My personal blog—along with a few static pages that sit beside it on the same shared host—has been hit by a serious breach. I am seeing clear signs of unauthorized file access, unexpected file modifications, and outright malicious injections sprinkled throughout multiple directories. I need someone who can jump in immediately, confirm the entry points, eradicate every backdoor, and harden the stack so this does not happen again. What I already know • The environment is a shared Linux hosting account with both static HTML and dynamic pages. • Likely culprits include LFI/RFI, overly permissive file permissions, or even a fully-compromised host account. • The indicators of compromise mentioned above are active and ongoing; new rogue files appear within minutes of deletion. What I need from you 1. Rapid triage of the live site (no downtime if possible). 2. Complete malware and backdoor removal. 3. A systematic penetration test—static and dynamic—to identify LFI/RFI or any other vulnerability being exploited. 4. Hardening: fix permissions, tighten server config, and deploy practical WAF or equivalent protections that work within shared-hosting constraints. 5. A concise technical report outlining: • root cause(s) confirmed • steps you took to remediate • recommendations for continuous monitoring and future prevention I will provide cPanel, SSH (jailed), and CMS credentials the moment we kick off. If you regularly use tools like Burp Suite, OWASP ZAP, ClamAV, or custom scripts, please mention that so I know you can move fast in this environment. This is an urgent assignment—first meaningful progress update is expected within 24 hours and full closure as quickly as realistically feasible.