well
i agree with post2 above.
but i think you can fix this up again.
Before anything you need to check for rootkits and trojans on your box. Use rkhunter for that.
If damage is not much then try installing a port scanner on your box and a notifier also.
Copy the default config file for syslogd in your box (you can get it from net or some one else box)
change sshd port , root pass, disable root login, change pass for all users on your box.
if the damage is big its better to go off network and take a backup of your work and do a fresh install.
But before that make a log of all the files (can be just a find and grep) that were added or modified after the time the attack occured (or after the time you noticed the attack) and analyse the log for the users who modified these.
Its better to learn from this than to just run away from it......