I hope you'll never need it, but here's a short and precise article on what to do if you discover your server's been hacked.
See if there is something you have forgotten to do
Every sysadmin will try its best to secure the system/s he is managing. Hopefully you never had to restore your own system from a compromise and you will not have to do this in the future. Working on several projects to restore a compromised Linux system for various clients, I have developed a set of rules that others might find useful in similar situations.