“Debug” user with admin rights… hacked?

  • thrillho

    (@thrillho)


    9 years ago

    I just found a user named Debug was added to my site with the email [email protected], with its role set to admin. The user was added about two months ago but I am certain that I did not do this.

    I’ve found another thread with someone who experienced the same problem and I reviewed the steps provided in the “My site was hacked” FAQ. I’m completely stumped because I already take various security measures (WAF, login limits, multi-factor verification, etc.) and I run scans daily. I already spoke with my server company and I am considering hiring a company to do a full scan on our website for anything malicious.

    If anyone can please shed some light on this, it would be much appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Denzel Chia

    (@denzel_chia)

    9 years ago

    Hi,

    I am no security expert, I can only make some suggestions.

    You can use securi site scan to scan your website.
    https://sitecheck.sucuri.net/

    Or consider getting them to do a site security audit.

    Thank you

    Thread Starter thrillho

    (@thrillho)

    9 years ago

    Thanks, Denzel.

    After further investigation, we’ve found that the user was created by the Backup & Restore Dropbox plug-in. We are still going through the plug-in’s code to figure out why this user is being created and if it’s doing anything malicious.

    Does anyone know why a plug-in of this nature might need to create such a user?

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘“Debug” user with admin rights… hacked?’ is closed to new replies.