A friend of mine who's running a website on a shared host was recently hacked. The only web app they have on the site is WordPress and they keep it up-to-date rather religiously (within a day of new versions being announced). This makes me think that cPanel might have been the culprit, however, I'm not really sure how to prove this. Would the server logs - which normally show requests made on port 80 - show requests made on port 2082 (ie. the "cPanel port")? If not, might cPanel, itself, be able to provide me with the logs of people who have accessed it?