Investigating a hacked WordPress site on Linode being used as a DDoS relay (opens in new tab)

There's huge amounts of poorly coded PHP malware, mostly for WordPress, but occasionally for other PHP CMS. It doesn't get much examination. I suspect this is because security people mostly grew up with Windows.