Unauthorized administrator accounts

by Team Sansec

Published in Guides

When attackers gain unauthorized access to a store, they often add extra accounts to the store control panel. These accounts have legitimate sounding names like "backup" and "system" but are under full control of a third party.

General approach: go through your list of admin accounts, and purge (not disable) any that you do not recognize.

See also our collection of previously detected malicious admin accounts

As extra safety measure, we recommend to implement an IP filter on the control panel of your store, so that it only allows office and staff IPs.

Easy CSP for your store?

Try Sansec Watch! Free, simple and fully integrated. Get PCI compliant alerting with minimal effort.

Sansec Watch

Need expert advice? We are here to help!

Contact

Unauthorized administrator accounts

Easy CSP for your store?

Made with ❤

Stay up to date with the latest eCommerce attacks

experts in eCommerce security

Terms & Conditions
|
Privacy & Cookie Policy
|
Company Reg 77165187
|
Tax NL860920306B01

Unauthorized administrator accounts

Easy CSP for your store?

Made with ❤

Stay up to date with the latest eCommerce attacks

experts in eCommerce security

Terms & Conditions|Privacy & Cookie Policy|Company Reg 77165187|Tax NL860920306B01

Terms & Conditions
|
Privacy & Cookie Policy
|
Company Reg 77165187
|
Tax NL860920306B01