Server security issue.
I want to check how a hacker penetrates my cPanel and modifies files and code on my site.
Probably have to deal with XSS injections / WSO or c99 scripts, etc.
I have a log report from hosting service provider.
It goes like this:
.....frontend/paper_lantern/filemanager/[login to view URL]" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.59 Safari/537.36" "s" "-" 2083
(I replaced account name and site name with generic ones)
My cPanel password is very strong (100%) and I've changed it a few times.
It already happened 3 times and each time the system suspends my account automatically for a number of hours, before it's restored by the support staff.
I suspect that the attack is done by a former developer who I know was a hacker and we didn't part on exactly friendly terms. He knows the structure of my site and I have a static IP which he also knows.
And, very interesting, the host log says that the penetration was done from my own public IP!
I need you to provide detailed explanations about how to exactly protect my site from further similar hacking, penetrations, injections, etc.
Please bid only if you have experience and know exactly how this can be solved.
Automatic bids will be ignored.