Current hack on 4.3.1

  • A new admin user appeared earlier in my wordpress, luckily I was at my PC when it happened, and received an email alert.

    The user was: Obuser
    Email was [email protected]

    I then noticed that I could not delete any spam from the admin side, as one of the spam comments was injected with some code to infect the site, thereby creating an admin account.

    What I did:

    1) Instead of deleting the user, I changed their permission from ‘Admin’ to ‘subscriber’, so if the bot tries to join again, it will be met with an account that is already there, but with ‘subscriber’ permissions.

    2) I then went to mysql and deleted all the spam from there, which once the offending message was removed, I was able to delete spam normally from the admin panel.

Viewing 2 replies - 16 through 17 (of 17 total)
  • Moderator James Huff

    (@macmanx)

    How is this issue “resolved” exactly, as it says it is?

    It has been reported properly to the security team, which is resolved as far as the support forum is concerned. We handle bug reports and feature requests the same way.

    Once we can’t do any more here, it’s resolved.

    Moderator James Huff

    (@macmanx)

    Understandable, thanks for sharing your concern. I’m going to mark this as closed, since the issue has been reported properly.

Viewing 2 replies - 16 through 17 (of 17 total)
  • The topic ‘Current hack on 4.3.1’ is closed to new replies.