[wp-hackers] DB inserts into usertable

Otto otto at ottodestruct.com
Fri Aug 20 20:30:07 UTC 2010


Do you have user registration enabled? If so, then it's just spam
registrations. If not, then you likely got hacked.

-Otto



On Fri, Aug 20, 2010 at 3:18 PM, Andrew Gray <andrew at graymerica.com> wrote:
> I just noticed that some of my databases for my installs had a bunch of random users.
>
> Across multiple Databases, with the same password and style.  I am sure it is because I was lazy and used a master password in a bunch of my Wordpress installs on that server.
>
> At this point, I have fixed the problem, but has anyone else seen this?   Is is a bad plugin or something else.
>
> Here is an example of what was in all my DBs,
>
> No timestamp, gmail addresses, First Name Last Initial.  Every name was different, but the password was the same.
>
> INSERT INTO `wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES
> (2, 'SofiaT', '$P$BWrPjMxeckS8Qjhhd.3CqhhpM5c5G3/', 'Sofia Turner', 'SofiaT at gmail.com', '', '0000-00-00 00:00:00', '', 0, 'Sofia Turner'),
> (3, 'AlexandraR', '$P$BWrPjMxeckS8Qjhhd.3CqhhpM5c5G3/', 'Alexandra Russell', 'AlexandraR at gmail.com', '', '0000-00-00 00:00:00', '', 0, 'Alexandra Russell'),
> (4, 'JosephB', '$P$BWrPjMxeckS8Qjhhd.3CqhhpM5c5G3/', 'Joseph Butler', 'JosephB at gmail.com', '', '0000-00-00 00:00:00', '', 0, 'Joseph Butler'),
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list