Unauthorized administrator accounts
by Sansec
Published in Guides
When attackers gain unauthorized access to a store, they often add extra accounts to the store control panel. These accounts have legitimate sounding names like "backup" and "system" but are under full control of a third party.
General approach: go through your list of admin accounts, and purge (not disable) any that you do not recognize.
See also our collection of previously detected malicious admin accounts
As extra safety measure, we recommend to implement an IP filter on the control panel of your store, so that it only allows office and staff IPs.
Realtime store protection?
Try Sansec Shield! No more stressing to install patches on a Friday afternoon. The most advanced WAF for Magento stores gives you peace of mind.
Sansec Shield