Someone manage to create 5 Administrator accounts

  • I just check my email, and my website send me notification a user account was created, have 5 emails .. and I know I have disabled to register users.

    Emails they used to create account was:
    1) oxqudshaie@[removed]
    2) lmiexknviv@[removed]
    3) rrdvfiwljf@[removed]
    4) pvqnnewhll@[removed]
    5) xykzmmgpfo@[removed]

    I make update to last version 4.5.1 but how they manage to create access?

    All accounts was created at Apr 26 at 4:19 am. All 5 accounts.

    I request some support directly from Official WordPress Support and not random user, so I give them access to website to have a look.

    I will give as well via Skype or Team Viewer (via Meeting). But I will prefer to be via Skype.

Viewing 2 replies - 1 through 2 (of 2 total)

  • I request some support directly from Official WordPress Support and not random user, so I give them access to website to have a look.

    There is none. Support is provided by volunteers. Do not offer access to anyone that may claim otherwise.

    Carefully follow FAQ My site was hacked – WordPress Codex.

    Then take a look at the recommended security measures in Hardening WordPress – WordPress Codex and Brute Force Attacks – WordPress Codex

    If you can’t do the work yourself, consider looking for a reputable person on https://jobs.wordpress.net/ or https://directory.codepoet.com or https://upwork.com

    [edit] as a footnote, those aren’t gmail accounts. That domain appears to be used as a phishing site.

    Likely someone has successfully logged in as admin to create these accounts.

    Once removed, you’ll also require closing the exploit vector granting them access.

    Simple things to do, which will block most exploits attacks.

    1) Block site access with ftp + switch to sftp.

    2) Wrap admin functions in SSL or if not using Ad Networks or Retargeting requiring non-SSL, then wrap entire site in SSL. Since SSL certs are free now https://LetsEncrypt.org to acquire + renew, best always use SSL.

    3) Use Fail2ban on machine where your site runs.

    a) Install Fail2ban at OS level.

    b) Install WP Fail2ban + Stop User Enumeration plugins on all your sites.

    c) Write + Test Fail2ban filters to support both these plugins.

    4) Keep all your software up to date – OS packages + WP core/themes/plugins.

    5) When new OS major upgrades release, backup your WP sites + reinstall your machine OS from scratch + reinstall your WP site backups.

    This few simple steps make hacking sites very difficult.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Someone manage to create 5 Administrator accounts’ is closed to new replies.