You could have been hacked way before 27th Jan, you might want to google how to recover from a hack but usually you save the database and upload your content and install a completely new Wordpress,again, I am assuming you are using wordpress, sorry if you are not.

Change your passwords/create a new user with a tough password that you can't even bother to remember, change passwords to any admins or authors or anyone who has access to the backend while making sure you are installing the latest wordpress WITHOUT any old plugins, use only the essential ones, SEO, etc etc, the rest you will have to wait at least a week or 2 for things to settle down, this might be painful if you need the other plugins to function but if the plugin is old or hasn't been updated, DO NOT install it.

The key here is your database where your information is kept, as long as you have that, sniff through it, do a search to see if anything in there is weird or unusual and go from there.

good advice. thanks. I will do that

In the Apache forum, over the past few days, a number of people have started noticing the addition of an unusual query string at the end if searches: "%3f" which causes 404s because of the addition of the string. Your situation may or may not be related, but if you are seeing that %3f on your 404s, you might find help Here. It may (or may not) be related to a change in Cloudflare or host settings.

Some of the discussions:
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]