[bigredseo]

Hey people, I haven't added to this thread in a while but I have been watching.

Like Emerson, CSF is enabled on our servers as a software level firewall. Quest has failed to contact us back regarding the IP number that was exploited, however we have had no further incidents from that IP.

We've also gone pretty much this entire week without any incidents and only ONE user that had a repeat incident (they failed to run any virus scanners etc and instead just changed their cPanel passwords).

To those that are suggesting checking files, contact your host. There's a reason that you pay your webhosting company each month for support. Any web hosting company SHOULD be assisting you with tracking down these incidents. If they are not, or they are dragging their feet, it's time to change hosts.

To the user with the dedicated server and wanting to know about changing WHM and cPanel securely. Contact your host - have them change it for you if you feel more comfortable. They should be able to provide this service to you.

There's been no further incidents that we have seen on our servers. We continue to run scans on our servers, but nothing is showing at all. It looks like this particular incident has passed (knock on wood).