Hacked - Injected

Hello,
Found one of my sites has been injected with Replica Rolex links in a number of the records.

The site has been around for a few years using various WA extensions. CMS Builder, Data Builder and MySQLi

Any details that can help solve, fix and block the hackers or bots from gaining access again?

Here are my current steps:
1) Installed new PHPmyAdmin (latest version).
2) Changed MySQL root password
3) Downloaded compromised database and searched for other records that were compromised.
4) Cleaned up all compromised records
5) Create NEW database and access User account
6) Restore cleaned database to new database
7) Create new Site and start migration of files from current live site.
8) Change passwords for MySQL Connections to new User account
9) Figure out how to make Power CMS reinstall new files on new site..?

This should provide new access points to a clean DB and discard any old access methods.

Anything else I should be doing?

There was an old version of ckeditor that had security issues many years back. I'm wondering if that was still on the site.

If you give me FTP access I can take a look and make sure.

I also have a partial use of a sql connection in the calendar file (calendar.php) that may have left some of the prior "cleaning" functions behind in it's creation... I'll redo that page using MySQLi connection methods.

Password for FTP in private message

It isn't letting me in with that password. Are you sure you entered it correctly?

Hi Ray, Yes, I tested the credentials prior to posting them.

It worked that time... I must have entered it wrong.

I looked through your files and I don't see any of the old files that would have caused a security hole on our end.

Logs attached