A couple of sites I host on a Snow Leopard Server got hacked and they replaced the index page with one of their own. I cleaned it up and the came back and left a page that said something like, "Fatal Error ownz you !" I had left an open vnc connection to the machine over the internet and I suspect this is the means they used to gain access to the machine. I replaced the damaged files and shut off remote management and control. Anyone have experience with this? Anything else I should do? Running a Clamav scan right now on the whole machine to see if they left anything behind. No real damage, but it's a pain in the butt. Any help is welcome.