Forums

WordPress › Support » How-To and Troubleshooting

My site is intruded (3 posts)

  1. Stig Ulfsby Webdesign
    Member
    Posted 4 months ago #

    It has happened several times the last weeks that a new user har been registered even though my site is not open for registering new useres. The users have no role. They all have a gmail adress, the last one is yooyopzzovyy@gmail.com. According to SpamBusted.com it is a spammer with cineese IP-adress. There is however no spam in comments or posts.

    Ho can this happen and how do I stop it?

    I run WordPress 3.3.1, the Artisteer 3.1 theme and the latest version of the following plugins:
    Aksimet
    All in One SEO PAck
    CMS Tree Page View
    Contact form 7
    Enhanced Meta Widget
    Facebook Likes It
    Favicons
    Google Analyticator
    Google Doc Embedder
    Google XML Sitemap
    My Page Order
    NextGEN Gallery
    Really Simple CAPTCHA
    SI CAPTHA Anti-Spam
    Subscribe to comments reloaded
    Table of contents plus
    Transposh Translation Filter
    WordBooker
    WordPress Download Monitor
    WordPress Portfolio plugin
    WP-DBManager

    The intruded site is Ulfsby.no

  2. Peter Wooster
    Member
    Posted 4 months ago #

    Change your FTP and admin passwords and check both your site and your development system for malware. There is a codex article on securing WordPress that you should read.

    /peter

  3. Stig Ulfsby Webdesign
    Member
    Posted 4 months ago #

    I have read the Codex article. My host checked for malware but found nothing. The intruder propbably do not have my password since the only harm I can find is a new user with no role. If they logged in with my password, the new user would have been created with a role.

    How can I find the hole in the wall?

Reply

You must log in to post.

About this Topic

Tags