Unknown user "systemwpadmin"

  • I have an up-to-date installation, having rebuilt it from scratch after a hack last May on a new server and IP, and adding several security plug-ins based on recommendations in the forum and documentation: the site is pretty well locked down.

    Simple login log has recorded a number of unsuccessful brute force attempts to login as “admin” but it also records a successful log-in by “systemwpadmin” with a id88888 and a Russian IP. I can’t tell whether the access was at admin level or not, and have spent hours looking for any clues as to what may have been changed: core files and template (artisteer) seem fine and there seems no trace otherwise of a hack. The database doesn’t seem to have any base64_, eval or strrev strings anywhere but I would like to know if there is a good method to scan the database for hacking attempts.

    A google search indicates the same username has apparently attacked other sites but there is no follow-up information.

    I would welcome any suggestions as to what may have been tampered with, or how best to proceed as I am somewhat frustrated and disheartened.

    Many thanks in anticipation.

    ps. I can’t really add htaccess to wp-admin as I will need to give access to several authors/editors

Viewing 16 replies (of 16 total)
  • Thread Starter cgw

    (@cgw)

    Rick,

    Many thanks for your info – very much appreciated. Yes, like you, I find this problem very disheartening but I am hoping that with enough information, we will discover where the vulnerability lies. I’ll check my own site for wp-functions.

Viewing 16 replies (of 16 total)
  • The topic ‘Unknown user "systemwpadmin"’ is closed to new replies.