Thanks for all your suggestions. I'll be trying them out over the weekend. At first glance, it doesn't appear that they gained root access. Is there any sense in reporting this? I have the IP addresses from which they logged in. Alfred