I don’t have an answer and it is something I am unfortunately not going to look into. You can easily login to the gui and change the admin user password through “amportal a u”
This topic is no longer a banner. It will no longer appear at the top of every page.
This post is closed and should serve as informational. It looks like the bulk of attacks have died down. If you are directed here please update your system. If you keep getting re-hacked it is possible a back door was added and missed. You may consider a re-install. If you do a re-install and use a backup that includes the webroot you may be taking a back door with you to your new install.
grep -R 'system(' /var/www/html
Keep in mind we would never base64 encode a system command.