- upgrade cpanel and the rest of your software to it's latest (stable) version.
- did you backup all your vital data?
- then try to figure out by log files which ip address (range) they use, and block this using your firewall, most probably iptables.
- try to make sure it wasn't one of your customers (assume it is about shared hosting0
- now try to find out by going through all your log files (make a backup of those either!) how the hack was performed. If you're lucky, the hacker didn't remove/fake these.
By the way: what was hacked exactly? if the hacker had access over SSH (shell), try to log in with SSH and try the commands 'last' and 'who' with these commands you can see the last 30 logins, and see who is logged in ATM.
- did you backup all your vital data?
- then try to figure out by log files which ip address (range) they use, and block this using your firewall, most probably iptables.
- try to make sure it wasn't one of your customers (assume it is about shared hosting0
- now try to find out by going through all your log files (make a backup of those either!) how the hack was performed. If you're lucky, the hacker didn't remove/fake these.
By the way: what was hacked exactly? if the hacker had access over SSH (shell), try to log in with SSH and try the commands 'last' and 'who' with these commands you can see the last 30 logins, and see who is logged in ATM.