Am quite new i-mscp user, and in the last days a hack attack was performed successfully against my site. First of all I want to tell you, hat it must be probably my problem it could have happened, but following happened somehow:
(All the information I can give about the enviroment is in my profile! I read read the warning you wrote, but these are I could provide I didnt found any other if you helped me with this wihout deleting the post that would be great!)
Someone could somehow use the VU200X user to delete, modify and insert files.
I checked the ubuntu user settings. and noone was logged in with this user via ssh, so it must be, that somehow they can maniulate it with http requests.
I dont know if it's important, but it's a drupal 7.2 application.
In most cases with the i-mscp settings I left everything on default.
How it could have happened? Moving to the newest vesrion could solve the problem?