Just received this email from my hosting provider, this looks very serious
_________________________________________________________________________
A domain under your reseller account, *********** has been disabled by support. Multiple malicious script attempts have been detected, and the use of these scripts spiked this one domain to 1.5gb of continuous ram usage and high CPU.
Please have this user go through their scripts/upgrade any third party software for vulnerabilities and rename their public_html_off folder back to public_html.
Thanks!