Support » Fixing WordPress » Have I been hacked? Username: “amin”

  • I’ve had a username: “amin” with the name: as “…” show up as an administrative user mysteriously on a personal WordPress blog of mine. I was suspicious, deleted the user, and did a quick google search to see if I could find anything about a security breach. I didn’t find anything so I just shrugged of the concern.

    Today I discovered the same “amin” user on a much bigger wordpress site I had built for a client; again with administrative privileges. Woah! Not cool.

    These usernames were not added nor would in either case an administrative privilege be given. I’m running the most current version of WordPress 2.9.2 on both blogs and I’m a little nervous about the very real possibility that these blogs are being hacked.

    Has anyone else noticed anything similar? Or share my concern?

Viewing 3 replies - 61 through 63 (of 63 total)
  • Thanks @madjax

    Just wondering:
    Are you staying with Rackspace or are you going elsewhere? If so, where?

    That question is open to everyone by the way!

    I am wondering the same thing. Is any hosting company safe? RS is ridiculous. I asked them to do a file search on all my websites (250 or so) of 3 suspicious file names and they told me they cannot do it due to privacy issues.

    And then I asked them to do a MySQL query on the databases they alerted me to with possible issues and they said no because it’d take too long.

    This is crazy. I even called and talked to an Account Manager who basically said I was on my own.

    And because I was hacked on their servers a few months backs… I am triple sure my file permissions were 770 and I was running all the latest plugins and WP installs. And my WP plugins are so minimal it’s crazy to think it’s an issue with WP.

    Really hate that I am spending thousands of dollars in independent contractor wages trying to figure this stuff out and get it cleaned up.

    Oh man! This is getting crazy!

    We have just received a system sent email from Rackspace naming a bunch of our WP sites saying we have to changed passwords (database and admin) before 10pm CDT or they will suspend account.

    But here’s the thing: We have ALREADY done those changes! And yesterday we were told by Rackspace (senior staff!) we had done everything we could possibly do.

    What is going on?!

    If anyone has had any joy getting REAL information out of Rackspace regarding the hack and current state of server, etc …can you please post that info on this forum. Thanks!

    Yours dejectedly,

    Michael

Viewing 3 replies - 61 through 63 (of 63 total)
  • The topic ‘Have I been hacked? Username: “amin”’ is closed to new replies.