Question posted in 
I see an unknown tar file in cpanel file manager. The thing that is bothering me whether or not I delete this file.
Recently I found some malicious files in my wordpress website and the hosting provider sent me a message to look over the whole website. Can anyone tell me if this unreal file was responsible or not?
2
Answers
This is a unusual filename (with tar.gz). This isn’t wordpress file also. I think is better to delete this file.
The file seems very odd and is not part of any installation.
It is also uploaded in your Home Directory – which no application does.
If you have not uploaded the folder yourself you should indeed delete it.
Afterwards it is nice to go through your access log files to see if there aren’t any POST requests made to your website that seem odd.
You can also look through the file called .lastlogin in your cPanel’s Home Directory – it contains all IP addresses that have accessed your cPanel account.