Obscure Cron job running after being hacked

  • Resolved clauderoe

    (@clauderoe)


    5 years, 6 months ago

    A few weeks ago our site was hacked and was used to attack other sites. At the same time we saw comments on our site that clearly were not related to our business.
    We could repair everything, except for one thing: every minute a cron job runs and we cant find out how to get rid of it.
    crontab -e
    doesnt list it and it doesnt show up in WP Control plugin either.
    cron logfile shows:
    CRON[15447]: (www-data) CMD (/var/www/html/wp/wp-content/uploads/2019/03/let_input > /dev/null 2>&1)

    It doesnt do any harm anymore because we have removed the let_input script from that folder, but we really would love to understand where this cron entry is triggered and remove it

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Obscure Cron job running after being hacked’ is closed to new replies.