Support » Fixing WordPress » WP blog Hacked… "KSA" user

  • Hey, I have been using WP 2.7, and today when I tried to login, but 2 of my admin accounts said “wrong username”. Then I went into phpmyadmin and at the wp_users table, i figures both accounts were deleted and there were only one account with the username “ksa”. It was NOT an admin account though as the wp_usermeta table was not affected. I created a new admin account via phpmyadmin, deleted the ksa one, logged in and upgraded to wordpress 3.0.1 (which I should have done a long time ago, I know). It worked fine for a few hours but it has happenned again about 10 minutes ago. I dont know what they are trying to do, as no other file seem to be affected from the attack, nor they have admin capabilites. I deleted again the new “ksa” user they created, and I dont know what else to do. I have a 3 days old unaffected backup of my whole site, would it help to upload it back?

    Also, is this a new type of attack? Has anyone been attacked this way before?

    Any suggestions would help a lot as I am kind of scared right now. Thanks very much in advance.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘WP blog Hacked… "KSA" user’ is closed to new replies.