There is no way this root password could of been cracked by brute force. I don't think I ever used a password based off of a dictionary word. If you would look at the logs I posted, you would see that the cracker didn't enter the correct root password. The only way they could of got the root pass from the database is if they alrealdy had access to root or the mysql user to copy the database off of the server. Even with the md5 passwords, no brute force would crack it. I posted the md5 encrypted password earlier if you would like to attempt to crack it. Anyway, dolda after doing some research, default cipher for ssh1 is 3des and default for ssh2 is aes128.
DEBUG OUTPUT FROM SSH:
debug1: kex: client->server aes128-cbc hmac-md5 none
There you see. Well, it's good to know, thanks!
OK....im just brainstorming here!.... If you find out something more, let us know..