VPS Compromised

I think my VPS was compromised...for the second time

I am hoping someone here can give me some insight into better protecting myself. I am fairly new to the world of VPS and working my own server.

History: (please excuse my lengthy explanation)
A few months ago I changed to a new Apache VPS Host and diligently & painstakingly moved and reloaded all my domains, emails, etc. to their new home.

In the interim I was accessing the VPS / Plesk constantly, and required help from the hosts tech support for many problem issues.

During this and mind you, for only a short period of maybe 2 days I changed my password to a simple string of numbers to ease my logins and that of the hosts support people...which was a dumb move...OK I know.

At that time and as I was later to find out, there is a worm that checks exclusively for the simple password I used and that is how I expect the intruder was able to access my site.

The logs show that the intruder did not get far before doing something that caused the VPS to lock up. They did create a directory called "Zeg". Which was deleted by tech support during their investigation.

So the support people reloaded everything (which was mostly just system files) and I was back up and running with a new 9 byte password. All seemed well. Tech Support told me they didn't think a Trojan or Backdoor was any thing to be concerned about. There have been no problems since until last Friday night.

Tech support is now telling me "Plesk Uninstalled Itself Somehow". I do not think that is possible.

I have asked them to give me a new VPS with a new 14 byte password....and I will start over.

All my scripts are written in Perl.

My question is; other than protecting my password; what can I do to better monitor my site and protect it? I do not know if it is possible to have emails sent to me each time a login occures, something to monitor any unusual activity, etc.

I'm looking for any insights and helpful hints.

Thanks.

One password for all (a common failing)? Weak password? Do you have sniffers/malware on your pc? What OS is on the VPS? Unpatched RH9?

Yes its possible to have mail sent to you each time someone logs in but i believe you troubles lie in the above questions.

Thanks for the feedback. The issue was resolved several weeks ago.

For some reason PLESK does not like long passwords or passwords that contain specific alpha-numeric characters.

That un-documented issue coupled to a related encrypted password issue between PLESK and the SQL databse kept providing re-occuring problems at the time.

But things have been nice and quiet lately.

Thanks.