It's possible that we didn't close all the holes we thought we had - the outbound traffic's gone through the roof again. So we're taking the machine down for a little bit while we do some more fixing. Won't be for long, promise.
UPDATE 2pm: Butter is now reconnected - mail and SSH services are back, web service is down for the moment until some essential upgrades are completed.
UPDATE 7pm: Web service is taking rather longer to fix than we'd hoped - sorry about this. We're still working on it, and hope to have it back soon as possible.
UPDATE 1am: Thanks to Richard's efforts, the web server is back up. FTP is still unavailable but should be back shortly - in the meantime, anyone desperately needing to transfer files on/off the box should use SCP (it's more secure than FTP, so preferable). Many thanks also go to Brad for fixing most of the rest of the problems today.
... it turns out that the early reports were wrong. All wrong.
While Butter did have some malware running on it as a result of a PHP injection attack, root access was not gained, as far as we can tell. Thanks from some sterling work from Bradley and Richard (and handy use of the serial cable to Cheese), Butter was back on the net before 5pm on Friday, so we had about four hours of downtime. Not great, but certainly a lot better than we expected.
As a result, we've tweaked PHP's running config slightly. If it breaks any of your scripts, we're sorry; however, those scripts are probably too insecure to be running in their current state. Let us know if it's something important and we'll see what we can do to help.
Yep, we've been rooted again. Hackers somehow managed to take control of Butter and started using it for nefarious purposes; as a result we've had to take the box offline, so all mailboxes and websites (apart from limmud.org) are down at the moment.
More info and downtime estimates as we get them.