Some cavity hacked my VPS last night.

[timestandstill]

I woke up this morning to find my VPS completely hosed. All my domains go to cPanel's default page.

I won't bore you with the emotional breakdown I'm currently experiencing (note to self: onsite backups aren't good enough), but I want a freakin IP address. I'm pretty sure someone took advantage of SSH and did something (I offer web hosting via post-to-host), which log file am I looking for?

Thank you.

EDIT: Thank you, auto-censor system.

Lol, cavity.

EDIT: Maybe it wasn't hacked? What would cause cPanel to completely reset itself? I'm quite pissed right now and can't think straight.

[Omniscient]

View server logs asap. I'd actually make a complete backup of all logs and all existing files for local review. There should be login logs and I assume cpanel has logs too. I've never run a cpanel server so not sure what it does in the backend but normal linux runs logs for lots of stuff.

[timestandstill]

Thank you, Omniscient. I think I've got an IP, but I can't figure out which commands were run from said IP, so weather they had malicious intentions has yet to be discovered. I'll keep digging.

Been a stressful week for me, this only adds to it.

[Eve]

Sorry to hear about this. I would personally find it difficult to understand what is happening.

Post back on developments, it will help you to vent and clear your head as well. Good luck.

[Extasey]

Hopefully they weren't to smart and didn't use a proxy!
Hope it works out for you, that would suck.