Hi,
Some of my clients' websites got hacked recently. I am sure that I have removed all of the infected files. I use maldet to find the infected file and also blocked some suspicious IPs. However, the hacker still have the ability to create Cpanel accounts by using different reseller accounts under my WHM.
Does anyone know how to find out where's the security leak of my Cpanel/WHM that allows the hacker to login or to find out any script that the hacker has installed to my server?
I have changed my root password many times, but I still cannot get rid of that sucker. Please help. Thank you very much for your help.
Some of my clients' websites got hacked recently. I am sure that I have removed all of the infected files. I use maldet to find the infected file and also blocked some suspicious IPs. However, the hacker still have the ability to create Cpanel accounts by using different reseller accounts under my WHM.
Does anyone know how to find out where's the security leak of my Cpanel/WHM that allows the hacker to login or to find out any script that the hacker has installed to my server?
I have changed my root password many times, but I still cannot get rid of that sucker. Please help. Thank you very much for your help.