My server is used for DDoS attacks

view full story

http://serverfault.com – I have webserver (centos + cpanel), and one of the clients used my server for DDoS-ing, how can I identify that client/user? What logs should I look to, is there any settings I can modify so such things can't happen again in future. Thanks (HowTos)