Posts in Security

Brute force, malware, hardening, and panel-level access control.

May 10, 20268 min read
Hardening every WordPress site on cPanel in one loop
A field-tested bash loop that walks every cPanel user, finds every WordPress install, and applies an idempotent hardening checklist with weekly drift detection.
#wordpress #cpanel #hardening #bash #security
May 6, 202614 min read
Locked out of cPanel SSH: VNC, iptables, and the way back in
How to recover from a cPanel SSH lockout using your provider's VNC console, iptables flush, and CSF restore, plus the audit that prevents the next one.
#cpanel #csf #ssh #iptables #vnc #lockout
May 2, 202614 min read
xmlrpc.php abuse and the 27-site one-shot fix on cPanel
A postmortem on 5,400 xmlrpc.php requests an hour from one /24, why per-site plugin fixes fail, and the shell loop that hardened 27 WordPress sites at once.
#xmlrpc #wordpress #cpanel #php-fpm #csf #htaccess
Apr 30, 202616 min read
Three real WordPress compromises and how we found them
Three anonymised WordPress compromise postmortems on cPanel: a nulled Elementor Pro backdoor, a wp_options casino injection, and a six-week data exfiltration.
#wordpress #malware #cpanel #incident-response #wp-cli #forensics
Apr 29, 202613 min read
SSH brute force on cPanel: the 8,127-attempt night and the fix
A postmortem on 8,127 failed SSH logins to a cPanel server in six hours from rotating /24s, why lfd alone could not see the pattern, and the layered fix.
#ssh #csf #lfd #cpanel #brute-force #fail2ban
Apr 25, 202615 min read
WooCommerce filter URLs are a crawler trap: the fix
A 2026 postmortem on WooCommerce filter URLs as a crawler trap: 41,000 unique URLs/hour from Facebook and MJ12bot, the diagnostic, and a three-layer fix.
#woocommerce #facebook-crawler #mj12bot #cpanel #mod-security #faceted-navigation
Apr 20, 202614 min read
CSF, lfd, and Imunify360: why your firewall is killing itself
A 2026 postmortem on cPanel servers running CSF and Imunify360 in parallel: lfd OOM kills, csf.deny bloat, iptables races, and the fix we ship.
#csf #lfd #imunify360 #cpanel #iptables #firewall
Apr 19, 20262 min read
Imunify360 custom SSH port: stop blocking your admins
Tell Imunify360 about your non-22 SSH port so its brute-force protection stops blocking legitimate admin connections, with a verification command.
#imunify360 #ssh #cpanel #firewall
Apr 16, 20262 min read
Find SSH attacker subnets in /var/log/secure: a quickref
One-liner to surface the top attacking /24 subnets in /var/log/secure during an SSH brute-force wave, plus per-username and per-minute variations.
#ssh #brute-force #grep #log-analysis