Project Description
My cPanel/WHM server has been breached: the attacker reset the root password and every hosted site, mailbox, and database is now offline. I currently have zero access to WHM, SSH, or any other administrative tool, and—unfortunately—there are no usable backups.
Scope of the incident
• The machine was running Web hosting, Email hosting, and Database management services under cPanel/WHM.
• Root credentials have been altered; all accounts are unreachable.
• Provider-side rescue/KVM access can be arranged if that helps you regain control.
What I need done
1. Regain root-level access.
2. Identify and neutralise the point of entry or malware.
3. Restore Apache/Nginx, Exim, and MySQL/MariaDB services so sites, mail and databases function again.
4. Patch and harden the server (CSF, ModSecurity, SSH, etc.) to prevent repeat compromise.
5. Configure an automated off-site backup strategy so I’m never left without a restore point again.
Acceptance criteria
– Verified root login restored to me alone.
– Websites load correctly, email sends/receives, databases are functional.
– A brief incident report outlining what was found and fixed.
– Scheduled backups running and tested.
Let me know the methodology you plan to follow, the approximate timeline for each step, and any information you need from my hosting provider so we can start the recovery immediately.