Compromised Website Question

Dpak

Registered
Nov 5, 2017
1
0
1
Nepal
cPanel Access Level
Website Owner
I was building my website. I was aware that my website is vulnerable, because I was using simple mysqli code and easy password in login script that can be guessed for testing purpose. I was planning to change mysqli to pdo to save from sql injection. I couldn't change because of lack of time. After few days, when I tried to reconstruct website, I found website was hacked. Hacker's had put own code in index.php uploaded his html file in public_html folder. Immediately I deleted his code and pasted code in index.php from my backup. When I try to change login script, I got suck, there is not admin folder in cpanel which I'd created. My question is that how they hack my website. I want to know they hack my cpanel or admin panel. As I mentioned above, my admin panel was weak. But cpanel is strong. Is it possible to delete public_html folder from sql injection. I think it is not only from sql injection. Are they able to get cpanel access ? If they can access cpanel, why they didn't delete other file and folder of cpanel, such as images, videos folder.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

Your access level shows as "Website Owner". Do you have root access to this system? If not, I recommend consulting with your web hosting provider so they can take a closer look at the cPanel access logs to see if cPanel was accessed by another user.

Thank you.