Someone exploited my dedicated server. He made few syomlinks to essential files under the root. I have removed those symlinks.
Can you guys show me how to search for symlinks inside all public_html of all accounts.
In addition, what should I do to improve security of my server. someone told me that there are out of the box default config that are security unsafe; how can I remove these config and secure the server.
If the attacker gained root you're better off deploying a new server and hiring a server management company to keep things secure. Security is not a one time thing, it's an ever changing process that constantly has to be worked on. Also, once a server has been rooted it should never be trusted again, despite any reassurances from various root kit checkers, etc. Play it safe, start off fresh.