Sansec logo

Unauthorized administrator accounts

Sansec

by Team Sansec

Published in Guides

When attackers gain unauthorized access to a store, they often add extra accounts to the store control panel. These accounts have legitimate sounding names like "backup" and "system" but are under full control of a third party.

General approach: go through your list of admin accounts, and purge (not disable) any that you do not recognize.

See also our collection of previously detected malicious admin accounts

As extra safety measure, we recommend to implement an IP filter on the control panel of your store, so that it only allows office and staff IPs.

Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Terms & Conditions
|
Privacy & Cookie Policy
Company Reg 77165187
|
Tax NL860920306B01