Question about database changed alert

  • Resolved tomdkat

    (@tomdkat)


    6 years, 7 months ago

    Hi! I just received my first “database changed” alert from NinjaFirewall:

    NinjaFirewall has detected that one or more administrator accounts were modified in the database:

Blog: https://www.{my  site}.com/
User IP: {IP address}
Date: August 8, 2018 @ 18:32:20 (UTC +0000)

Total administrators : {n}

Admin ID : 1
-user_login : {log ID}
-user_nicename : {nicename}
-user_email : {email address)
-user_registered : 2016-12-24 22:14:24
-display_name : {display name}

{another entry was here}

If you cannot see any modifications in the above fields, it is likely that the administrator password was changed.

    I did a search and found this thread:

    https://www.ads-software.com/support/topic/ninjafirewall-alert-database-changes-detected/?replies=17

    however, that was posted three years ago. I imagine any bugs found then would have been fixed by now. I’m running NinjaFirewall 3.6.8.

    After receiving the alert message, I *was* able to successfully login to the WordPress Dashboard, using one of my admin accounts. I’ll try another one shortly. The IP address contained in the alert is for a computer in Russia, which is not where I’m located.

    Is this something I should be concerned about? How can I find out what the actual database change was?

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    What about the other account?

    NinjaFirewall takes all admin accounts data, makes a hash and saves it. Then, later on, it does it again and compares both hashes. If they don’t match, it warns you.

    Thread Starter tomdkat

    (@tomdkat)

    Ok, thanks for the info!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Question about database changed alert’ is closed to new replies.