Especially cPanel users, but also ALL Linux machines including those who use only private keys for access. There is a bad SSHD RootKit exploit going around and its NASTY!
Read more about it here: https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
You can check if infected and see suggested hardening here: http://stacklinux.com/discussion/63/sshd-rootkit-fix-details-and-how-to-protect-your-server
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.