What evidence is there that someone with physical access to the server rebooted it?

There are many fewer people with physical access to that machine than remote access. 

021530d0b5

bitcoin

Multiple Linux Backdoors Discovered Targeting Bitcoin Core Developer -LukeDashJr

Suddenly everyone is an experienced sysadmin and Bitcoin expert...

Luke knows his stuff, and I'm sure if he was basically not known by the public his 200 BTC would still be there.

This was a specific attack against him. Yeah, his setup wasn't perfect, but it was by no means extremely sloppy:

> the attack was originating from direct physical access to his server