you may have a vulnerable web application which can cause remote
command execution.
You should check all of your web applications that can cause such a
security problem.
You can check the /tmp directory whether any suspicious file listed
there. (especially hidden files)
also check your running processes.
also you should give much more detailed report about the suspicious
activity if exists.
Tomas Larsson wrote:
Doing a netstat on my server, I find a strange connection.
It's a crond-job with Apache as owner, and it seems to go to an
irc-server, called 193.110.95.1:ircd, "carouge.ch.eu.undernet.org", anyone
that knows what this is??
