skully

Just found hacked config, index, and htaccess files on main cpanel separate from wordpress folder. Searched for files changed on July 20th (day of hack) and these came up (see below) I also found a perl5 folder on directory that was modified on that date? One more question... I have these listed in email accounts that I did not create...Is it being used as a spam mailer & should I delete? infoserver@skullythepirate.com smtp@skullythepirate.com Need instructions on how to delete these and replace with valid files

Reinstalled wordpress site and have it up and running... If possible could you maybe check config and other susceptible files for backdoor / malware I've run wordpress scan and found nothing Only file that shows date of hack (July 20th) is the htaccess file Here is how it reads, seems ok? # BEGIN WordPress<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /wp/RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /wp/index.php [L]</IfModule># END WordPressThanks

AnonymousFox info / screenshot I got from wordfence....

How do I check to see where Wordpress admin login has been changed? I have read on a couple of other threads about similar problems and they've mentioned the ID on logins have been changed to anonymousfox. just found this in phpMyAdmin... I know these are not the correct passwords (or have they been encrypted by word press?) When I attempt to reset my wordpress login it takes me to the Not found message I am able to register as a new user and I receive email notification as administrator When I try and log in with the new user Id I then get the same Not Found error message mentioned before. I do have access to cpanel (after resetting my heliohost password) skullythepirate.com/wp will open but then all other page links come back with error Not Found message. I have always updated the wordpress site, theme and plugins to the most recent available. I have not added any additional plugins and I have wordfence installed as well as jetpack Thanks for the help!

OK... resetting password allowed me to access cpanel Page links from skullythepirate.com/wp still show "Not Found" error message I did get this other message in cpanel a couple of times when I hit the back button No response from subprocess (cpanel (cpanel)): The subprocess ended prematurely because it received the “TERM” (15) signal.I've also noticed more spam email's coming through today than what I normally see

skullythepirate.com/wp main page will open but all other page links get the following message... Not Found The requested URL /wp/no-quarter-music-and-more/ was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. I am also unable to log in to cpanel or heliohost.org I get invalid sign in (should I reset password?) log in to wordpress also returns invalid password email seems to be working correctly These problems started today everything worked fine last night Hosted on Tommy Thanks

The IP address 75.110.162.66 has been blocked for trying to log in to POP3 with the wrong password too many times. passwords are saved in email client... worked fine last night