New Users Added with no Registration forms

  • Resolved banncomputing

    (@banncomputing)


    8 years, 10 months ago

    Hi Everyone,

    Newbie to the forums but I have a very frustrating issue and could use some help. I have a client who is repeatedly coming to me with new users being added to their website and we can’t figure out how these registrations are happening. We have disabled the registration forms and all other contact forms (that I can see), we have removed any content that does not belong there, we have installed both sucuri and wordfence and scans with these show no issues and when new users mysteriously appear the logs for neither of these add-ons show any interaction on the website at all. It’s as if they manage to set up new users with full admin access without going anywhere near the website itself after which they log in and start messing with files, changing ownership, content and permissions. The website is https://www.protestanttruth.com and while it isn’t the latest version of WordPress I have left this as it was when the last break-in occured a few days ago and I’m really hoping someone can shed some light on the subject for us as to what is happening and how to fix it.

    Thanks in advance,
    Mark

Viewing 5 replies - 1 through 5 (of 5 total)

  • I’ve had a try and couldn’t get in myself but, then, I’m no hacker. You certainly shouldn’t be able to unless you have a vulnerability of some kind – maybe a plugin, theme or core itself.

    What version of WP are you actually using?

    David.

    Thread Starter banncomputing

    (@banncomputing)

    Hi David,

    Thanks for having a look – the version is 4.4.3 but I have a funny feeling that the hacker reverted this in some way as I think it was up to date but won’t be able to confirm until I do a restore.

    Thanks,
    Mark

    I only ask because the current release of WP includes a lot of security enhancements, so really upgrading WP has to be my first recommendation. Second, update any plugins or themes. Once you’ve done that see if the registrations stop – if not, let us know!

    David.

    Thread Starter banncomputing

    (@banncomputing)

    OK – I’ll restore to a previous backup and make sure the version is up to date. I was expecting this answer to be honest – I hopefully won’t have need to post about this again.

    Thanks,
    Mark

    Yea, sorry. It sounds like an XSS vulnerability of some kind, so an up-to-data base is going to be the best place to be.

    David.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘New Users Added with no Registration forms’ is closed to new replies.

Tags