Sujata, Did you change the root password? Change the root password from some 100% clean machine. (you can boot from some Linux Live CD for example) Then change the passwords of the rest users. Never login to your server using a root account. Use sudo instead. With the dedicated server, you have access to all logs. So analyze them and try to identify the breach (use the modification time and check any logged activities around this time). Then you should consider using a tool like Tripwire (it's a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.) Here is an article about installing and configuring Tripwire. There are some other similar tools (don't remember their names now)