I have a problem, and i would like to ask you experienced guys how to deal with it.
One hosting account in my server got hacked because it was using a weak password, and somebody installed there a PHP script to fake a eBay webpage to steal eBay IDs.
I have the IP address from who got into this account, is an US from AOL, and i have also the email (its a Gmail) where the IDs are sent to.
What ca or should i do with this?
more than likely an outdated/vulnerable forum, cms, or similar was used by a malicious user to upload the php script. have your client upgrade any and all active scripts on their account and remove any that are no longer in use. letting scripts sit on your server for ages without updating them will only invite this behavior in the future.
if you offer fantastico or any other auto-install scripts make sure to educate your clients on the pitfalls of using these. I recommend clients to download the source from the creators directly and join their online community so they are kept aware of updates, patches, security info, and so on.
there are so many 0-day exploits and similar anymore it's getting harder and harder for these auto-install providers to keep up with new versions. by the time they release something and your server is updated with new source you could have a handful or more of exploited accounts, listed on various RBLs and/or a compromised server that needs to be reinstalled completely.
open-source is great since it's free of cost, however it's never free of responsibility. good luck!
Track the problem, inform any upstream provider or the party that was attacked / victimized. Keep a backup copy, preserving ownership and rights. Remove the site from air (take it offline) and let the client (or not) reinstall software.