Hello,

There is a new way of compromising accounts hosted on cPanel servers. Even if your account has all scripts updated to latest version it may be hacked in the following way. If an account on the server is compromised because of a weak password or out of date scripts it can be used to create symlinks to configuration files which contain passwords e.g. your mysql settings with mysql username and password.

To avoid that from happening you should change the permission settings of your configuration files to 600. That allows read and write access for the file owner. Many customers keep their configuration files with passwords chmod to 644 which allows read access for anyone and the hacker can read those files, read the passwords and compromise the accounts.

You can chmod your configuration files via your ftp client or via File manager in cPanel. Scripts installed via Softaculous will automatically have their configuration files chmod to 600 which is correct and secure.

Regards,

www.webzillatech.com