I know this might be newbie ish question but I am hoping for some insight that might be Hestia CP specific.
I got an warning today from my host that my IP is sending spam. The server I have on that IP is my Hestia installation with about 20 different users, each with a wordpress site installed.
What is the best way to be able to quickly identify which is my users has the compromised site so I can troubleshoot their site (or nuke it)? Is there a specific place in Hestia I can check?
Thanks!
Found all the files in the web folder causing the issues.