Sep 14 15:16:51 DHP01103 kernel: mIRKfORCE-glibc uses obsolete (PF_INET,SOCK_PACKET)
Sep 14 15:16:51 DHP01103 kernel: device eth0 entered promiscuous mode
Sep 14 15:18:50 DHP01103 kernel: device eth0 left promiscuous mode
Sep 14 15:19:31 DHP01103 kernel: device eth0 entered promiscuous mode
-- That doesn't look good... Any ideas???

the guys hosting your site should have acted quicker...i'd notify them that anyone logging into anywhere in that network segment between now and the time stated above needs to change their password asap - they could have been broadcast to any number of irc boards, or just to a single irc server operated or used by the attacker.

And this:
Sep 14 14:16:30 DHP01103 portsentry[601]: attackalert: Connect from host: 211.121.xxx.xxx/211.121.xxx.xxx to TCP port: 111
Sep 14 14:16:30 DHP01103 portsentry[601]: attackalert: Ignoring TCP response per configuration file setting.
-- That certainly doesn't look good... Dunno why the config file says to just ignore... Any ideas???
could have been an rpc exploit.

but if the timestamps for the ssl attack are between the promiscous and the above, then that is likely the problem. ssl flaws have been publicized greatly over the last few weeks - so it's a hotspot.