A hacker penetrated my cPanel and modified files and code on my site.
I have a log report from hosting service provider. It goes like this:
…..frontend/paper_lantern/filemanager/upload-ajax.html?file=megla.txt&fileop=&dir=%2Fhome%2Fmyaccount%2Fmydomain.com&dirop=&charset=&file_charset=&baseurl=&basedir=” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.59 Safari/537.36” “s” “-” 2083
(I replaced only the account name and site name with generic ones)
My cPanel password is very strong (100%), it’s long and beside letters and numbers it contains special many characters; I’ve changed it a few times. It is not possible that one can hack it easily.
It already happened 3 times and each time the system suspends my account automatically for a number of hours, before it’s restored by the support staff.
I suspect that the attack is done by a former developer who I know was a hacker and we didn’t part on exactly friendly terms. He knows the structure of my site and I have a static IP which he also knows.
If possible, I would like to know some details about how to protect my site from further similar hacking, penetrations, injections, etc.