My website was recently hacked, and I believe I may be able to track this easily. I have a shared hosting plan (so no VPS, just cpanel). The hacker added an index.html file and deleted my redirect. I think I should be able to somehow find the IP address that created that index.html file. Am I correct? I really need to figure out who is doing this...then figuring out HOW. Thanks!!
Your host should be able to give you the information. They should have a log file which logs the time and IP of every connection. Just ask them who connected at the time the index.html was created.
Well in all likelihood the IP you find will likely not be the IP of the actual attacker, and if you want to get it then your host will need to act fairly fast, since those kinds of logs can go very quickly if they are not archived/rotated. Submit a ticket with your host and they should be able to help out.