Your vote on this answer has already been received
You've already been rooted (meaning someone gained root access to your system) then you got to burn the system. Set up a new server, migrate your data and kill the old. Once you've been compromised you can't trust anything on the system anymore. Hackers will replace common utilities, like 'cd' and 'ls' with trojaned versions - there's just no way of knowing how many backdoors they've created.
Some general guidlines:
- run only the software you need and lock down everything else.
- keep up with security patches on the OS and the software you do run.
- never send your admin or root password in the clear. Use SSH, SFTP, and HTTPS if you have a web-based control panel or even phpmyAdmin, etc.
- have a solid backup and recovery plan.
You really might benefit from getting a security guru to help you lock it down. Good luck