I just ran into a phishing pbm first signaled via b2evo mailer and then confirmed by bluehost who deactivated my site and pointed out a number of suspicious files. At this point I have several questions:
1) may I safely clear all content of the /blog/cache/folder
2) because I have always used FTP to perform the various upgrade, I presume that files/folders that have become useless or obsolete over time have nerver been removed or is there a a tool that does just that during the install process?
The reason I am asking is because some of the files that have been pointed out as suspicious by the guies from bluehost do not exist on the original release.
3) then next question, what do I do with those files, should I clean everything (but media and conf) before doing an ftp with the original released files or ???
4) Also, I will first change my bluehost passwords before they reactivate my account. Regarding my b2evolution password, I need to wait for my account to be reactivated and then sign-in with my old password before I can change it or is there any other way?
Thks for helping
Regarding your questions:
1) Yes, you can do it. It is safe.
2) It depends on which upgrade method have you been using until now. If you followed this one: http://b2evolution.net/man/upgrade-instructions, the 3rd step ensures that you will get rid of all the unnecessary files.
3) Yes, definitely. Just follow the method linked above and your site will be running under a fresh copy on b2evolution.
4) Well, first than anything else, your hosting account needs to be reactivated. After that, and depending on which version of b2evolution are you running, to change the password directly in the database could be either easier or a bit more complicated. Please tell us your version to suggest a method. In any case, I think that use the site to change your password is just fine.
Regards!