My VPS was used for DDOS Attacks

I got an email from my hosting provider telling me that my VPS was used to perform DDOS attacks on this website: cpanel4.vhosting-it.com. Unfortunately I haven’t read their email sooner, so they suspended my account.

Here’s the log that they receive from the attacked website.

Before reactivating my VPS, I want to know how can I find the shell script used to perform the attack and how the attacker have gained access to my vps? how can I protect my VPS after reactivating it?

I’m using Ubuntu 18.04 + nginx + ISPConfig

Thanks