newclaremont

Hi Gaurav

OK, thanks, and will do.

Kind regards,
Lucien

When you say you don’t see a new admin, are you looking in the db itself or at Users in WP-admin? My ghost didn’t show up in the latter but was nevertheless in the db of users. (Please forgive me if you know this but you can access the db through phpMyAdmin, selecting the db on the left, looking for the users table, and drilling down to the list of users.)

Thanks and damn! Scanner started working and is at 4/9. I’ll wait for the results but may well be in contact with you for some direct help.

Just to add that deleting the user “custom” from the db directly, through MyPhP, results in the very quick re-creation of a user with that name. The user’s email addy includes “wpinfo” in it.

Over the last day or so, I too have been receiving lots of alerts relating to db changes:

20/Nov/18 09:25:31 #8979296 INFO – 0.0.0.0 N/A – – Database changes detected – [administrator account]

The alerts show an unidentified Admin account, called “custom”. It’s not visible in WP Admin Users list, so I can’t delete it there, and gives a gmail.com email addy. I can’t see any other worrying changes on the site but the NinjaScanner fails immediately so can’t scan for malware.

Should I worry? Many thanks.

Many thanks for the speedy reply. I edited the htaccess file in two ways – just adding the code used in the blog to underneath what was already there and then deleting what was there and adding the new code. Both resulted in a server error, so I’m obviously doing something wrong. Does it actually matter that the user.ini is public? All it says to my untrained eye is that the site has Ninja and WF…

I’ll drop you a message about something else via your site.
Kind regards