Site files missing

[kastech]

I went to log into the ftp account for my account, and all the files were missing except a single folder which was empty. If not for the secure password I use for my account, I would suspect it was a hacker. The strangest part is that my databases are still intact.

Any ideas on what could have happened?

 

[caftpx10]

Files that are 10MB or above in size would automatically be removed a few hours after it's stored on a free hosting account.

 

[kastech]

The thing is I've had my site here for years, and then all of my site's source code and folders are missing in a matter of 24 hours? I literally had just tweaked some of the source code yesterday, and everything was as it should be.

If x10 can't give me a valid reason, maybe I should switch to a host who wouldn't let this sort of thing happen.

 

[lylex10h]

I would recommend checking your FTP logs. See the FTP Accounts section of cPanel. With plain FTP, there is no such thing as a secure password as it's all sent in plain text over the interwebz.

 

[kastech]

I would recommend checking your FTP logs. See the FTP Accounts section of cPanel. With plain FTP, there is no such thing as a secure password as it's all sent in plain text over the interwebz.

1) I checked, and all it did was confirm that whatever happened was within the last 24 hours. It did not show anything suspicious in the log.
2) There is such a thing as a secure password. I would know since I’m a programmer. And with the marvel of password managers, users can make strong passwords that are 99% unlikely to be guessed, and are in that regard secure.


Now that I have a backup of all my files, thanks to the R1Soft Backup tool in CPanel, I can confirm I have no files over 10mb. Although, since the plan boasts having unlimited storage, wtf would x10 care about individual file sizes? Looks like I may be in the market for a new web host if no one can give a legitimate answer to how this happened.

 

[Livewire]

I did try to go through the logs to identify the reason the files were cleared, but unfortunately I'm not seeing any major deletes or anything that would have explained it. I was able to see someone modifying FTP accounts on 7/28, but that was all. I will freely admit that for this type of issue I'm no expert at log searching (my searches generally are just done to confirm the actions a user claims weren't performed by them actually were, such as uploading phishing pages or warez) so I may be missing something, but I don't see anything that would confirm or deny if it was a compromised password.

One thing that could potentially have caused it however is if a script on the account was compromised, and was able to run arbitrary code. If files were deleted via PHP commands, it wouldn't show up in the logs. I will admit it'd be an unusual compromise in that it wasn't used for something else, like sending spam or running unauthorized shells with malicious intent, but it is one I've seen in the past with a different service provider. Again, not a guarantee, just a possibility.