WHM/cPanel root access alert from unknown IP.. Now what?

[ramystyle1]

Hi,

Last night, I got an email alert saying that someone logged in to root from an IP in the Netherland (I'm in Canada). Two mins later, I get another alert email saying someone logged in as root from USA.

I was lucky enough I was infront of my PC. I quickly logged in, blocked both IPs and changed my password.

I am baffled as to how the 2 ips were able to login as root in whm.. We keep our password very secure and it's a very hard to guess password (It's a 10 characters, alpha numeric, case sensitive password!!).

Is there anyway to trace those to logins ? How they got in?

Thanks.

[sawbuck]

Depending on what OS you're on, /var/log/secure might yield some additional information.