Server hacked from CPanel - after backup function

[yaax]

Today my server was hacked by some users accessed it from Cpanel only.
They even did not accessed from SSH - thay only got access to root WHM and deleted all accounts.

I have checked CPanel logs, they triied to find all CPanel security holes and finally they found some way by uploading some invalid backup file from another account on another server.

My server run Linux Fedora Core 2 last kernel, and CPanel R-143

I think all Cpanel users must know about this problem!

Also Cpanel must add some security layer like email on every root login to CPanel and store all unsuccessfull CPanel logins and lock CPanel account after few failed logins from Cpanel menu.

[casey]

Please send an e-mail to cpanel about this. If this is an actual security hole, they need to be notified of it immediately. They may or may not see this post, and there's no guarantee when they'll see it if they do.

[jamesbond]

Even if it's not a security hole I think it's time for CPanel to add some security measures to make it less interesting for hackers to try to gain access through unmonitored CPanel/WHM ports.

3 options I would be interested in are:
-Access to WHM based on IP
-Send e-mail with every WHM root log-in attempt and block ip after 3 failed log-ins.
-Block ip address after a defined number of failed CPanel log-ins.