well HOW are they logging in over the internet?? some useful information really wouldn't go amiss... are they using.. ssh, telnet, telnet-ssl, ftp, smb...?
since thymox mentioned ssh, you can restrict ssh logins with a line like
in sshd_config, or maybe a broader restriction in /etc/security/access.conf:
-:that_user:ALL EXCEPT LOCAL