>Jul 1 15:41:24 paranux2 sshd[22177]: Accepted password
>for ROOT from 61.11.13.154 port 62560
61.11.13.154 sounds like it might be from Dishnet DSL IP block... this
means the actual user will be NATted from behind this IP.
Anyhow if you've only been logging in with SSH your root password was
never sent unencrypted. Hence its pretty unlikely that anyone could
have gotten your password in just two tries! A cracker clever enough
to launch a man-in-the-middle attack or something would also know
enough to erase the logs and cover his/her tracks!
I think it may be a false alarm. Just check if the admin (or you!)
logged in from a cable connection somewhere!