Increase security to prevent hacking?

[Motamedi]

hello

Unfortunately, all I cPanel servers Was hacked by a hacker

/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow

by shell , change the root user and the server hacked
what to do to hackers
cPanel servers can not hack it?
how is the performance of the server to be loose?

im disable this functions

ir_a_bajo,disk_free_space,disk_total_space,php_uname,symlink,shell_exec,exec,proc_close,proc_open,popen,pclose,system,dl,passthru,escapeshellarg,escapeshellcmd,readfile,posix_access,posix_ctermid,posix_errno,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_initgroups,posix_isatty,posix_kill,posix_mkfifo,posix_mknod,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname

but you can not be with the front shell

please help me for increase security and prevent hacking

thanks

 

[cPanelMichael]

Hello,

It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your server or websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked:

Log Files To Check After Account Hacked

As far as security going forward after you have reinstalled the OS and cPanel and restored the accounts, the following document is a good place to start:

Security - cPanel Knowledge Base - cPanel Documentation

Thank you.