Problem about account been hacked

mariaasuka24

Registered
Apr 14, 2014
4
0
1
cPanel Access Level
Website Owner
Hello all!

I saw a few threads on this put nothing there helped me.

I saw that one of my accounts were compromised causing high server loads. I find some files such as in a new directory "log" with the file "error.php".

I tried deleting it but it keeps reappearing. Meaning I run the rm -rf error.php command under root, then it appears the file to be removed but then I run ls -l and the file is back. I tried "chown", "chmod", chattr -i, etc. nothing seems to work.

the output for chattr -i is "-----------e" not sure what that means

Cpanel is not working either.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello :)

Your access level is listed as "Website Owner". However, based on your initial post, I assume you have root access to this server. The following thread answers a similar question:

What log files to check after an account gets hacked/defaced?

You should also review the "Security Advisor" option in WHM to ensure you are implementing configurations that allow for protection against common hacks.

Thank you.