Now that I am on the alert for the cracker, it’s becoming a search.
We changed our password at the Lunarpages.com support page. That doesn’t seem to have any effect upon CPanel or FTP. I’ve asked Lunarpages why that would be.
This morning, I checked the index.html page. It had been cracked again. I fixed it, then went looking in the logs. It got changed somewhere around 3:04 AM PST, and I fixed it at 4:16 AM PST. I haven’t found anything that looks funky in the HTML logs, which leaves the interfaces through Lunarpages. I have another ticket in to them to see about getting some assistance in nailing this guy. I’ve looked through CPanel and don’t see any option to get an FTP access log, which would be ever so handy at this point.
If anyone has prior experience with locking down a shared hosting account at Lunarpages, please drop me a line.