You have two choices: you can figure out what happened and address it and work to clean up the mess that has been made (potentially including a reinstall and rolling in backups), or you can reinstall OS X and OS X Server (all of it) and (if you don't figure out what happened) get breached again.
Best case: isolated web server hackery, with no futher changes and no backdoors left behind.
Worst case: Anything on that disk is not trustworthy. Not until it's been verified. And if that system has access into your local network, the breach can be (was) extended to other systems in your network. (qv: DMZ)
Backdoors can be left in OS X files. Or in OS X Server files. In configuration data. Certainly in LDAP directory; that's an obvious spot. In web server files. OS X and OS X Server and a typical environment installs somewhere between a half-million and a million files, and a whole lot of those can be tweaked by a savvy attacker to do, um, unexpected things...
That UUID you're seeing is just the user's internal identification within OS X and OS X Server. It's merely a value that uniquely identifies that particular user. (With that UUID value generated for each user that's been created and with a new UUID for a deleted and recreated user, identifier collisions are extremely unlikely.) The UUID doesn't encode or hash or hide or mask or decrypt into anything; it's just a likely-very-unique serial number for the user.
You'll also want to get your backups sorted out. That's the easiest recovery path for these things; multiple copies of good backups, and preferably kept entirely separate from the server — a savvy attacker can insert the breach into the backups, after all. (For disaster recovery, preferably with some backups kept somewhere other than your local site, but that's another discussion.)
There's just no easy way to do this decontamination, either. Not unless you have a good and complete pre-breach backup, and can roll that in – well, after you figure out how the attacker got in, as the same attack will be repeated indefinitely.