Skip to main content

lfd suspicious process, then Wordpress is hacked and spam...

Comments

4 comments

  • cPanelMichael
    Hello :) I suggest reviewing log files to see if you can determine the source of the exploit. The following thread may help:
    0
  • drhoo
    Hello Michael, I'd read that thread before posting mine. I was hoping that someone might be able to point me in the right direction using possible scenarios. Thanks
    0
  • quizknows
    Possible scenarios I can think of; wp-admin password was weak/compromised. a plugin was hacked during a vulnerable period of time prior to an update, and malware was left behind even though things are up to date now. If you have not already, take a look for any recently created files, especially php files, inside of the account. Also run clamscan / maldet on that users public_html directory. Check to see if the user happens to have a crontab as well (crontab -l -u USER) Have a good look around /home/userdir/public_html/delta/wp-content/uploads/ as well.
    0
  • drhoo
    Thanks Quizknows.
    0

Please sign in to leave a comment.