Howdy,

I have a verrryyyyy odd thing happening.

I have an user, unknown, that is in my users table, for a domain that isn’t mine, and never was.

This records keep’s having last_login fields updated, so someway he’s being able to login right?

Odd to see that the field after the datetime fields (that is the failed_login_count) is zero,

Is there any plugin or so to records the IP from which the logins are made?

Where to search for this possible breach?

Regards,