I thought I had it set up pretty tight, took an IPTABLES script from gfolkert, turned off FTP and TELNET, moved ssh to a high-numbered port.
Still, the passwd file was dated July 12th, and I was building and installing apache2 about that time. So it is possible I changed the root pw and forgot. I tried all the common variants I use and none worked.
Also, I have a co-worker at work who "hacks for fun". If you tell him to break into your box, he will. Then he gives you a list of things to fix. I did about 1/2 the list, so I need to go back to him and find out about things like chroot (which I didn't do) and others. It is possible, he set his little cracker software out against my box. He doesn't attack people maliciously, he says, and he usually tells you when he does something.
Glen Austin