Unauthorized administrator accounts [closed]
I realized that a weird name-less account appeared in the admin group. I identified this as I realized that some spam user accounts were being generated.
The user ID for these is 1001001 (with entries in both users and usermeta database tables). These accounts re-appear after being deleted both from the database directly or using the WP inter phase.
I couldn't find anything out there.
Does anyone know this attack? Any suggestions to where to search for the malicious code?
I realized that a weird name-less account appeared in the admin group. I identified this as I realized that some spam user accounts were being generated.
The user ID for these is 1001001 (with entries in both users and usermeta database tables). These accounts re-appear after being deleted both from the database directly or using the WP inter phase.
I couldn't find anything out there.
Does anyone know this attack? Any suggestions to where to search for the malicious code?
No comments:
Post a Comment