Urgent, My website (wordpress) has been hacked

richiek67

Hi There,

In a bit of a desperate situation here. I had a guy do up a website for me some months back. More of a hobby than anything else. I go into it now and again.
I just got a few mails about advertising on it. One mail had the GAUL to include a link to my own gallery with one word underlined and now linked to an ad.

I've tried to login to my admin account with details etc given by my web developer I used but to no avail. Is there any way I can get in. I approached blacknightsolutions who are the provider but they don't want to know. I guess its my own fault for lack of security.
PLease, any ideas?

Cheers

Rich:(

duffman85

Hi,

Some of the options in the link below may be able to reset the password and get into your site.

http://codex.wordpress.org/Resetting_Your_Password

richiek67

Thanks but I tried this about 5 times. It sends me a new link ok but then it tells me that the link is invalid... so no joy there. Looks like this hacker knew what they were doing.

Any more ideas?

blatantrereg

Can you set up new accounts on it?
If you can, and have access to the hosting server, then you can do the following:

1. set up a new account on your wordpress site
2. log into your blacknight account. Open the users table in the database behind the wordpress site.
3. Copy the user_pass field from the record for the new user you created into the record for your old account. Also check that the user status for your old account is 0.

Now you can log in to your old account with the password you used to create the new account.

If you dont have access to the hosting, or if it's not configured to allow user registration, then get in touch with the guy who set it up for you.

Giblet

Sounds fishy. Get on to the developer. Are you sure they haven't just changed it?

GetWithIt

richiek67 wrote: »

Thanks but I tried this about 5 times. It sends me a new link ok but then it tells me that the link is invalid... so no joy there. Looks like this hacker knew what they were doing.

Any more ideas?

By any chance are you using Safari as your web browser?

I've encountered link invalid from the Wordpress password reset link before and think it's browser specific.

richiek67

Thanks folks for the help. I dont understand what happened. I'm going to have to learn more about wordpress but the words that were underlined are now gone...
I tackled the guy who was sending me emails about advertising and he strongly disagreed with any goings on ......Funny how they are gone now.
How can words within my website be underlined and come up with messages unless what I was looking at was a link created from the mail message. I was clicking on this. Perhaps my site had not been compromised but the page copied and then linked? Is this possible?
Does anyone know of a quick dummies guide to websites, where all the gallery, front door stuff and passwords etc get stored. ? I know of the word press tutorials, I'll have to look at those and not depend on the person who did up my website. Its a simple enough site too. I can FTP into my site, just need to know the ' how can i do this' and ' where does this go' type stuff. I am working in electronics, you'd think I'd know these things but i've never really had exposure to web site design. I'm sure its easier than it was years ago !! I always like to have a book beside me to follow it if any one could recommend one or is this just a waste of money if its all on the web?
Thanks again folks, I better get the finger out...!

blatantrereg

How can words within my website be underlined and come up with messages unless what I was looking at was a link created from the mail message. I was clicking on this. Perhaps my site had not been compromised but the page copied and then linked? Is this possible?

Well that sounds like a basic phishing technique. People create copies of login pages and send links to them. When people enter their details, they are redirected to the genuine site, but their logins are stored by the phisher. It is very common.

where all the gallery, front door stuff and passwords etc get stored.

For blacknight shared hosting - Open the control panel for your hosting and click 'databases'. You can find the database containing wordpress user info etc there - and apply the technique above to get back into your account there too.

Trojan

richiek67 wrote: »

I tackled the guy who was sending me emails about advertising and he strongly disagreed with any goings on ......Funny how they are gone now.
How can words within my website be underlined and come up with messages unless what I was looking at was a link created from the mail message. I was clicking on this. Perhaps my site had not been compromised but the page copied and then linked?

I've seen the case where a website owner had some malware search toolbars installed on their browser, which introduced advertising into all sites they were visiting. They saw these links on their own site and thought the site was compromised. I'm not saying that's what's happened in your case, but it *could* be.

I've fixed compromised WordPress installs - if you need help, hit me up with a PM or email.

DonkeyStyle \o/

I tackled the guy who was sending me emails about advertising and he strongly disagreed with any goings on ......Funny how they are gone now.

Are you sure he wasn't just sending you an image of the page? (hosted somewhere else) Just to show you where he wanted the link?
It's common enough that someone will ask for a specific piece of anchor text for their link. It doesn't make sense to me - if someone could add their own link to your site themselves that they'd then go and email you about it. More likely they'd say nothing and hope you didn't notice it.

daymobrew

Post a link to your site so we can check it out.

Stuxnet

would you by any chance be using the lastpass browser addon also, when you try to login, if so, disable it and try again, its been known to cause wp login problems