Hello,
A close look is needed for finding out the hack attempts. You can check the ftp logs : /var/log/messages , cpanel logs :/usr/local/cpanel/logs/access_log and apache logs : /usr/local/apache/logs/access_log and apache domlogs.
It is always good to a maldetect to find vulnerable files, if any.