This is a warning to my fellow WordPress users… over the past few days there have been some hackers taking over our sites via accounts setup for new users. The attacks seem to be centered in Europe, Germany primarily, by registering users with Gmail acounts. I have received three over the past three days which after a quick Google search on the email address netted several sites with the same warning.
So I will promote the advice by another savvy and alert WordPresser who caught one of the same addresses registering at his site. Don’t use the default admin user name ( I never did in the first place), and change your password just in case (that I just did).
I am joining in the network of those posting about this hack/attack in order to warn others. I am going to post the names and emails of the attack accounts I have been contacted by below. This is by no way complete as there do seem to be several others out there. Feel free to comment or contact me with any you may have encountered.
September 2
- Username: jaimelipani
- E-mail: jonatanwebsterbaum@gmail.com
Sepember 1
- Username: MikeWink
- E-mail: bugbeemershonyhe@gmail.com
August 31
- Username: Andrianq
- E-mail: pulvillarrac@gmail.com
Loading ...
15 Comments Received
September 2nd, 2009 @4:36 pm
Thanks for the post. I just recently started receiving these as well. I will make a post on my site to notify other users. Here are the Username/Email I have had so far:
Username: rafaellabove
E-mail: jonatanwebsterbaum@gmail.com
Username: Andrianq
E-mail: pulvillarrac@gmail.com
Username: MikeWink
E-mail: bugbeemershonyhe@gmail.com
Username: Miriam
E-mail: obierebelominepyb@gmail.com
I will add your list to my own so others become aware.
September 2nd, 2009 @4:41 pm
Good catches… no need for us to hoard this info. It should be posted as many places as possible. My hope is that the WordPress developers can plug this security hole in the next update.
September 3rd, 2009 @12:40 pm
Thank you for adding my blog link in your post and above all, thank you for spreading the word about this issue! If the spammers won’t stop, then the WP community needs to come together and share the information to block them.
Great job! And again, a BIG THANK YOU!
Debbie Mahler
September 4th, 2009 @1:35 am
Backing up your site is always good advice. I do it once a month as is, but I archived everything today just in case.
With all of the plug-ins and widgets, you would think by now that someone would have coded something to make WordPress a bit more secure. If anything, this hack has shown many of us how vulnerable our sites are. If an attack like this ever was unleashed on a large scale to WordPress bloggers, someone could take down a good chunk of the internet…
September 4th, 2009 @5:07 pm
For those who think they might have been hacked or are finding additional unauthorized admin accounts, there is a great view of what to look for over at http://www.greenwaysroad.com. If you see an extra admin, delete it ASAP, and if possible, restore your entire blog from a date prior to the first attacks appeared (August 29th or so) to ensure there isn’t any stray hacks on your site left by the hackers.
September 8th, 2009 @11:23 pm
Update for all… after a few days of silence, I’ve got a couple of more hacker accounts to share:
Username: arnoldisby
E-mail: naomyrotenford@gmail.com
Username: UlricheDmond
E-mail: ulrichedmondsuses@gmail.com
Stay sharp kiddies – especially for those sites that get loads of new user registrants every day. I’ve seen several sites that have been attacked close off new users altogether and I can’t say I blame them.
August 23rd, 2010 @8:40 pm
Note: Those hackers are at it again. I’ve got a new bombardment of new users and have post a new hacker list here:
http://www.packcamera.com/wordpress-wankers/599
Pingback & Trackback
Sorry the comment area are closed for non registered users