New Admin user registered from outside
-
Yesterday someone registered a new admin user, without any login before in dashboard in this steps:
at first he updated the default role to admin user
then re activate the registriations for new users.
and then he register a new user.i got and email with “a new user registered….”
later he redirect the home start url to: [ deleted ]
it not was a bruteforce attac, because i have a block for this, and in activity logs my admin user dont was login.
i have the wordpress version WordPress 4.9.10
all plugins are updates, and i have only ninjaform and header and footer plugin there. i had no ftp accesss.
here are the log:
—
1 Tag ago
19/03/2019
10:37:33 N/A 86.109.170.200 User Created adminzax
1 Tag ago
19/03/2019
10:37:30 N/A 86.109.170.200 Options Updated users_can_register
1 Tag ago
19/03/2019
10:37:30 N/A 86.109.170.200 Options Updated default_role
—Does anyone have a idea, how this inject works? the ip: 86.109.170.200 is not mine or from my server, its from a unknown computer.
best regards.
- The topic ‘New Admin user registered from outside’ is closed to new replies.