Secure Compromised Linode cPanel Server

My Linode VPS is running a standard Linux stack managed through cPanel and hosts three virtual domains. The machine has been flagged for sending outbound DDoS traffic, and I have already noticed abnormally high resource usage before the abuse reports began. The immediate job is to trace exactly how the attackers gained access, eliminate any malicious code or processes, and close every door they used. Once the environment is clean, the system must be hardened so the same vector—or any obvious variant—cannot be exploited again. Key results I expect: • A written root-cause report that shows the entry point, timeline, and components affected. • Full cleanup: removal of backdoors, rogue cron jobs, unfamiliar binaries, suspicious users, or altered configurations. • OS and package updates applied, cPanel patched, and any vulnerable plugins or themes replaced. • Security hardening: firewall rules, SSH hardening, cPHulk/Fail2Ban or equivalent, malware/IDS setup, and outbound traffic limits tuned. • Verification that the server is no longer participating in DDoS traffic and that all three domains operate normally afterward. • A brief checklist of preventive measures I can follow for ongoing upkeep. Root access and current logs are ready to share as soon as we start.

Project ID: 40412875