WordPress.org

Ready to get started?Download WordPress

Forums

Unknown users with admin rights!? (5 posts)

  1. tomzemand
    Member
    Posted 2 years ago #

    A friend of mine is having trouble with his wordpress site ( http://www.spraytan-odense.dk ).
    At first, he had malware on the site and there was a suspicious line of javascript code. I installed several security plugins and checked every file, the malware was gone and the site was clean!

    Now we're facing a new problem. This has happened twice. Unknown users have been created (even tho registration is not available - we turned that off in settings!) with admin rights.

    I could imagine if the site was making money or had tons of visitors everyday, that being a target for hackers would be normal. But we're talking about a standard wordpress site for a spraytan company. They're registrering with emails such as <something>@spraytan-odense.dk.

    I've searched the forum but couldnt find anything, if I have overlooked something, please link me. If you have any idea to a solution or know whats causing this, please help.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. andrey_simonov
    Member
    Posted 2 years ago #

    What plug-ins did you install on your site?

  4. YouON
    Member
    Posted 2 years ago #

    I've heard about an issue/vulnerability with the use of query_posts instead WP_Query. Does your theme use query_posts?

  5. itpixie
    Member
    Posted 1 year ago #

    @YouOn: What's this issue/vulnerability with query_posts that you mentioned? Do yo have a link to more info?

    I'm encountering a similar issue of a phantom user logging into the admin area. My problem is though, this phantom user, systemwpadmin, is not in the WordPress database at all. At least not when I try to look it up (in WP dashboard as well as phpMyAdmin). I found out about him via my Login logs, and it seems he didn't have any user role at all when he logged in.

    I have scanned the site over and over, as well as have had the web host to scan the files, and no backdoor has been found. Yes, the site was hacked at one point, but it was cleaned up and I went through every single folder to made sure there wasn't any malicious files.

    The web host wasn't able to provide any info on how exactly this phantom user got in, and I'm just at lost about how this person logged in when he doesn't even exist in the database to have anything to compare credentials against. Unless this person created himself directly in the database, logged into WP, did his thing, then delete himself off the database?

Topic Closed

This topic has been closed to new replies.

About this Topic