|
Well after you got your server back, did you try upgrading to the latest version? update all your server software? remember, they could be getting it via an SSH exploit just as easily as a WHM hole. In fact, ive seen more SSH explots floating around then I have WHM explots, but i havent been a part of *that* community in a few years lol.
Also try removing the Remote Access feature, or changing the Hash thats its using. If youve got a script like WHM.AP or modernbill or whois.cart (and so on) they could have found your access hash and possibly be doing a lot of that damage that way. Although it would be stupid for WHM to allow your remote administration access for scripts, to allow you to change the root pass. that sounds like its asking for problems.
Anyways, keep an open mind, there are probably more than a few points of interest available on a dedicated webserver, especially one running something like cpanel which is so comprehensive.
|