cpanel website hacked
If Site hacked change below passwords with immediate effect.
- cPanel Password
- Email Passwords
- FTP passwords - Make sure all FTP accounts listed in cPanel are in use. If they are not using, remove them from account.
- Passwords for any Content Management Systems (CMS) such as WordPress, Joomla or Drupal. Always update latest version of the scripts.
- Check email forwarders are correctly forwareded to the correct email addresses.
Then check ftp logs and apache for finding hacker file
grep FILE_NAME /var/log/messages*
grep FILE_NAME /usr/local/apache/domlogs/DOMAINNAME
grep username /var/log/messages*
ls -l /usr/local/apache/domlogs | grep domainname.com