Server Hacked - replaced OS

[Sebrof]

My server at knownhost was just hacked - Instead of one or more sites getting hacked, they actually installed a new installation of Ubuntu on the server. This essentially erased all content from the server including all web sites, ftp, email, cpanel accts, etc.

The WHM and cpanel passwords were heavily encripted - passwords something like "lzCZCv(lZ5gBtjw2iAuAOh0q"

What access would they have needed to completely wipe a server and then install a new OS ? My OS "was" centos" before it was wiped and replaced with Ubuntu
I don't think it could have been done thru any of the websites on that server, and I don't think a new OS can be installed via cpanel. Am I wrong?

I am thinking that it had to come via WHM or SSH. Your thoughts?

 

[Tuton]

He must have root ssh access to that site

 

[guguk]

The WHM and cpanel passwords were heavily encripted - passwords something like "lzCZCv(lZ5gBtjw2iAuAOh0q"

What access would they have needed to completely wipe a server and then install a new OS ? My OS "was" centos" before it was wiped and replaced with Ubuntu

I am thinking that it had to come via WHM or SSH. Your thoughts?

In the light of your information someone has root (SSH) access to your server, so you need to check double-triple your laptop or whicever you connecting to server. If you were connected before common place or with common network connection (such as starbucks etc) so it might be happen.

I strongly suggest to contact with your hosting provider to check your environment (logs etc) and change root password.