Check for Symlink Attack on Cpanel Server
Symlink Attack allow a hacker to hack one web site and gain access to another Apache Virtual Hosts in a cpanel server. Hacker will be able to get read access to files on other hosting accounts, with that, they can read web site config files, giving them MySQL or other login info stored in configuration files.
To check if your server have infected with symlink attack, run
find /home/*/public_html -type l > /root/smylinks.txt
Check the content of the file “/root/smylinks.txt”. if you see any site having too many symlinks to other sites, your server is infected with symlink attack.
To prevent this, you can install CloudLinux CageFS.