A new admin user has been created, Ip address is zero's and salt is missing
I have Crawl protect running (no log entries for that date)
I have a hash check running against all Opencart files (none have been modified)
The http log show nothing
Login is restricted by IP
I have Crawl protect running (no log entries for that date)
I have a hash check running against all Opencart files (none have been modified)
The http log show nothing
Login is restricted by IP
but why are you telling us about this? Noone has the slightest Idea, about a fully unkown System, and Setup, in a fully unknown environment. It could be anything, possibly beeing (hidden) part of something, possibly obtained with some Extensions, and/or Themes, placed, to serve some purpose.
A good range of Online 'Source' exists, containing 'Stuff', placed either by 'regular' Dev's, just trying to make sure, to know, if someone Unauthorized is using their Software, or then, by Those, offering paid OC Extensions and Themes for Free, but hiding their 'own' Gizmos into the Source, to, at least, make some money, later, when it comes to break into such stores, and grabbing, what is available, but not in their own 'Inventory' yet, to keep in business.
Just to give you some Ideas, on such, and how it's been done, sometimes.
Under 'normal' Circumstances, and with VISITOR UPLOADS disabled, it would/could not have been the case...
Good Luck
Ernie
openshop.li
A good range of Online 'Source' exists, containing 'Stuff', placed either by 'regular' Dev's, just trying to make sure, to know, if someone Unauthorized is using their Software, or then, by Those, offering paid OC Extensions and Themes for Free, but hiding their 'own' Gizmos into the Source, to, at least, make some money, later, when it comes to break into such stores, and grabbing, what is available, but not in their own 'Inventory' yet, to keep in business.
Just to give you some Ideas, on such, and how it's been done, sometimes.
Under 'normal' Circumstances, and with VISITOR UPLOADS disabled, it would/could not have been the case...
Good Luck
Ernie
openshop.li
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
What version are you running? Maybe check your server access logs for any URL containing admin/index.php?route=user/user/insert&token=
Thinking about it if the user was added this way there should be a salt.
Another way I have seen something like this done is through extensions that had SQL injection weaknesses. You might notice something in your server logs containing the data added, if it was done by a GET rather than a POST.
Another way I have seen something like this done is through extensions that had SQL injection weaknesses. You might notice something in your server logs containing the data added, if it was done by a GET rather than a POST.
What does it say for date_added for that row? Do you have Drupal or wordpress also running on the server? What kind of host/server is it? Do they have proper jailing/cages/bash levels for the accnts?
https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.
Hi Dhauphin
Date added 10/02/2016 00:00
ip 0.0.0.0
user_id 9999 (wierd??)
Nothing else runs on the account but Opencart (but on the server lots of other things may be running - see below)
as far as the server goes this is a Cloud server running at Tsohost
Date added 10/02/2016 00:00
ip 0.0.0.0
user_id 9999 (wierd??)
Nothing else runs on the account but Opencart (but on the server lots of other things may be running - see below)
as far as the server goes this is a Cloud server running at Tsohost
Who is online
Users browsing this forum: No registered users and 113 guests