Server Hacked :( Script to replace index file from backup


Well-Known Member
Nov 3, 2007

Recently our server got hacked, I checked logs but logs are rotated already so i can not find out how did they got it..., I did changed all users & root password AND also disabled the cpbackup so that the weekly backup don't get overwritten.

Only index page hacked & rest of things are as it is. hacker has replaced following files to the root(public_html) directories of respective users

index.html, index.htm, index.php, default.html, default.htm & default.php . we had manually removed these files from root(public_html) directories of each users & restored their index pages.

Now i am looking for a script which run & remove hacked pages " index.html, index.htm, index.php, default.html, default.htm & default.php " from /home/*/public_html/ AND restore default index pages from the /baclup/cpbackup/weekly/ to the root (public_html) directories of respective users /home/*/public_html

so that we & others can save the time.

Looking for your kind support guys :)


Quality Assurance Analyst
Staff member
Oct 2, 2010
somewhere over the rainbow
cPanel Access Level
Root Administrator
You may wish to hire a qualified system administrator who performs script development to help when you have security issues:

Dev & Sys Admin Services « Application Catalog

Such services also typically would help after an account has been exploited in fixing it.