server exploited / hacked ?

In my /tmp directory there's a subdir PSYBNC
It has owner/group rights of APACHE

There's a process running ./psybnc


How can i prevent such things happening and how can i find out who / which domain is affected.

Does anyone have a script to search apachelogfiles for keywords like psybnc .

Notice : OS RH9.0 and Plesk 7.5.2 so apachelogs are in different locations.(directories)

Thanks in advance

 

 

 

 

Top