Where do the left admins come from in WordPress?

D

Dima2021-07-05 05:11:43

Malware

Dima, 2021-07-05 05:11:43

Hello!
I continue to struggle with some kind of online casino advertising on the site.
A week ago I deleted strange admins on the site, and today I saw that there are already 2 new ones and I didn’t do them. They also have wpadmin logins and [email protected] mailboxes. I just
connected Cloudflare and delete these admins, but I understand that this is not a panacea and I need to dig deeper.
Has anyone experienced this?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

M

m0ze, 2021-07-13
@m0ze

Hello.
Judging by the email address you provided, this is a backdoor via a SQL trigger. Alternatively, remove the active database from the user acc. privileges and see if the scenario with the "extra" user on the site repeats. Well, of course, it is worth double-checking the site ten times, because. 99% of these attacks download the backdoor and malware from a third-party domain.

S

Sanes, 2021-07-05
@Sanes

Through leaky themes and plugins. Or through poorly configured hosting.

S

Sergey Arsentiev, 2021-07-05
@moytop

alas, the site has been hacked, in most cases it is problematic to clean the site from malicious code without the intervention of a specialist.

G

GeneCh, 2021-07-05
@GeneCh

Have you installed nulled/hacked/cracked paid plugins or themes?
If you downloaded - 99% that there was a virus or a backdoor
Check the site with an antivirus (not kaspersky, but wordfence / ninjascanner / all in one wp security) to start

V

Vito Shvidoff, 2021-07-16
@vitalik_ist

As an option, run the site with the ai-bolit script by uploading the script to the hosting and setting the time and scanning settings in Cron saved my site