If you recently noticed new email accounts created or suspicious FTP accounts, your hosting account is probably affected by anonymousfox hack.
Attackers exploit web files via WordPress and later edit .contactemail file, which helps them to re-gain cPanel access.
In order to sort this issue, there are several steps to take:
Need help? Let us clean your site.
- Go to cPanel > Contact Information and change primary and secondary email and restore Pushbullet token.
- Remove all FTP accounts under FTP Accounts.
- Remove all suspicious email accounts under Email Accounts.
- Move all files under /home/user/public_html/ to a safe area.
- Perform a full site backup – web files and database. Save it on your local computer.
- Clean your WordPress site. A recent guide available here: https://guides.magefix.com/2020/08/go-donatelloflowfirstly-ga/
Try our Free site check.