We don't answer questions via PM, because no one else learns or can contribute that way
"I have deleted all files of htdocs folder, (i knw this is maybe bullshit)
and i put my site files to "htdocs" folder, now i cant login to xampp control panel. just need only to host my files. ( i dont need sql too)
am i protected now?'
There is no way to sum up how to secure a Linux server, as I have no idea how it was set up in the first place. XAMPP is not intended for production use and they tell you that in the FAQ. How exactly did you try to harden LAMPP?
Well did you find what files were taking up all your disk space? What were they and where were they located?
Besides - It does not have to be XAMPP that could be hacked anyway, how about SSH or FTP? Weak or hacked passwords for instance, particularly on 'root' or 'lampp'
Do you have a Control Panel? If so, you should look in there...
Otherwise you should look at the access log, and see what methods are in use.
Good Luck