Hi Matrixx.
This is a complicated issue. When you first go into hosting you tend to think all you need is a nice server, install some nice software and then get on with it.
If you are lucky, like me, you will learn enough to keep things secure (or as secure as possible given then your customers are likely to put all sorts of insecure rubbish on your server) before any major problems happen.
If you are unlucky the problems happen before you have a chance to learn. A lot of people say "you should not be into hosting unless you have the knowledge to do it properly and securely" but I disagree. It really depends on the service you are offering your customers, and what your plans are etc etc etc.
But whether you are an expert or a novice you might still find yourself in trouble. And in this situation the best option would be to call in more expert help.
There are a number of people on this forum who might be able to help you for a reasonable fee.
Two organisations that spring to mind are the Prometheus Group (Scott Shinn [aka Atomitrocketturtle] and Mike Shinn) and 4psa.
I have no idea if either of them will be willing or able to help you in this particular situation, but it would be worth contacting them.
www.4psa.com
www.prometheus-group.com
I would also hope that someone on the forum might pipe in with some ideas, though if there has been serious infiltration on your server then the issue may be too complex to deal with on a forum.
Once you solve the problem I would strongly recommend you look into installing the grsec kernel patch and mod_security, two very simple and very effective barriers against many types of attack.
You'll find loads and loads of info on both of these both here in this forum and at
www.atomicrocketturtle.com and
www.gotroot.com
There are also many posts on better securing your server here in the forums.
I know this isn't an answer to your priblem right now but I hope it is a start.
Faris.
Facebook
Twitter
