Security Glitch

I have my wordpress website https://www.dnawebworld.com
I have created mutiple site in it.
But it is currently blocked by the hosting provider,
because of some scripting issue generated in it.

Please help me to resolve this issue.

Here is the details that they have send to me-

We are contacting you regarding an reoccurring issue with your hosting account due to which we have been forced to permanently suspend your account as this is the third time your application has been exploited causing significant performance issues with the hosting environment.

During our server monitoring we have detected malicious scripts running via your account:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
140074 dnawebwo 25 0 45124 13m 1820 R 51.2 0.0 727:27.90 perl sepi.pl
133469 dnawebwo 25 0 45124 13m 1820 R 42.7 0.0 727:33.73 perl sepi.pl
78712 dnawebwo 18 0 16360 2296 1320 S 0.0 0.0 0:01.78 imap
133468 dnawebwo 16 0 10816 1072 916 S 0.0 0.0 0:00.00 sh -c perl sepi.pl 2>&1
514522 dnawebwo 15 0 49380 9676 1348 S 0.0 0.0 1:18.10 /usr/sbin/apache3 -k start
551907 dnawebwo 15 0 49796 9540 864 S 0.0 0.0 0:00.01 /usr/sbin/apache3 -k start
555218 dnawebwo 15 0 49660 9512 864 S 0.0 0.0 0:00.00 /usr/sbin/apache3 -k start
592356 dnawebwo 15 0 49380 9208 844 S 0.0 0.0 0:00.00 /usr/sbin/apache3 -k start
604858 dnawebwo 15 0 49656 9440 864 S 0.0 0.0 0:00.05 /usr/sbin/apache3 -k start
620777 dnawebwo 15 0 49644 9424 864 S 0.0 0.0 0:00.00 /usr/sbin/apache3 -k start
622739 dnawebwo 15 0 49656 9440 864 S 0.0 0.0 0:00.11 /usr/sbin/apache3 -k start

After further review we have detected many malware scripts uploaded under the server tmp directory such as:

[email protected] [~]# ll /tmp/ | grep dnawebwo
-rw-r–r– 1 dnawebwo dnawebwo 0 Jan 16 03:14 allnet.jpg
-rw-r–r– 1 dnawebwo dnawebwo 8682 Jan 16 03:02 bds
-rw-r–r– 1 dnawebwo dnawebwo 0 Jan 16 03:14 byroe.jpg
-rw-r–r– 1 dnawebwo dnawebwo 232 Jan 5 04:49 cmdtemp
-rw-r–r– 1 dnawebwo dnawebwo 303302 Jan 14 14:36 ipays.jpg
-rw-r–r– 1 dnawebwo dnawebwo 188189 Sep 25 23:28 read.jpg
-rw-r–r– 1 dnawebwo dnawebwo 52361 Sep 25 23:28 stun.jpg
-rw-r–r– 1 dnawebwo dnawebwo 946 Dec 2 06:52 tmp.jpg

$language = ‘eng’;
$auth = 0;
$name = ”; // md5 Login
$pass = ”; // md5 Password

$sh_id = “aXBheXMg=”;
$sh_name = base64_decode($sh_id);
$sh_mainurl = “https://DeViL^T3aM.name”;
$html_start = ‘<html><head>
<link rel=”SHORTCUT ICON” href=”https://t3.gstatic.com/images?q=tbn:ANd9GcTjXqLeuQolGIVgCgXH79-kipRR1FvGvNwca6IhxYQ_ipH7hXIe”&gt;
<center><img src=”https://ups.imagup.com/04/1242538914_i2204910.gif&#8221; width=”1100″ height=”150″></p></center>
<title>FakoMasT3r&#8482</title>

I am afraid that we will not be able to continue providing hosting services for your account. As a possible solution in this matter we can provide you with a limited time frame FTP access to the account to download your content.

Considering the information above, please let us know if you would like temporary access to the hosting account.

Kind regards,

George Moody
Support Team Supervisor
TMDHosting.com