Phoenix - Your AI AssistantServer Compromise (cPanel Hosting Account Malware Cleanup)
- Posted:
- Proposals: 9
- Remote
- #4478524
- Awarded
Cochin 
Description
Experience Level: Entry
cPanel Hosting Account Malware Cleanup + WordPress Rebuild (Confirmed Server Compromise)
We are looking for a senior WordPress & Linux hosting security expert to perform a complete forensic cleanup and rebuild of a compromised cPanel hosting account.
This is NOT a simple WordPress malware cleanup. The entire hosting account has been compromised.
A detailed forensic report has already been completed. The compromise includes:
• Multiple PHP backdoors
• File-write RCE webshell
• Malicious .htaccess hijack
• Traffic redirect malware
• Shadow WordPress installations (/fresh and /pixoll directories)
• Modified wp-config.php
• 72,000+ injected spam users in database
• Suspicious FTP account with full home directory access
• Locked malicious files (0444 permissions)
• Ongoing file modifications as recent as March 2026
Hosting environment:
cPanel (Namecheap shared hosting)
Multiple MySQL databases
Shared IP environment
Scope of Work Required
The expert must:
Perform full account-level cleanup (not just WordPress)
Remove all malware and backdoors
Remove shadow WordPress installations
Delete suspicious FTP accounts
Rotate all credentials (cPanel, FTP, MySQL, WP)
Replace WordPress core with clean installation
Clean infected database (remove 72k spam users safely)
Verify no remaining persistence mechanisms
Audit .htaccess and server configs
Ensure site is safe to submit for Google reconsideration
If required, we are open to:
Full cPanel account reset and rebuild
Migration to a fresh hosting environment
Important
You must have:
Proven experience with advanced WordPress malware removal
Experience handling RCE webshell infections
Experience with cPanel server-level audits
Ability to work via SSH if needed
Ability to provide a detailed post-cleanup report
This is NOT a beginner job.
Do not apply if you only use plugins to “scan and delete”.
Deliverables
Clean hosting account
Clean WordPress installation
Clean database
No shadow installations
Security hardening implemented
Final written security report
Confirmation of no reinfection vectors
When Applying
Please include:
Description of similar infections you have cleaned
Your proposed approach (brief step outline)
Estimated timeline
Whether you recommend full account rebuild
We are looking for a senior WordPress & Linux hosting security expert to perform a complete forensic cleanup and rebuild of a compromised cPanel hosting account.
This is NOT a simple WordPress malware cleanup. The entire hosting account has been compromised.
A detailed forensic report has already been completed. The compromise includes:
• Multiple PHP backdoors
• File-write RCE webshell
• Malicious .htaccess hijack
• Traffic redirect malware
• Shadow WordPress installations (/fresh and /pixoll directories)
• Modified wp-config.php
• 72,000+ injected spam users in database
• Suspicious FTP account with full home directory access
• Locked malicious files (0444 permissions)
• Ongoing file modifications as recent as March 2026
Hosting environment:
cPanel (Namecheap shared hosting)
Multiple MySQL databases
Shared IP environment
Scope of Work Required
The expert must:
Perform full account-level cleanup (not just WordPress)
Remove all malware and backdoors
Remove shadow WordPress installations
Delete suspicious FTP accounts
Rotate all credentials (cPanel, FTP, MySQL, WP)
Replace WordPress core with clean installation
Clean infected database (remove 72k spam users safely)
Verify no remaining persistence mechanisms
Audit .htaccess and server configs
Ensure site is safe to submit for Google reconsideration
If required, we are open to:
Full cPanel account reset and rebuild
Migration to a fresh hosting environment
Important
You must have:
Proven experience with advanced WordPress malware removal
Experience handling RCE webshell infections
Experience with cPanel server-level audits
Ability to work via SSH if needed
Ability to provide a detailed post-cleanup report
This is NOT a beginner job.
Do not apply if you only use plugins to “scan and delete”.
Deliverables
Clean hosting account
Clean WordPress installation
Clean database
No shadow installations
Security hardening implemented
Final written security report
Confirmation of no reinfection vectors
When Applying
Please include:
Description of similar infections you have cleaned
Your proposed approach (brief step outline)
Estimated timeline
Whether you recommend full account rebuild
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
Hi, First you need to contact with your hosting provider.