Maybe hacked? All user names changed to admin

davidknight42
(@davidknight42)

11 years, 1 month ago

Hi All
So I have a Wp site with about 50 users and over the weekend someone managed to change the username/login of every user to ‘admin’ All their other details stayed the same, but of course no one could log in.

I managed to fix it all by manually changing the database, but am wondering if there is hole somewhere or something I should be concerned about.

Im not aware of any way of changing those names through the admin panel, so am assuming it was directly done to the database. Seems a bit of an odd hack though, if they had access why did they only do that?

If anyone has any ideas about this Id love to hear them!

Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)

WPyogi
(@wpyogi)

11 years, 1 month ago

These resources should be helpful:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

ran32608
(@ran32608)

10 years, 4 months ago

Happened to me too. Twice. First time all user_login names were changed to “admin”, second time all were changed to “jar”

After the first time, I paid a security expert to thoroughly review my entire server contents and he said he found a bunch of malware, hidden shell scripts or something like that. A few days after that the second event happened, all user_login names changed to “jar”.

I don’t know what to do.

WPyogi
(@wpyogi)

10 years, 4 months ago

Sounds like whoever you paid didn’t do a very good job of permanently fixing the problem. Was it someone reputable?

Have you talked to your hosting company – in case the issue is on the server?

Do you have a backup of your site from before this happened in the first place?

ran32608
(@ran32608)

10 years, 4 months ago

Right, apparently not, but from what I’ve read, there are some clever hacks that hide code in very sneaky ways.

I have backups.

I will talk with the hosting company, see what they say.

WPyogi
(@wpyogi)

10 years, 4 months ago

there are some clever hacks that hide code in very sneaky ways.

Yes, that’s definitely true, unfortunately.

If you have a backup from before this happened you might want to restore from that and then make your site as secure as you can. Along those lines, see:

http://codex.wordpress.org/Hardening_WordPress

http://codex.wordpress.org/Brute_Force_Attacks

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Maybe hacked? All user names changed to admin’ is closed to new replies.

Maybe hacked? All user names changed to admin

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics