We were running a fairly recent release 9815b99; I’m updating to 3596dc1 now via CLI (git pull; launcher rebuild app) to see if that fixes the issue.
My user lost its admin privileges; when I go to https://mysite.com/admin the page shows as not existing. I logged in to the container and granted admin privs to my user with “rake:admin create” successfully, but even after fully logging-out then logging back in and restarting the container I can’t get to that /admin page. Another admin user lost privs unexpectedly also.
I figured we might have been hacked, but nothing seems to be weird running on the host, no high CPU usage for a cryptominer or anything, and I auto-update the OS with all security patches. Is there any way to list all admin users from the CLI to see if someone escalated his privileges and removed admin access from us?
