vps container

I have a VPS out there which over time has become a repetitive problem with hack / something getting into container / misuse thereafter.   Big picture unsure why.  Previously isolated post-event to PHP compromise.  Scrapped PHP and went different direction and months later, a second compromise...