If you detect a break-in, document the time of the intrusion, all information from the log files, and any changes made to data.

Report the incident. There are several organizations that help victims with network intrusions, including

The affected host should be restored or completely rebuilt and all systems on the network should be examined to identify the hole that allowed the intrusion.