So somebody else has potentially had unrestricted access to your installation for 4 months or more??
Do you know what services have been running that might have been compromised in order for someone to gain access? This is the only thing worth knowing from your current situation so that the break-in might be prevented in the future. If you have physical control over the server, and the inclination, then you could boot up with a Live CD/DVD and try scanning for rootkits to see how bad things might be ( for example: http://www.rootkit.nl/projects/rootkit_hunter.html
- but I've never used this ).
Are any of the other logs being written to; like /var/log/messages? Can you write to any other file or create new files on the /var partition? Is /var mounted read-only? And you don't say what OS and version you're running...
wtmp is 0 bytes long so commands last, who and w etc. aren't likely to return anything useful.
Otherwise, if you are sure of security breach, you can't trust any commands on that system. Repairing it is going to be a waste of time with no guarantee of 100% success.