Yes. I did
They (he) log in to my server from:
user-12hdje2.cable.mindspring.com (but it could be fake)
reboot server and change my root password - so now I can't even login to root account and trace them and search for rootkit or sth... Server stay in Datacenter...
I have shell access but only for normal user...
"last" command display:
root pts/0 user-12hdje2.cab Fri Apr 21 03:08 - 03:08 (00:00)
root pts/0 220.127.116.11 Fri Apr 21 03:05 - 03:05 (00:00)
reboot system boot 2.6.8-3-686 Fri Apr 21 02:44 (14:46)
I can't figure out how they do that... I'm preaty sure I don't have any keylogger on my PC so I don't know...