server hacked help!!!!!!

i have a cpanel server
WHM 6.4.2
Cpanel 6.4.2-S75
RedHat 8.0


today i got this messages from cpane
l

[hackcheck] net-tools failed checksum test
[hackcheck] findutils failed checksum test
[hackcheck] fileutils failed checksum test
[hkcheck] honey has a uid 0 account
[hackcheck] halt has a uid 0 account

the sshd was stopped ....


when i do some checks i found that some one was running a phpshell script on the server and its run alot of command including a read /etc/passwd/ and he upload a c file and compile it there and then run it........

he didnt login to ssh but he add a user to the root group ....


soo how the system can give him this abbilty ......

is it a solution to make php safe mode on......



any one have idea about what to do ?????

 

 

 

 

Top