Forums

WordPress › Support » How-To and Troubleshooting

Strange author showing up - not in users list! (11 posts)

  1. chabotjeff
    Member
    Posted 2 years ago #

    OK there is a strange author showing up when I go to create a post. Looks like a spam name.

    But when looking in the Users section of WP, I don't see that username anywhere -- even checked under all the current users.

    Is this an attempt at spam? I know I need to upgrade but thought 2.8.4 was pretty reliable.

  2. mrmist
    Forum Janitor
    Posted 2 years ago #

    A number of security relatesd fixes have been introduced in versions after 2.8.4. It's possible that your mystery author is a hack.

  3. chabotjeff
    Member
    Posted 2 years ago #

    anyone know about any malicious code that could have been introduced?

  4. Samuel B
    moderator
    Posted 2 years ago #

    site link?

  5. chabotjeff
    Member
    Posted 2 years ago #

    hd-report.com

  6. jonimueller
    Member
    Posted 2 years ago #

    Lorelle's article might help.

    http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/

  7. chabotjeff
    Member
    Posted 2 years ago #

    You saved me...thanks! The lorelle post lead me to this article: http://www.thinkerati.com/whiterabbit/seo-and-online-marketing/wordpress-invisible-administrator-hack/#comment-258

    I had an invisible admin and was able to delete using the instructions. This hack was interesting because of two reasons:

    #1. I have WP 2.8.4. So either the hack was from an earlier version of WP or 2.8.4 is susceptible.

    #2. The "name" of the user (not "username") was this long string of code that started with...

    <div id="user_superuser"><script language="JavaScript"> var setUserName

    (I obviously won't post anymore of it.)

    ANY IDEA what damage could have been done or how to investigate on? I'm going to look into the permalinks, and look at some of the URLs of archives. Anywhere else to look?

  8. jonimueller
    Member
    Posted 2 years ago #

    ANYTHING but the latest version of WP is fairly "susceptible." And now there's no excuse not to upgrade as you can do it right from the WP dashboard. There were several articles and how-tos written right after this hack appeared. I'll try to find them for you.

  9. chabotjeff
    Member
    Posted 2 years ago #

    Is upgrading from the Dash secure? I always feel more comfortable moving files myself...especially the plug-ins. I feel like plug-ins may be entries for hackers.

  10. jonimueller
    Member
    Posted 2 years ago #

    As long as you are upgrading from a really recent version. But if your site's been compromised, you need to be sure it's CLEAN before you do that. I mentioned that for future. And for others out there who drag their feet about updating. :)

    Here is some more info about cleaning a hacked blog (multiple users/admins):
    http://www.lexiconn.com/blog/2009/10/what-weve-learned-about-hacked-wordpress-blogs/

    http://dougal.gunters.org/blog/2009/09/05/checking-your-wordpress-security

  11. chabotjeff
    Member
    Posted 2 years ago #

    ahh. thanks again. one of the articles mentions that the code placed into the "name" field for users was to make the users invisible.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags