I'm in the process of upgrading to the latest version and have been inspecting the SQL dump that was generated from the backup and after scanning something struck me as odd, I'd like some confirmation from the community as to it's existence and origin. The blog is currently hacked and infected and I want to be extra careful what data I'll be moving over.
in wp_users I have an instance of a username 'WordPress' that is an administrator, reason I find it suspicious is it also exists in the "staging" version of the blog also the creation timestamps is all zeroes, and does not appear in the User Admin page... any thoughts?
Also in the users table I keep seeing many users with random user names ie: 'KbhLNmKJCPVDyZAZ'... they appear to be subscribers, but this just looks like something a bot would use to register... does anyone else see these in their database
Thanks in advance!
Correction: I'm using version 2.1.3.