What is the anonymousfox address on my system?
Anonymousfox is a Wordpress vulnerability where users are able to exploit vulnerable Wordpress plugins to get access to the account's files on the system. While not an issue with the cPanel software, the attacker can gain access to that particular cPanel account by editing the contact address file and then resetting the account's password.
While the best way to resolve this would be to fix the vulnerable scripts on the account, you can restrict the cPanel user from resetting their own password my making sure the "WHM >> Tweak Settings >> Reset Password for cPanel accounts" option is set to off, as that will keep the user from gaining full access to the cPanel user and interface.
There are excellent forums posts that have additional details you may want to read at the following links:
cPanel Forums: Question and Tips about "anonymousfox"
cPanel Forums: cpanel login after AnonmousFox hack