we experienced the weirdest issue:
On a plesk-auto-installed Joomla-Instance, we use only internally for testing new Joomla features, our super user account suddenly had a new username (AnonymousFox) and password. The website is though publicly available, no directory password protection, but there are only two persons in the company knowing the URL and the login for the only account - a super user with a fairly complex username, something like "admin_fgz55xy5". The website is nowhere linked, the URL never communicated externally. It has almost up-to-date Joomla & AdminTools versions installed. Unfortunately I cant tell for sure what versions were installed while the change happened (if this info is of any importance), because we did some updates after fixing the super user manually via the DB. Other than this, the website was not compromised (as far as we could tell). How could that happen?
1. Did you experience/heard of something similar before? Couldn't find any info on this online, the only thing that pops up and it is similar is about an "AnonymousFox" hack, but that was WordPress-only...
2. Shouldn't AdminTools have prevented this by default?
3. Is there any way to check in the Joomla backend for when updates were made, and from what version? Some kind of a update log? For Joomla itself, but also 3rd party extensions as AdminTools?
All best, με εκτίμηση,
|Joomla! version (in x.y.z format)||3.9.x|
|PHP version (in x.y.z format)||7.1.31|
|Admin Tools version (x.y.z format)||5.3.x|