what kind of os you running? make sure when you backup you dont update some backdoor with it or some infected file b/c after a break-in nothing in the system can be trusted so be careful where you tread, also review the logs if its *nix, and get one of those forensic anazlyzers, its meant for something in your position, just google it, there are plenty of free ones out there, updates, security and watchful eye are all needed, watch the logs for something that may be devolping again, get some more security, ids (snort), and do some pen tests from home such as after your done locking down the server scan it (nmap, gfi lan guard)