Security question – extra users in DB?

  • vmurygin

    (@vmurygin)


    17 years ago

    Hi,

    I run a few blogs – and just now noticed a weird thing.

    I checked the wp_users table in the database for few sites and see that there are more users than you can see in the WordPress admin screen.

    Particularly, there is a user named ‘WordPress’ that has a register date of 0000-00-00 00:00:00. It seems to be like that on a few sites.

    Our sites have been hacked recently – although probably not through wordpress – but I’m afraid that these extra users were created by hackers so that they are able to log in, etc. And I wanna know if I should delete those extra users.

    Or is this normal and these are generated by WordPress and they need to be there?

    Thanks for your help!

Viewing 5 replies - 1 through 5 (of 5 total)
  • whooami

    (@whooami)

    17 years ago

    Particularly, there is a user named ‘WordPress’ that has a register date of 0000-00-00 00:00:00. It seems to be like that on a few sites.

    Our sites have been hacked recently

    and youre still hacked, you were never un-hacked, if you still have that user laying around.

    Thread Starter vmurygin

    (@vmurygin)

    17 years ago

    Sorry; I’m not entirely sure what you mean. Can you please elaborate like I’m a 2 year old?

    whooami

    (@whooami)

    17 years ago

    like a 2 year old? a 2 year old wouldnt be admin’ing a web site, much less a “few”.

    you

    are

    still

    hacked.

    Thread Starter vmurygin

    (@vmurygin)

    17 years ago

    Thanks for your “help” and your presumptuous attitude. I never said that I was admin.

    I would really appreciate if anyone else can give any advice on what should be done in such case – should I remove those users? And if anyone else experienced something similar, etc.

    Thanks!

    whooami

    (@whooami)

    17 years ago

    I never said that I was admin.

    yes, you certainly implied it:

    I run a few blogs

    Our sites have been hacked recently

    you have access to those blog’s databases:

    I checked the wp_users table in the database for few sites …

    Moving on.

    I would really appreciate if anyone else can give any advice on what should be done in such case – should I remove those users?

    In the case of the user named wordpress — Of course, you delete the user. C’mon. As for the rest, who knows, you dont identify them.

    And if anyone else experienced something similar, etc.

    Thousands.

    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
    http://ww.wp.xz.cn/search/hacked?forums=1

    There is a search box on every page of this site, in the event you missed it.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Security question – extra users in DB?’ is closed to new replies.