My cpanel is hacked too. They add a new user registraton as an administer, so I had to go into cpanel and MYPHP to change the database file “users”.
My question is…are they getting in through hostgator’s cpanel? Through a vulnerability or is someone with hostgator doing some hacking on the side? My suspicion has increased as the last 2 hacks have come after live chats with hostgator techs. I am not accusing anyone. Just saying the facts. After these chats and the hack, I get 2 emails offering website hack repair service. When I ask for a phone number I get no response.
Is there a way to determine how they get into the cpanel? Can they get in through WordPress somehow? Through the dashboard/admin area? Seems to me it has to be through hostgator/cpanel????