Thread: cpanel hacked ??

I operate a website that uses an offline credit card payment facility, hosted by Vodahost, with the site operating via Soholaunch software.
A key module in my shopping cart programme has been repeatedly hacked with an email sub programme - despite changing my cPanel password several times. The hacker could only have done this by gaining access to my FTP (I have Bluevoda and cPanel - same UN and PW).
I have scanned my PC for malware - all clean.
How is my passward being hacked on such a regular basis. I select my passwords with random letters, numbers and other non-alphanumeric characters.
Is sql injection at play here ?
Would appreciate comments from an official source as I am beginning to doubt the security of Vodahosts FTP system.
Regards
AndyP

SQL Injection has been going on all over.. first.. disable all email a friend, etc etc in soho. Change the password, then take it out of soho and only put it in the ftp area when you need to update.

Put in a support ticket.

Karen

Thank you for the reply Karen.
1) My FTP password is not stored in the soho admin programme (an old one was logged there but since deleted.)
2)email_friend/write review features long since disabled in my shopping pages.
3) I'm very concerned, as to alter the code on a module itself, you need access to it via BlueVoda or cPanel, and hence the password for these areas. My password is changed quite regularly, and I thought even a brute attack on it would result in a lockout so to speak.
I'll submit a ticket and see what response I get.
Regards
AndyP