Our VPS running CentOS 6.6 with centmin .07 appears to have been hacked. We're running the latest versions of Xenforo and Wordpress, each installed in its own directory under webroot. The hacker redirected our homepage to a different URL, a defaced page, and posted a dump of our forum database on another site. We found a number of downloaded gzip files pertaining to the phpjackal shell script in our webroot. According to the documentation for phpjackal, it includes a mysql dump function. We've never experienced anything quite like this before, and aren't sure where to proceed from here. We've done the obvious things: changed all our passwords and tried to limit access to the server based on IP, but are unsure of whether we've shut out the hacker, or how to find/verify that anything he was able to install has been removed. Any/all help or suggestions would be appreciated.