I keep on getting an malwarebytes milicous website warning from web url: 220.127.116.11 and have already reported these findings to the abuse email of that ISP in the UK. He wanted proof I sent it to him awaiting his reply.
I installed he WP Anti-Malware plugin and it found 2 WP Login Exploits and 35 code issues of potential threats, this is a brand new site cloned last week from my main site.
I quarantined the two files and only had 10 potential threats left. Then ran WP update to version 3.5.1 and updated all my plugins went fine. Ran the scan again after this completed and the WP Login Exploit came back along with 12 potential threats.
I am not a code reader but it looks like the first part of code has 4 letters separated by dashers with a URL something before it. I think the hacker SOB encoded 18.104.22.168 into letters that's why it came right back.
I tried to delete the highlighted part of code that the potential threat found but it won't let me delete it so if anyone here know how to do this I'm all ears.
I don't care if I screw up the site and it goes down I'll just reload it again. But I would like to learn how to correct this problem so I can repair it on my main site where I do care about it.
Maybe someone else has been hacked by this same SOB and I have a real good idea who he is because his was the only site I did training on in the UK and he was kind of a shady critter that's why I left.
Any help greatly appreciated thanks in advance.