|
I do not think root was compromised.
I checked the cpanel login logs and there were thousands of failed logins.
Seems that they actually used brute-force.
But since the logins were attempted from localhost Brute-Force protection from cpanel didn;t banned them as they are automatically whitelisted or it does not even go trough it.
|