Survey Data to GIS database
Shutdown is preferable because it allows you to specify the reason for the drastic action -- something you should always do. The message will be recorded in the log(s) for posterity. For example:
shutdown -r now 'Kernel upgrade requires reboot'
You can also perform a scheduled reboot -- by specifying something other than now
as the reboot time:
shutdown -r 22:00 'Work around kernel memory leak'
Then your users will get periodic reminders to get out as the time approaches -- the process will be more orderly and professional.
The answer to the second question is yes, without any large cardinals assumptions.
Claim: if $2^{\aleph_0}$ is singular then every non-trivial $\sigma$-closed forcing of size $2^{\aleph_0}$ collapses the continuum.
The reason is that such forcing must add a new set of ordinals of size $\lambda < 2^{\aleph_0}$, $\tau$ (since the minimal $\lambda$ must be regular). I want to code $2^\omega$ into $\tau$.
If we choose $\lambda$ to be minimal, every initial segment of $\tau$ is in $V$. Now, we can define a function $F\in V$ from all possible initial segments of $\tau$ onto the reals, such that for every $p\in P$ and every $x\in 2^\omega$ there is $q\leq p$ and $\beta < \lambda$ such that $q\Vdash \tau \restriction \beta = \check{a}$ and $F(a)=x$:
Let $\langle (p_i, x_i) | i < 2^{\aleph_0}\rangle$ enumerate $P\times 2^\omega$. For every $\alpha < 2^{\aleph_0}$, we use the $\sigma$-closure of $P$ and the fact that $\tau \notin V$ in order to find $q \leq p_\alpha$ such that $q \neq p_i$ for every $i < \alpha$, $q\Vdash \tau \restriction \beta = \check{a}$ (for some $\beta$) and $F(a)$ is not determined yet, and set $F(a)=x_\alpha$:
Let $p = p_\alpha \in P$. We start by building a tree of $2^{<\omega}$ incompatible conditions $q_s,\, s\in 2^{<\omega}$ such that $q_\emptyset = p$ and for every $s\in 2^{<\omega}$, $q_{s\frown (0)}, q_{s\frown (1)} \leq q_s$, there is $\beta_s < \lambda$ in which $q_{s\frown (i)} \Vdash \tau \restriction \beta_s = a_{s\frown (i)}$ for $i\in\{0,1\}$, $a_{s\frown (0)} \neq a_{s \frown (1)}$. This is possible since $\tau \notin V$ but every initial segment of it is in $V$.
For every $f\in 2^\omega$, let $q_f \in P,\,\forall n\, q_f \leq q_{f\restriction n}$ (by the closure of $P$). Without loss of generality, $\forall f \in 2^\omega\,q_f\Vdash \tau \restriction \beta = \check{a_f}$, and for every $f\neq f^\prime$, $a_f \neq a_{f^\prime}$ (take $\beta = \sup_{s\in 2^{<\omega}} \beta_s$). Since we picked already only $|\alpha |<2^{\aleph_0}$ values, there must be some $f\in 2^\omega$ such that $F(a_f )$ is not determined.
By density arguments, in $V[G]$, $\{F(\tau \restriction \beta) | \beta < \lambda\} = (2^\omega)^V$.
If the hacker has managed to upload code to run, he probably has comprimised the server rather than the app. (this is just an initial hunch - he could have comprimised your server because of your app...)
Some basic pointers and things to do:
First off, change your passwords - All of them - Control panel, ftp users etc. Pick strong passwords that will be less vulnerable to dictionary / rainbow attacks. (use non alpha numeric characters, upper & lower case etc)
Check that no other users have been set up on the domain - if they have remove them immediately.
Pull all your code from the site and restore it from a fresh backup that you know is safe. Redeploy from your private source control if possible.
Ask your host to check that all security patches and updates have been deployed to your server.
Finally - time for a code review - need to check for SQL injections, XSS attacks, XSRF Attacks.