Update to the Issue.
I was able to access my home directory, and mysql database files. I had to first, dump databaseses, then used SCP, copy database
(.sql ) files from the server to my local machine ( in this case my physical MAC ).
The server will be destroyed.
After much observation, i realized, that the attacker from China had a way he got through via Cyberpanel on Centos 7.
PS**. DO NOT use Cyberpanel on CentOs 7, you should use Cyberpanel on other OS, Ubuntu is preferable.
Issue solved !