Ok.. getting more interesting.
1. This is a long shot, but it could be you enable 'clear text' authentication? Someone could be sniffing your network for username and password.
2. Download and run rkhunter in your server to check for any breaking attempts/backdoors. |