New bot users with admin rights

  • Resolved rptr

    (@rptr)


    8 months, 2 weeks ago

    Hello,

    last week I noticed that users with admin rights are registering on the website. In the log in WP Security it shows me that the user was created by me. How can I prevent this? Do you have experience with it?

    7 march 2024 13:33
    info xxx 185.251.000.000 User registration
    Admin xxx registered new user: adminsup
    Show trace

    7 march 2024 13:33
    warning xxx 185.251.000.000 User deleted
    User account: adminsup with ID: 1061 has been deleted
    Show trace

    7 march 2024 13:30
    info xxx 185.251.000.000 User registration
    Admin xxx registered new user: adminsup
    Show trace

    7 march 2024 13:30
    warning xxx 185.251.000.000 User deleted
    User account: adminsup with ID: 1060 has been deleted
    Show trace

    • This topic was modified 8 months, 2 weeks ago by rptr.
    • This topic was modified 8 months, 2 weeks ago by rptr.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @rptr

    It seems the Audit log entires for User registration are there.

    The “Show trace” link will open popup it will show stacktrace which files / method are call for it.

    if you can share it with us using https://pastebin.com/ with burnafter read option we can corss check and may say which plugin / page used for registration etc.

    Thread Starter rptr

    (@rptr)

    Hello, thank you for your reply.

    This is log from spam bot with admin rights: https://pastebin.com/wCsA3FqR

    This is log from classic spam bot: https://pastebin.com/6QJZ52te

    • This reply was modified 8 months, 2 weeks ago by rptr.
    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @rptr

    Spam bot with admin rights > Here they are logged in admin some how then only /wp-admin/user-new.php file is accessible,

    https://snipboard.io/lF7yV2.jpg

    You should change all Admin users / Hosting passwords once. And remove all unnecessary admins. Make sure your hosting provider or any other service do not created that admin user and logs in.

    If possible make the cookies based brute force on so admin accessible wiht secretword only.

    This is log from a classic spam bot: – Here the Woocommmerce user registration form is being posted, Please enable captcha from WP Securiyt> Brute force > Captcha settings > Captcha so atlease spam bots not submitting the form if still manaully users try keep register you should block their IPs

    https://snipboard.io/xUv8p5.jpg

    Regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘New bot users with admin rights’ is closed to new replies.