Skip to main content

Account Continually Compromised Problem

Comments

2 comments

  • Steven Katz
    Perhaps there is a "Golden Version" of the /.cpanel folder with a list of files and file sizes that I can compare to the existing install? This way I can delete anything not in the "Golden Version" and anything that doesn't match the file size I can review? I'm not a security expert, merely the most technically knowledgeable in our small business. Open to all suggestions. Thanks!
    0
  • cPanelLauren
    Hello @Steven Katz It sounds as though the issue wasn't completely cleaned up or the source of the issue wasn't actually found. There are a few really great guides for cleaning Wordpress compromises from WordPress themselves as well as a couple of the forerunners in WordPress Security: FAQ My site was hacked " WordPress Codex How to Clean a Hacked WordPress Site - Sucuri Guide How to Clean a Hacked WordPress Site using Wordfence - Wordfence What I would suggest doing if you're unable to find the source of the issue is to enlist the assistance of a qualified system administrator. If you don't have one you might find one here: System Administration Services | cPanel Forums It's pretty normal for the information in /home/$user/.cpanel to change periodically especially since a lot of cached data is stored in its subdirectories. It'd be really difficult to provide you with a known good copy as it wouldn't necessarily be good for you and definitely wouldn't be useful for comparison. Data in .cpanel is regenerated quite frequently.
    0

Please sign in to leave a comment.