,103 users with “none”.

    • I attached a screenshot of the plugins list as well, for you to review for potential conflicts.

    Attachments:
    You must be logged in to view attached files.
  • #9469

    Sudar
    Keymaster

    Hello Scott,

    Looks like the problem is much deeper and there is a very high possibility that either your server is compromised or the hackers have access to a vulnerable script in your server.

    They are basically re-creating these users using either vulnerable script or a backdoor in your server after Bulk Delete has deleted them. Also these users are getting directly inserted into the DB and that is the reason they have the user role set as ‘none’.

    Even if you delete them directly from the DB, these users would get created again.

    You need to solve it in two steps.

    1) Find out which backdoor or vulnerability that hackers are using and the fix/block it.
    2) Once that is done, delete the spam users from the DB directly.

    Also make sure you backup everything. Since the attackers have access to your DB, it may be very easy for them to delete everything that is present in your DB.

  • #9520

    Scott Riley
    Participant

    Thank you for your help Sudar.

    I contacted the host provider. They performed a malware scan that came up clean. They also reinstalled the core files and changed the DB P/W. They could not find a hole, but did say that it was most likely caused by an SQL injection of some kind.

    I disabled new user registration and installed the Wordfence plugin. I initiated one scan that returned PHP warnings regarding errors while sending Query packets (error_log-1.txt attached). It also returned a “problems found” result while scanning for unknown files in wp-admin and wp-includes, and “comparing plugins against WordPress.org originals”. There was a fatal error regarding memory allocation (I suspect that has something to do with the 450,000 users). It did not provide detailed info, or remedies. I’m currently running a second scan.

    I still need help deleting the thousands of users currently in the database. I looked at the wp-users table via phpMyAdmin, but I cannot find a way to select more than one user at a time for deletion. Isn’t that what your plugin is supposed to do? Why won’t it work?

    Please help. Thank you.

    Attachments:
    You must be logged in to view attached files.
  • #9527

    Scott Riley
    Participant

    Hello? Still waiting for a response to my request for help deleting users with “none” role.

    The WP Bulk plugin does not seem to work. It indicates that there are 0 (zero) users with the “none” role, while in fact there are 139,052 (after I manually deleted a few thousand).

    I’ve done everything you suggested. The users do not get created again when deleted from the database, as you suggested. I can spend the hours doing it manually, but if your plugin is faulty, you should let me, and everyone else know what you are planning to do to fix it. Don’t just ignore me.

    Please reply. Thank you.

  • #9560

    Sudar
    Keymaster

    Hello Scott,

    Apologies for the delay. I was out for the weekend and was not able to get back to you earlier.

    When a new user is created through WordPress (instead of directly inserting them through SQL), it creates a row in wp_users table and also a couple of rows in wp_user_meta table. In addition to it there are also other changes that are made.

    My plugin uses WordPress functions to delete these users so that in addition to deleting the users from the wp_users table it removes these additional data and also safely removes allocation from posts if the users who are getting deleted have any posts associated in their name or have any additional meta data.

    If you delete the users directly from wp_table using PhpMyAdmin, then these additional data are not cleaned up properly. That is the main use of my plugin.

    In your case it looks like the users were directly inserted through SQL injection. When you initially deleted the users through my plugin, it removed all the additional meta data and when they got inserted again, the meta data is not mapped properly. That is the reason why my plugin is not able to display them properly since their additional data is broken. Honestly at this point my plugin (or built-in WordPress functions) are not useful to you.

    Since the users are not getting created again when you directly delete them through SQL in PhpMyAdmin, I am suspecting that your vulnerability is fixed.

    To make it easier for you to delete the users from PhpMyAdmin, you can use a SQL statement. Find out the ids of the users whom you want to keep and then use a SQL statement like Delete from wp_users where ID not in ( ids of users seperated by comma ).

    But be careful when you use this query since if you don’t mention the user id then it will be deleted. It would be better to take a DB backup before you make this change.

The forum ‘Bulk Delete Plugin’ is closed to new topics and replies.