This is a warning to my fellow Wordpress users… over the past few days there have been some hackers taking over our sites via accounts setup for new users. The attacks seem to be centered in Europe, Germany primarily, by registering users with Gmail acounts. I have received three over the past three days which after a quick Google search on the email address netted several sites with the same warning.
So I will promote the advice by another savvy and alert Wordpresser who caught one of the same addresses registering at his site. Don’t use the default admin user name ( I never did in the first place), and change your password just in case (that I just did).
I am joining in the network of those posting about this hack/attack in order to warn others. I am going to post the names and emails of the attack accounts I have been contacted by below. This is by no way complete as there do seem to be several others out there. Feel free to comment or contact me with any you may have encountered.
September 2
- Username: jaimelipani
- E-mail: jonatanwebsterbaum@gmail.com
Sepember 1
- Username: MikeWink
- E-mail: bugbeemershonyhe@gmail.com
August 31
- Username: Andrianq
- E-mail: pulvillarrac@gmail.com
Thanks for the post. I just recently started receiving these as well. I will make a post on my site to notify other users. Here are the Username/Email I have had so far:
Username: rafaellabove
E-mail: jonatanwebsterbaum@gmail.com
Username: Andrianq
E-mail: pulvillarrac@gmail.com
Username: MikeWink
E-mail: bugbeemershonyhe@gmail.com
Username: Miriam
E-mail: obierebelominepyb@gmail.com
I will add your list to my own so others become aware.
Good catches… no need for us to hoard this info. It should be posted as many places as possible. My hope is that the Wordpress developers can plug this security hole in the next update.
[...] My apologies if you have received any strange messages pretending to be from this site. A spammer hacked in and registered as a user. This is part of an ongoing problem throughout Europe. See these sites to see what’s been going on: Technical Tidbits. [...]
[...] Story [...]
Thank you for adding my blog link in your post and above all, thank you for spreading the word about this issue! If the spammers won’t stop, then the WP community needs to come together and share the information to block them.
Great job! And again, a BIG THANK YOU!
Debbie Mahler
[...] site. Some reports have even mentioned spam emails being sent out. You can get the full story here. I’ve made the necessary changes, deleted the loser hackers backed up the blog! Please [...]
Backing up your site is always good advice. I do it once a month as is, but I archived everything today just in case.
With all of the plug-ins and widgets, you would think by now that someone would have coded something to make Wordpress a bit more secure. If anything, this hack has shown many of us how vulnerable our sites are. If an attack like this ever was unleashed on a large scale to Wordpress bloggers, someone could take down a good chunk of the internet…
[...] http://www.packcamera.com/archives/409 [...]
For those who think they might have been hacked or are finding additional unauthorized admin accounts, there is a great view of what to look for over at http://www.greenwaysroad.com. If you see an extra admin, delete it ASAP, and if possible, restore your entire blog from a date prior to the first attacks appeared (August 29th or so) to ensure there isn’t any stray hacks on your site left by the hackers.
[...] http://www.packcamera.com/archives/409 [...]
[...] Learn about the wordpress hacks (Here) [...]
Update for all… after a few days of silence, I’ve got a couple of more hacker accounts to share:
Username: arnoldisby
E-mail: naomyrotenford@gmail.com
Username: UlricheDmond
E-mail: ulrichedmondsuses@gmail.com
Stay sharp kiddies – especially for those sites that get loads of new user registrants every day. I’ve seen several sites that have been attacked close off new users altogether and I can’t say I blame them.