It's never impossible that someone else has access to your linode.

For crons run

crontab -l

as root also check all files in the /etc/cron.* folders.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

What does @reboot mean on my crontab?

Anyway, to keep myself at ease.. How can I change my linode's password? Meaning the machine itself.

@reboot means it runs when your server boots.

To change your root password when logged in as root run

passwd

however if someone else already has root access then changing your password won't help since there's other ways they can get in.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Is there any IP log to check if someone's accessing?

Yes and no, logins are logged in /var/log/auth.log (assuming your distribution logs them there it might not) you can also check /var/log/syslog

However anyone with root access can edit these logs.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Oh and btw, what do you mean they can still access it even if I changed the password?

Say someone created a ssh key for the root user they could bypass the password, there's loads of other ways too. Basically if someone gets root access you're stuffed.

That's why you need to go find out if it's just some bad configuration and you've a scheduled reboot command lurking somewhere or if it's something malicious.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

How do I know if I had a scheduled reboot, and how do I know if they created an ssh key on my linode?

Scheduled reboot would be something like a cron or at job (have a google for cron job <your distribution>), and I wouldn't worry about checking if someone created a ssh key like I said if they gained root access you're stuffed you'll have to rebuild your server.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Thank you for your time! If someone (hopefully none) created an ssh via root, if I rebuild the OS does it mean it will gone?

Yep since the server will be wiped, however if someone did compromise your server you'll need to make sure they can't do it again following good practices, i.e. only use ssh keys for shell access, run external processes as restricted users i.e. php/python/ruby, configure iptables firewall, keep your software up to date etc

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Thank you so much for giving me your time. But regarding using ssh keys for shell access only, how can I do that? Does shell access means using a software like Putty?

Have a read of this for how to use ssh keys http://library.linode.com/security/ssh-keys

Once you have working ssh keys you'll want to edit

/etc/ssh/sshd_config

and set

PasswordAuthentication no

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

What does this log mean? It restarted again although I haven't rebuild the OS yet.

Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G      D     3.0.4-linode38 #1
Call Trace:
 [<c06bd3b6>] ? panic+0x57/0x13e
 [<c011f160>] ? mm_fault_error+0x130/0x130
 [<c010b7f6>] ? oops_end+0x96/0xa0
 [<c011ef7f>] ? bad_area_nosemaphore+0xf/0x20
 [<c011f3af>] ? do_page_fault+0x24f/0x3a0
 [<c04570c7>] ? cpumask_next_and+0x17/0x30
 [<c0130d18>] ? find_busiest_group+0x138/0xa40
 [<c018b7a4>] ? __alloc_pages_nodemask+0xf4/0x630
 [<c011f160>] ? mm_fault_error+0x130/0x130
 [<c06c0106>] ? error_code+0x5a/0x60
 [<c011f160>] ? mm_fault_error+0x130/0x130
 [<c05c02f0>] ? ipv4_dst_check+0x90/0x150
 [<c0536a88>] ? __sk_dst_check+0x38/0x60
 [<c05c7a91>] ? ip_queue_xmit+0x251/0x3d0
 [<c05daf25>] ? tcp_transmit_skb+0x385/0x670
 [<c05db379>] ? tcp_send_ack+0xb9/0x100
 [<c05deb11>] ? tcp_delack_timer+0x101/0x1d0
 [<c013fbb3>] ? run_timer_softirq+0xe3/0x1f0
 [<c0131c19>] ? rebalance_domains+0x79/0x140
 [<c05dea10>] ? tcp_keepalive_timer+0x230/0x230
 [<c0139cfc>] ? __do_softirq+0x7c/0x110
 [<c0139c80>] ? irq_enter+0x60/0x60
 <IRQ>  [<c0139ade>] ? irq_exit+0x6e/0xa0
 [<c047829d>] ? xen_evtchn_do_upcall+0x1d/0x30
 [<c06c0947>] ? xen_do_upcall+0x7/0xc
 [<c01013a7>] ? hypercall_page+0x3a7/0x1000
 [<c0105c7f>] ? xen_safe_halt+0xf/0x20
 [<c010f41e>] ? default_idle+0x2e/0x60
 [<c0107f72>] ? cpu_idle+0x42/0x70

Ironically that is a kernel panic, looks like one similar to what other people get with 3.0.4 see viewtopic.php?t=7805

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue