Here is the message from my server, I need this fixed please:
We have found that your website '[url removed, login to view]' has been compromised and is being used for sending spam and possible phishing attacks. We have now disabled your site due to this.
1) You can provide us your IP address of your internet connection and that we would make your site live just for that IP address. This will allow you to update your CMS or site to fix any vulnerability.
More information about the hack: files have been uploaded and altered containing vulnerable code such as C99 shells (see [url removed, login to view] for more information). Vulnerable file examples are /wp-content/themes/toolbox/[url removed, login to view]
Please note, we can't re-enable your site unless you prove to us that you have fixed the vulnerability. You may need the assistance of your web developer for this.