Recently one of the wordpress websites got hijacked and started sending phishing emails so i started digging to see if there is something else happening except that website template got hacked. So i stumbled upon a folder created by apache in /tmp Code: /tmp/systemd-private-1d38464aaf6145b2aa0544ebf14e188c-apache2.service-W4xLnU/tmp/passenger.T6VSLcs And inside that folder there is a content that is looking a little concerning to me, specially passwords stored in .txt files I was able to read .json file and it mention something called passenger. When i was setting up this server i followed a guide "The Perfect Server - Debian 9 (Stretch) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1" I don't remember i ever installed or setup something like this on the server. Looking at google i found this and few other info. So should i be concerned about having something i shouldn't have on my server or this is something that comes installed at some point alongside apache or ispconfig and needed for proper functionality of the server?