malicious attacks that changed my cpanel password

[nrshagor001]

Hello,

My cpanel got attack by malicious attack repeatedly for around a year. And Everytime the attacker put random code into my website file, I tried to delete it and cycle repeated. But unfortunately today my cpanel got attack and hacker has changed my cpanel password access and deleted all my website. Can anyone help to figure it out what step should i take to prevent the access of my cpanel. Also, I want to know how the attacker got access to my cpanel at first place.

 

[cPRex]

Hey there! Do you have root access to the server or only access to your cPanel account? This type of investigative work needs to happen at the root admin level of the system, as your cPanel account data is no longer reliable.

 

[nrshagor001]

Hey there! Do you have root access to the server or only access to your cPanel account? This type of investigative work needs to happen at the root admin level of the system, as your cPanel account data is no longer reliable.

I have WHM Access. how can i investigation ?

 

[cPRex]

There isn't going to be one specific tool that will help through WHM. You'll want to check the server access logs in /usr/local/cpanel/logs/access_log to see who may have accessed the account. That log could also tell you what areas of the interface were accessed so you can determine if the password reset pages were accessed as part of this work.

I will say, one of the most common ways that people reset passwords is through keylogger malware on the user's computer, and not issues with the server itself, so checking that would also be a good security step.