777 casino app download for android.Claim Your Free 999 Pesos Bonus Today

meatbrain
(@meatbrain)

6 years, 10 months ago
I recently installed the Shield Security plugin on the site run for our church. Please note that I am not asking about a problem with Shield Security itself — it has merely revealed the problem that I am investigating.

One of the features of Shield Security is an Audit Trail. This shows actions taken by Shield Security and by WordPress itself. In the Posts section, Shield is showing that posts are being published that neither I nor any other contributor to the website have had anything to do with.

The posts are all named by the same pattern: a name and a date stamp. They show as published, updated, or deleted from trash. Here are a few sample entries from the Audit Trail:
```
Date                    Event           Message                                                                                              Username       IP Address
5:03 pm April 8, 2018	post published	Post entitled "Sue Biser - 2018-04-08 17:03:14" was published.                                       Unidentified   24.210.168.28
5:06 pm April 6, 2018	post deleted	WordPress Post entitled "Ramona Jordan - 2018-03-22 00:51:38" was permanently deleted from trash.    WP Cron        184.173.18.203
3:09 am April 6, 2018	post updated	Post entitled "John Smith - 2018-04-06 03:09:32" was updated.                                        Unidentified   14.192.54.18
11:51 pm April 4, 2018	post published	Post entitled "Hiroya Tsukamoto - 2018-04-04 23:51:14" was published.                                Unidentified   107.1.140.3
```
Here’s a screen shot of the audit trail listing, for better formatting:

View post on imgur.com

None of these names are anyone who is connected to the church. Also, when I search the Posts dashboard for these posts, they are nowhere to be found.

Shield tech support theorizes that they may be custom post types. I have never set up any custom post types on the site.

I am wondering if these might be created by some malware that I have not detected on the site, or via the post-by-email mechanism (which, again, we do not use).

Has anyone seen mystery posts of this description on their own sites? I am very interested in tracking down the source and eliminating future occurrences of these posts.

Thanks…

JGB

Viewing 1 replies (of 1 total)

Moderator t-p
(@t-p)

6 years, 10 months ago

I am wondering if these might be created by some malware

– The Exploit Scanner plugin can help detect damage so that it can be cleaned up.

– Here is an another online scanner to check for exploits and malware: https://sitecheck.sucuri.net/scanner/.

Viewing 1 replies (of 1 total)

The topic ‘Mystery posts appearing unexpectedly on site’ is closed to new replies.

Mystery posts appearing unexpectedly on site

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics