Hey everyone, My servers were hacked today, using what I believe may be a large scale cPanel exploit. The user gained access to an account on each server, and was able to give it reseller priviledges with full root access. How you may ask? I found the following the cpanel logs: [removed] My servers are well secured, we have done and installed many security features to keep scripts from being exploited and the server hacked. Mod_security for example. Not to mention we also block port 2086 and 2087 using APF in order to keep such things from happening. We have to manually add IPs to to allow_list in order to acces WHM. Any ideas how this person might have gone through? I am baffled at this....!