A "new user" on my forum has registered an account that has duplicated the name of the administrator account. This is very troubling.
While the administrator account is currently untouched, this new user with the duplicate name is currently "awaiting email confirmation". He is registered user, with no moderation powers, but he still somehow managed to duplicate the admin name.
Here is what I have done thus far:
I have determined that his IP address is associated with what could supposedly be a spam and phishing website/organization (IP address available upon request if you wish to ban it from your site)
I have informed all my staff people to change passwords on accounts and emails associated with my site. Is there anything I should do?
Does anyone have any ideas how this could have happened?
While the administrator account is currently untouched, this new user with the duplicate name is currently "awaiting email confirmation". He is registered user, with no moderation powers, but he still somehow managed to duplicate the admin name.
Here is what I have done thus far:
- I checked the logs and there has been no entry into the Admin CP by his IP address. In fact, his IP is totally unique, and has never been seen before by my forum.
- I checked the user groups, and there are the correct entries and number of entries in the moderator and admin user groups, and nothing additional has been added.
- I have banned his IP for good measure, considering banning his entire range and country for that matter (its Brazil FYI).
- I have run the suspect file version scan and turned up nothing.
I have determined that his IP address is associated with what could supposedly be a spam and phishing website/organization (IP address available upon request if you wish to ban it from your site)
I have informed all my staff people to change passwords on accounts and emails associated with my site. Is there anything I should do?
Does anyone have any ideas how this could have happened?
Comment