Hi
Thanks for getting in touch.
Your account has the tell tale signatures that the account seems to have been compromised by an exploit known as AnonymousFox.
This may have been the result of an out of date or an insecure plugin being used, or that your password for cPanel was weak and brute forced or otherwise obtained.
This is also evident by the corrupted contact info files in the account:
cat ~/.contactemail
cat ~/.cpanel/contactinfo |grep email
A scan of your account shows that is appears to have been infected with malware. The scan flagged the following suspicious files:
[A scan for suspicious php files in your account did not find any suspicious PHP files.]
I can also see the following malicious email addresses were added which I have removed:
[You have also removed (or there were none placed) any malicious mailboxes left on the server.]
Additionally this malware affects the whole cPanel account so all areas of the account should be carefully checked and the databases validated for any unknown users or entries.
I would suggest taking a look at the following articles for a guide on how to approach this:
– https://codex.wordpress.org/FAQ_My_site_was_hacked
– https://codex.wordpress.org/Hardening_WordPress
I am currently scanning your account for known malware signatures although scans such as this will only pick up known files, so if changes have been made, even slight ones, it may not detect all malware.
Please keep us up to date with securing the account.
We can instead offer to restore the entire cPanel account back to a known clean time. This will involve terminating the account and then reconstructing it using the website files and database. This will effectively revert the account back to that time which will include mailboxes and DNS records within cPanel.
If you would like us to take this approach please let us know.
We look forward to hearing from you.
#signtuare
#cut
