Attempted hacking to site?
Posted on 2013-06-18
Yesterday our zen cart site crashed due to lack of RAM. We have never had this problem before (years) and upon looking at the stats there were the usually number of visitors and page views.
Concerned we did a little digging and emailed our host to tell them that we saw these urls accessed on our server for example:
They said those attempts happen all the time.
I asked them if they could see if there was a script that was running yesterday that was hogging the memory. They said it was too late to check.
Also, last night we had 11 failed attempts to an email log-in, but strangely the IP Address was from the owners one man office. I explained that to our host provider who said "It happened in the middle of the night for whatever reason, but unless someone was accessing that office in the middle of the night without your knowledge, or a hacker got into the office computer and tried to brute force the password, which is usually saved in your email client anyways, it was just a simple mistake, or a misconfigured device."
They seem to be unphased by all of this. I don't know what to do at this point. We are too nervous about it to let it go. What steps should I take now? What should I be looking for?
We have a managed VPS. I have access to the CPanel and can get access to the WHM.