Need help, my cyberpanel server was hacked by heysrv.php

My server was hacked, I got mail with empty subject and sender with php code.
Every folder on server have heysrv.php.
Server work ok, joomla sites administrator have error Function name must be a string.
Any idea?

**** edit
$ find . -type f -name heysrv.php -exec rm {} ;
delete all files name heysrv.php
Change root pwd and cyberpanel pwd.
Still not know how is server hacked…

Were the files owner root or a specific user of a website you have?

It is only one user on all websites. If you ask this. CP pass was same as root pass… Now it is not anymore.