ToomerInc

I have also received the email:

Your account stawe hosted on server manchester.nswebhost.com
is hosting the follwoing malicious files/scripts :

==============================================

{HEX}base64.inject.unclassed.6 : /home/stawe/public_html/static/wp-content/plugins/wp-miniaudioplayer/maptinymce/tinymcemaplayerJs.php

==============================================

This files are being abused by crackers/hackers to install malicious scripts on your account. Please note that our servers are up to date and monitored frequently against these hack/malicious attempts.
We have disabled the public_html folder for this account(s) temporarily to avoid any further exploits. This has been done for your own safety as well as to protect everyone else on the server and internet to make it a safe place for all.

We are disabling the web-access temporarily to avoid the following:

1- Suspending it blocks hackers from deleting all your files.

2- It prevents hackers from posting embarrassing index pages till you can completely secure your account.

3- It keeps hackers from stealing any further sensitive info such as logins, credit card numbers, etc. which may be in your files or databases.

4- If found quickly and rectified, it may keep your site’s reputation from being damaged in search engines.

Please follow the security guidelines posted in the link below to secure your account asap.

https://www.hostingzoom.com/clients/blablabla…

We have disabled web access to your account so that further attacks stop and your data is secure while you work on it. You can still access the account using your control panel and FTP. We suggest you change your control panel password immediately. If you need web access to work on it, please provide us your IP address which you can find by visiting the page http://www.myipaddress.com so that we can enable web access for your local IP.

If you require a restore, please be aware that due to the amount of data we must store, our backups are rotated daily. It is imperative that you contact us immediately to request a restore of your files from backups. We can’t guarantee a backup will be available or that it will contain clean copies of your files but we will make every effort to find one prior to the date of infection for you. We can also help restore from your own backup file if you have one and you upload it to your home dir. We do recommend using the backup tool available in your control panel to always keep your own copies of your site on your own computer for safekeeping. To automate the task with a cron job, please see our forums.

When you are done changing your passwords, updating your scripts, cleaning up the files, etc. and feel the account is now secure, please let us know what you have done to correct the situation and ask for full web access to be restored. Please be reasonably sure as enabling it prior to it being fully secured can have major consequences and cause much more delay in getting back to internet life as usual.

We appreciate your cooperation. If you have any questions about securing particular popular scripts you are running, please feel free to ask.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

They asked me to change the file? Change what I asked?
They couldn’t tell me.