Maybe. The first thing you can do is change the SSH port and restrict access to SSH login for all users on the system to trusted IP addresses. Change the passwords for absolutely all users. This does not solve the problem since CWP is compromised and requests can be executed as root from there, but somehow it ensures that the server is not used for botnets - DDoS, email spam, etc. As I said, the infection through CWP was long ago. Personally, I think one of my servers was infected minutes before 03.09.2021, 03:46:34, because the logs before that are missing, and it has been online since 2020. I also restored backups and the infection existed 2-3 years ago. Even if the server is cleaned, as long as the vulnerability in CWP exists, it is still under threat. Personally, I will wait for the CWP bug to be fixed and then reinstall the server with the new CWP panel.