My server's been hacked

That's a remarkable piece of advice for a very vague question. Though, unlikely to help the OP.

"Carefully explaining your problem is half of the solution."

I basically agree with all the advice given, but the easy-fix-guy in me realizes that it's most likely just replacing a weak password and deleting an easily found botnetscript, and he'll can have the box up and running again.<p>I guess that's the difference between fixing my private boxes with no sensitive informastion and fixing this guy's 600-site serving box:)

just a question from someone who probably also would've asked this "incomplete" question (e.g. my server's been hacked what do i do): what kind of other information should be provided? sys logs apache logs ?

Amazing answer this question has spawned. I particulary like this statement, it somehow puts things into perspective:<p>"First: understand that the disaster has already happened. This is not the time for denial; it is the time to accept what has happened, to be realistic about it, and to take steps to manage the consequences of the impact."

600 sites on a single non-redundant box? Ouch.

For every person in this guy's situation, I wonder how many others have hacked servers and are totally unaware?