Hi,

personally I would check all WP plugins to make sure that they are all up
to date. I can see that there was a patch released for "WordPress SEO by
Yoast" released two days ago which addresses a security vulnerability.

Just quickly viewing the page's source code reveals a warning "Cannot
modify header information - headers already sent by (output started at
/home/*****/public_html/index.php:11". I suspect that commenting the code
near this area may remove the perpetrator's message.

It would be wise to check for a backdoor that the attacker may have left.

Jeremiah

On Fri, Nov 28, 2014 at 4:52 AM, RussellMc <apptechnz@gmail.com> wrote:

> All pages at the website below have
> had
> a message
> added
> at the top of the page along the lines :
>
> "Dear admin, you have a huge vulnerability. Email me: xxxx@gmail.com -xxx=
x
> twitter.com/xxxx"
>
> It's 'a friends' site. I do not know enough about such things to know wha=
t
> the security issue is that allowed this.
> Someone here may be immediate;y aware of what is involved.
> Any advice welcome.
>
> I've emailed the owner advising them to NOT contact the "greyhat" as ther=
e
> is no guarantee they are benign (the greyhat title  is not a comforting
> start).
> Obviously they could have trashed the site, but didn't, but it would be
> very good to put things to rights asap.
>
> Typical page is at (refold)
>
> http://
> americanlightworks
> .com
> /photos/
>
> Contact me off or on list as appropriate.
>
>
>      thanks
>
>
>                          Russell
> --
> http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
> View/change your membership options at
> http://mailman.mit.edu/mailman/listinfo/piclist
>
--=20
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.