10:34 AM - just journal down time
The site was down due to a hack on another site hosted on the server. As a precaution, I brought the system down and did a fresh os install. The attacker was not very careful and left a great deal of log evidence. I do not believe any information was taken. User passwords are never stored in clear text, only hashed. If you are concerned, change your password.
For those interested, the attacker gained access as the webserver user (not root) via a cgi program. I have deleted the program.