non-whitelisted players entered server and executed commands causing damage.

While working with the permissions plugin my server was attacked by an outside person. they gained access through the localhost 127.0.0.1 and kicked me out by impersonating my account. screen shots of the damage they caused: https://ibb.co/RTS5FFn

https://ibb.co/ys1p2pf

https://ibb.co/qFrCTc2

I have attached the logfile where the attack happened.

I am aware of the errors related to plugins I was removing those when I noticed I was kicked from the server.

Sir_Torn is my husband's account and mine is Lady_Unis. I have filled a support ticket with the server company and have been told there is nothing they can do about it. I was also told to file an issue with the game developers, because it was an issue with the games coding. I am not sure whom to be angry with as this issue has set me back a whole week of work hours I have put in to this network setup. I am glad I had a map backup for this server, but I don't feel like my work is safe, nor do I have any way to keep this from happening again. I am aware of how to setup servers and networks so please don't ask me the standard questions that go with this, such as "Was the server whitelisted?" yes you can see the proof in the log snippit. I still can't figure out how they got access to my husbands info as well as mine, there has to be some kind of foul play going on here. Any information as to how I can keep this from happening again would be greatly appreciated.