If you don't know much about server security I would strongly suggest hiring someone to secure your server for you. They will be able to configure it in such a way where you get instant e-mail notifications when someone uploads files, server load gets high and much more.
I'm curious how do you know the sites have been hacked the same way?
We develop brand identity for the web.
- - - - - - - - - - - - - - - - Services ~ Custom Web Design, Branding & Identity, Development, Hosting & more! Portfolio ~ Websites, User Interfaces, Widgets & more!
You should see if your hosting provider provides technical support and can assist in the hardening of the servers ports/security. There are a number of things you can implement on your solution to help protect against hacks such as a hardware firewall, and port monitoring.
Miguel Villegas, VP Sales & New Business Development CloudMega.net
CloudMega, Inc. US | CloudMega, Ltd UK
US Toll Free: 888.401.2006 | Intl +1 312.757.5400
UK Toll Free: 0800.368.9925 | Intl +44 20.3540.7807
Theres no one simple solution to those problems and there's likely other problems that may need to be checked for now too. As some others have suggested you should either outsource this to a support company that can help you or ask your service provider for help, even if theres a fee involved it would be well worth it.
Greg Landis | Founder Jaguarpc - Keeping websites happy since 1998 Managed IT Solutions - Business hosting | Virtual Private Servers | Cloud VPS Hosting | Dedicated servers | Backup service
Follow us @ Facebook.com/Jaguarpc | Twitter: @JaguarPC | (888)-338-5261 | sales @ jaguarpc.com
I would recommend you to hire a security expert that can go through your server, hardening it. Believe me it isn't a waste of money! Security isn't something you learn just by reading a couple of articles about it on the internet, it takes time and if you won't take the time to learn it, hire someone that does it for you.
There are several methods an attacker can gain access to your server. It does not have to be from ssh, it can be from something as simple as a vulnerable php script. You need to have your entire server audited for security, this includes the server software such as your linux kernel. If someone exploits a vulnerable php script then they can then execute a kernel exploit on a vulnerable kernel and get root access WITHOUT USING SSH.