My server had recently been hacked and the root password changed. I was able to recover the server and change the password, however it seems the offender has been spamming since the server has been recovered. Offender was also able to create a PayPal pfishing site in a website sub-diractory (since removed). Also, this is the second time the server has been compromised and after the first breach I modified the hosts.deny to exclude sshd access to only two ip addresses. However, the hack was able to change root once again. I'm not a UNIX guru and could use some suggestions on how to clean and secure from future negative events.