This past Friday or Saturday my admin account was hacked. Saturday I was unable to login, but at that point there were no outward signs that it had been hacked. I requested a password reset, but never received an email regarding this. So I tried to set up the Admin account again and was successful....EXCEPT that it is an ordinary student account with the username Admin, NOT the administrator's account. That shouldn't have happened, as there had been an account with the username admin on the site up until two days before, so this really concerned me.
HELP! I cannot add new courses, grade papers or anything because I cannot access the administrator's account. Does anyone have any advice? I obviously cannot put the site in maintenance mode without admin privileges, and support can't seem to figure out the problem. They tried restoring the site with a database backup, but for some reason that restored the site to a point 222 days ago instead of to the date of the database backup. I am frantic, as this is a busy time of year for enrollments, and I'm afraid the hacker is stealing money that should be coming to me.
Does anyone know how I can locate the hacker's password and login info so that I can regain control of my classroom? I have cPanel and FTP access still, so I can access the databases, but I am at a loss where to look.
I am using 1.9.10+