What does the site show?, is all sites having the same software etc?, or do you suspect a root level hack?.
Kevin Cheri : Senior Server Administrator / Freelancer : 9+ years Exp, reach me out for any help Server Optimization Expert / Mysql Guru / Migration Specialist
Skype : lynxmaestro
Gmail : [email protected]
It's incredibly difficult (nearing impossible) to ensure a secure system after experiencing a compromise like this. Reload your OS, install & tweak cPanel - don't assume that default settings are 100% safe -- harden the system. Import your clients' backups and restore away. I'd also suggest some sort of server management option going forward.
Check for the logs and trace the cause for the attack. Harden your server with multiple layers of security.
WEBUZO - Single User Control Panel for your VPS/Cloud/Server (CentOS/Ubuntu)
Install NGINX, Apache, MySQL, LAMP, LEMP, PHP, Java and 310+ popular scripts by a CLICK
Email Server, Database Management, Domain Management, FTP Management, CSF, CRON