Deleting a cloned user; managing users
A developer working on my site recently, in the midst of a dispute w/ me, cloned the Webmin root user without mentioning it, then vandalized my site. (He reluctantly gave me a refund through Upwork, then logged in and deleted one of my DB tables.) I want to delete that cloned user but can't find it. Is there somewhere I can do that? Under "Edit Users" it just shows my one non-root user and the option to delete it. I have changed all the passwords - does that lock out the clone?
In the past (like yesterday) I have seen 4 users - 'root', 'webmin', 'admin' and my non-root/usermin user - though I only see one now. Don't remember who I was logged in as, or what tab I was on (it was presumably virtualmin and not webmin).
If I'm logged in as root shouldn't I see all the users?
The action log says the cloned user has admin status.
1 Reply
Hey @dogwood - this sounds like a really terrible experience, and I'm super sorry that you have to deal with it. The first thing I thought after reading this was that you might want to consider reporting the freelancer to Upwork, if you haven't done so already. I tracked down how to do that here:
Upwork: Flag a Freelancer Profile
Second, regarding the cloned user you're referring to: The root user should not be clone-able by nature. Per this Stack Exchange post, the closest equivalent of this would be creating an alias of the root user. If this is the case, you will want to remove the alias while logged in as the original root user. Just in case, here are some instructions on how to delete an alias:
LinOxide: How to Create and Remove alias in Linux
*Quick note: You may want to look into adding or changing your SSH authentication key in addition to your server's passwords.
Otherwise, if you believe a different user was cloned, you should be able to view a list of all system users with the following command:
awk -F':' '{ print $1}' /etc/passwd
This nixCraft article has some other good methods of viewing all users with more or less detail:
Linux List All Users In The System
If you're able to identify the specific username of the user you want to remove, you should be able to remove them along with their home directory with this command while logged in as root:
userdel -r <username>
More about the userdel
command here:
How to Delete/Remove Users in Linux (userdel Command)
Lastly, it may also be worth checking your server's login history to see who has had access to your Linode. This other Community post goes over how to check login and logout attempts, current logins, and bad login attempts:
I really hope this helps. Good luck!