A hacker penetrated my cPanel and modified files and code on my site.
I have a log report from hosting service provider. It goes like this:
…..frontend/paper_lantern/filemanager/upload-ajax.html?file=megla.txt&fileop=&dir=%2Fhome%2Fmyaccount%2Fmydomain.com&dirop=&charset=&file_charset=&baseurl=&basedir=” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.59 Safari/537.36” “s” “-” 2083
(I replaced only the account name and site name with generic ones)
My cPanel password is very strong (100%), it’s long and beside letters and numbers it contains special many characters; I’ve changed it a few times. It is not possible that one can hack it easily.
It already happened 3 times and each time the system suspends my account automatically for a number of hours, before it’s restored by the support staff.
I suspect that the attack is done by a former developer who I know was a hacker and we didn’t part on exactly friendly terms. He knows the structure of my site and I have a static IP which he also knows.
If possible, I would like to know some details about how to protect my site from further similar hacking, penetrations, injections, etc.
Have you reviewed your own PC’s security – the same PC from which you manage the site – to ensure no malware has been installed. Check your proxy settings, if used, make sure you recognise all the hardware installed inside your PC, check that there are no mysterious devices on your network located between your PC and your router etc.