I realize your server is just for fun, and nothing is installed on it, but giving anyone but the administrator (in this case, you) root access to your machine is just a generally bad idea, even if you KNOW them. Giving it to someone you DON'T KNOW is pretty ridiculous. Not to mention he's apparently from Ukraine, which is a hotbed for botnets and malware. I'm not saying he did anything, but if he wanted to, you wouldn't be able to find out much. It's quite easy to turn off command logging for a time (like when first logging in), and just as easy to turn it back on later.
Here are a couple of links for interesting discussion about the history command:
Some steps I might take just to investigate would be:
-Checking the history of root.
-Checking the history of whatever username you gave him, if possible.
-Checking system and network logs to see if there is any especially unusual system activity or traffic, such as a dramatic increase in system resource use, more than normal network traffic, strange domain names or addresses, processes running that shouldn't be, etc.
-Installing a rootkit detector/anti-malware/etc.
I wouldn't deign to dictate your user policy, but here are a few generally good ideas:
-Allow only enough access to users to let them get their job done. Anything else is another avenue for potential attack.
-Don't give users root access. Just--don't.
-Make sure your firewalls, etc. are properly set up and configured. Don't make them optional.
-Disallow root login over ssh, or even disallow ANY login over ssh, if it's not something you need.
Okay, so I realize I probably blew this WAY out of proportion, and it's likely nothing bad happened, but I have a bad habit of paranoia about such things. It gets me into trouble sometimes.