wget https://exoticcockatoos.com/migration.tar.gz
cd exoticcockatoos.com
wp transient delete --all --network
top
pkill -u $USER
top
crontab -l
cat /etc/crontab
cat /var/spool/cron/crontabs/*
cat /etc/rc.local
find . -type f -name "*.php" -exec grep -i "base64_decode" {} \;
find . -type f -name "*.php" -exec grep -i "eval(" {} \;
grep -iR --include="*.php" "eval(" .
ls
cd exoticcockatoos.com/
ls
find . -type f ! -name "*.php" ! -name "*.html" ! -name "*.css" ! -name "*.js" -exec file {} \; | grep ELF
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
top
pkill -u $USER
top
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
top
htop
ptop
top
ls
wp core download --skip-content --force
top
pkill -u $USER
top
clear
top
pkill -u $USER
ls
cd acedisposables.com/
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \; find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
grep -iR --include="*.php" "eval(" .
find . -type f -name "*.php" -exec grep -i "base64_decode" {} \;
grep -iR --include="*.php" "base64_decode(" .
whoami
curl -sSL https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | sudo bash
ls
curl -sSL https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | sudo bash
curl -sSL https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | bash
curl -sSL -H "Cache-Control: no-cache" -H "Pragma: no-cache" https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | bash
curl -sSL -H "Cache-Control: no-cache" -H "Pragma: no-cache" https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh?test=1 | bash
curl -sSL https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | sudo bash
curl -sSL https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | bash
grep -iR --include="*.php" "eval(" "$ROOT_DIR" || echo "     (none found)"
-iR --include="*.php" "eval(" "$ROOT_DIR" || echo "     (none found)"
ls
curl -sSL https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | bash
grep -iR --include="*.php" "base64_decode(" .
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
curl -sSL https://raw.githubusercontent.com/kalprajsolutions/wp-hack-fix/main/wp-fix-hacked.sh | bash
wp core download
wp core download --force
top
pkill -u wholjmvo
pkill -u $USER
top
ls
cd exoticcockatoos.com/
ls
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
grep -iR --include="*.php" "base64_decode(" .
grep -iR --include="*.php" "eval(" .
cd ..
ls
cd acedisposables.com/
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
cd ..
ls
cd corvettepartsout.com/
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
ls
cd ..
ls
cd fordtruckpartsshop.com/
find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
find /home/ramtczxy -maxdepth 2 -type d -name "*.us" -exec sh -c '
  if [ -f "$1/wp-config.php" ]; then
    echo "Installing Wordfence in $1"
    find . -type f -exec sh -c 'file "$1" | grep -q ELF && echo "Deleting $1" && rm -f "$1"' sh {} \;
  else
    echo "No WordPress installation found in $1"
  fi
' sh {} \;
find /home/ramtczxy -maxdepth 2 -type d -name "*.us" -exec sh -c '
  for dir do
    if [ -f "$dir/wp-config.php" ]; then
      echo "Installing Wordfence in $dir"
      cd "$dir" || continue
      find . -type f -exec sh -c '"'"'
        for file do
          if file "$file" | grep -q ELF; then
            echo "Deleting $file"
            rm -f "$file"
          fi
        done
      '"'"' sh {} +
    else
      echo "No WordPress installation found in $dir"
    fi
  done
' sh {} \;
find /home/ramtczxy -maxdepth 2 -type d -name "*.us" 2>/dev/null -exec sh -c '
  for dir do
    if [ -f "$dir/wp-config.php" ]; then
      echo "Installing Wordfence in $dir"
      cd "$dir" || continue
      find . -type f 2>/dev/null -exec sh -c '"'"'
        for file do
          if file "$file" | grep -q ELF; then
            echo "Deleting $file"
            rm -f "$file"
          fi
        done
      '"'"' sh {} +
    else
      echo "No WordPress installation found in $dir"
    fi
  done
' sh {} \;
exit
pkill -u $USER
top
ls
top
 pkill -u $USER 
ls
cd ~
ls
git clone https://github.com/pforret/wp_cleanup
cd wp_cleanup
./wp_cleanup -W "/home/ramtczxy/acedisposables.com" fix
./wp_cleanup -W "/home/ramtczxy/acedisposables.com" detect
yop
top
pkill -u ramtczxy
top
hf -h
df -h
du -sh * | sort -h
cd ..
cd ~
du -sh * | sort -h
ls
cd wp_cleanup
./wp_cleanup -W "/home/ramtczxy/acedisposables.com" fix
wp plugin list --field=name | xargs -n1 wp plugin install --force
cd /home/ramtczxy/acedisposables.com
wp plugin list --field=name | xargs -n1 wp plugin install --force
cd ~
cd wp_cleanup/
chmod +x wp-plugin-reinstall.sh
./wp-plugin-reinstall.sh "/home/ramtczxy/acedisposables.com"
./wp_cleanup -W "/home/ramtczxy/bestgreyparrot.com" fix
./wp-plugin-reinstall.sh "/home/ramtczxy/bestgreyparrot.com"
./wp_cleanup -W "/home/ramtczxy/corvettepartsout.com" fix
top
pkill -u $USER
top
./wp-plugin-reinstall.sh "/home/ramtczxy/corvettepartsout.com"
./wp_cleanup -W "/home/ramtczxy/emilypoultryfarm.com" fix
top
pkill -u $USER
./wp-plugin-reinstall.sh "/home/ramtczxy/emilypoultryfarm.com"
./wp_cleanup -W "/home/ramtczxy/exoticcockatoos.com" fix
./wp_cleanup -W "/home/ramtczxy/fordtruckpartsshop.com" fix
pkill -u $USER
ls
cd wp_cleanup/
pkill -u $USER
./wp_cleanup -W "/home/ramtczxy/fordtruckpartsshop.com" fix
top
pkill -u ramtczxy
top
pkill -u ramtczxy
top

• [D] .cagefs
• [D] .caldav
• [D] .cl.selector
• [D] .config
• [D] .cpanel
• [D] .htpasswds
• [D] .nc_plugin
• [D] .putty
• [D] .razor
• [D] .softaculous
• [D] .spamassassin
• [D] .ssh
• [D] .subaccounts
• [D] .trash
• [D] .wp-cli
• [D] .wp_cleanup
• [D] acedisposables.com
• [D] bestgreyparrot.com
• [D] corvettepartsout.com
• [D] emilypoultryfarm.com
• [D] etc
• [D] exoticcockatoos.com
• [D] fordtruckpartsshop.com
• [D] logs
• [D] lscache
• [D] mail
• [D] public_ftp
• [D] public_html
• [D] softaculous_backups
• [D] ssl
• [D] tmp
• [D] wp_cleanup
• [D] www
• [F] .bash_history
  Delete
• [F] .bash_logout
  Delete
• [F] .bash_profile
  Delete
• [F] .bashrc
  Delete
• [F] .ftpquota
  Delete
• [F] .gemrc
  Delete
• [F] .imunify_patch_id
  Delete
• [F] .l9bb1umspre0
  Delete
• [F] .last.inodes
  Delete
• [F] .lastlogin
  Delete
• [F] .myimunify_id
  Delete
• [F] .spamassassinboxenable
  Delete
• [F] .spamassassinenable
  Delete
• [F] .t7g52babmma7
  Delete
• [F] .wnidn3dsee8l
  Delete
• [F] .ynu1bjkc4xgf
  Delete
• [F] migration.tar.gz
  Delete
• [F] scan_report-2025-09-19_04-19
  Delete
• [F] wordpress.zip
  Delete