CleanShift Blog
Threat intelligence, engineering deep-dives, and server security guides.
How to Find wp_options Malware That Imunify360 Misses
wp_options is the most attacked table in WordPress. Attackers inject base64-encoded redirects and SEO spam that file-based scanners like Imunify360, ClamAV, and Wordfence can't see. Here's how to find and remove it.
Read articleCVE-2024-28000: How We Cleaned 30 Infected WordPress Sites in 12 Minutes
A LiteSpeed Cache privilege escalation hit 30 of 34 WordPress sites on a cPanel server. Imunify360 found 2 PHP files. CleanShift found rogue admins, wp_options injections, and SEO spam across all 30 — and cleaned them automatically.
Read articleUnderstanding CVE-2024-28000: Why legacy scanners miss database malware
A deep dive into the recent LiteSpeed Cache vulnerability and how attackers are bypassing traditional file-based scanners using wp_options injection.
Read articleHow we reduced fail2ban CPU usage by 98% on CloudLinux 9
Systemd journal backend issues can cripple a busy cPanel server. Here is how we diagnose and fix run-away fail2ban processes.
Read articleThe problem with SGID and Dovecot LMTP
Thousands of stale lock files and high load? Learn how to fix Dovecot fchown permission errors once and for all.
Read article