Compromised Account paypal

pueblosnet

Active Member
Dec 23, 2003
38
0
156
Hello! today another website have been hacked but this time without any CMS, form, permission problems or insecure password, so how they did it?

The website was with that url
/http://paypal.com.secure.login.cmd.path1.login.cmd.path2.login.cmd.path1.cmd.path2.login.cmd.path1.cmd.path5.login.cmd.path3.THE-CUSTOMER-DOMAIN.com/index.php

So I think they gain access to the cpanel account to create subdomains, any idea about where to start from?