I was able to get my server provider to look into this a little. They said my sever wasn't rooted. They said they exploited Vwar which is a php "program" used for a forum/calendar/uploading thingy.

What I mean by them trying to steal relates to those phishing emails that talk about your ebay account and the need to update you personal information. Well your directed to a fake website to enter that stuff and that website was on MY SERVER . So if someone thought that it was a real ebay email and they clicked on the link, that link went to my server were it looked like you were on ebay, and then it would have used my sever to send the stolen information to the hackers email/server. I have a link to their sever that has the ebay scam scripts on it. They use this other sever as a file server and use it to store their hacks that they download onto exploited servers.

I didn't wipe out anything except the vwar directory that had these fake websites in it. I had to get rid of that stuff before someone actually tried to enter information. I was sent an email from my sever company ( which was notified by ebay) to remove the offending pages and something about the FBI investigating me for fraud, yet nothing about helping me (also a victim)