We are hosting our web-site at the cheap and by now very stable provider Global Interactive.
They are running the environment on Linux. Unfortunately there came up a "root exploit" a few days ago and one of their servers - the one we are "sitting on" - got hit from crazy crackers.
So they had to reload the whole server and used this to exchange it as well. I talked to them and I'm convinced, that this was a very rarely exception of the rule ...