Your Website has been defaced!
Attackers may or may have created access points for themselves (sometimes called “backdoors”)
in the database, code, files directory and other locations.
Attackers could compromise other services on the server or escalate their access and
even stole confidential data from your server.
Removing a compromised website’s backdoors is difficult because it is not possible
to be certain all backdoors have been found. Even I, myself, gained access on any
files on your server but I highly assured you that no "backdoors"
were installed during my penetration testing. I believe that security is
not JUST an option to you and would take Web Security seriously.
I suggest you to patch your security as soon as possible to avoid further attacks by others.