Online 777 casino jili real money no deposit bonus.Makakuha ng libreng 700pho sa bawat deposito

yyilmaz
(@yyilmaz)

12 years, 9 months ago

I just noticed that there is a new administrator level user on my blog. I’d like to know how this user was added without my knowledge.

I am running the latest versions of WP (3.3.1) and plugins.

I had this issue once before, and as an intermediate counter measure I had renamed the wp-admin folder. But since I upgraded to latest versions, I figured I’d solved the problem.

The wp-users table shows the creation date as “0000-00-00 00:00:00”. Also worth noting is that the teh data in the password field does not follow the same pattern as the other users … ie. normal users begin with “$P$B” but this unwelcome user has a different pattern.

It is also worth noting that I don’t allow memberships (anyone can register = false) via the settings page.

Any ideas? Has there been a hack? How would I go about cleaning / preventing this?

Viewing 5 replies - 1 through 5 (of 5 total)

Thread Starter yyilmaz
(@yyilmaz)

12 years, 9 months ago

I could not find any reported issues with this version of WP being vulnerable to this. I’m guessing it may be a plugin or some malware.

esmi
(@esmi)

12 years, 9 months ago

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

https://codex.www.ads-software.com/Hardening_WordPress

Thread Starter yyilmaz
(@yyilmaz)

12 years, 9 months ago

Thanks @esmi. I’ve seen these and many others. But so far I haven’t come across a case where a phantom Admin user is created. So far there’s no malicious activity, no htaccess hijacking..

I’ve seen similar cases with people using older versions of WP but I always maintain the most current version of WP and all plugins. (I only use reputable plugins).

As careful as I’ve been, this has happened most recently after I upgraded to WP 3.3.1 – I’m curious whether it has a hole in it…

I’m a relatively noob for WP, but learning.

fabinhoalmeida
(@fabinhoalmeida)

12 years, 5 months ago

Hello friend,

I’m having the same problem. Two months ago intruders were able to register as users with administrative access to the system, but apparently not changed anything. Then I made some security changes, all possible, and now reappeared new users intruders. What may be happening? You could find out where they have access? Thanks!

fabinhoalmeida
(@fabinhoalmeida)

12 years, 5 months ago

Detail: the creation date of users in my database is also as his “0000-00-00 00:00:00”. The password also without the characters common to registered users usually starting with “$P$B”. Apparently invaded our systems the same way. We need to find urgent.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘who added the unrecognised/unknown admin user?’ is closed to new replies.

who added the unrecognised/unknown admin user?

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics