We have a dedicated server which seems to be hacked. Here is what the techs from the company where we host the server are saying:
We have received reports of malicious outbound traffic originating from your server. This indicates possible server compromise. You will need to audit your system to ensure all scripts are currently updated to the most current version.
168.9% of 50.0 kpps 41.12 Mbps
119.48 kpps 0:20
(Ongoing) Tue, Nov 24 2009, 08:37:15
At current it does not look like your server has been root comprised by a base scan from rkhunter. All results have been written to the logfile (/var/log/rkhunter.log)
It does look like there are several files in the /tmp file that look to have possibly been unload through a vulnerability in one of your programs. You will need to audit your sites and program setup to further diagnose these issues and prevent this type of issue.
What I need is to know what script to use or what to do so this can be stopped and doesnt happen again. Please provide all steps on how to stop this.
The host company can shut down the server if we dont get it resolved soon.