“If you are running any SSH server open to the Internet, and your usernames and passwords aren’t at least 8 characters or so, your box is either owned by now, or about to be.”
A good reason to make regular off-line backups…
No matter how much a hacker destroys a server, with off line backups (eg on a disk) You can get the server back and running in a few day with “almost” no data losses… 
- regarding this even if I skipped all the technicallities (I guess this is some sort of flaw recently found…)
I believe anyone running a server with a pass that got less then 8 letters are probably targets to dictionary and brute-force attacks anyway and should really look over their choice of pass… xD