some unknown scripts

[Swapana Ghosh]

Hi 

     Our server is
Redhat8.0...Today i noticed.. few files/scripts under the following
directory.. Below i mentioned the path, please check under 'pwd'.
There is an executable "xinetd" is there and i found it is running 
in our server.. 

    Do you think our server has been compromised ?  I was checking
teh "mech.help" file which is here, it is seems it is some IRC
program... As per i know, none of us installed these programs, in
our server... moreover it is running with the userid "apache"....

    It will be really appreciated if someone gives me some pointer....

_____________________________________________________________________
[root at server man]# pwd
/var/spool/vbox/..     /.   /..  /man
[root at server man]# ls -laQ
total 212
drwxr-xr-x    3 apache   apache       4096 Apr 26 15:01 "."
drwxr-xr-x    3 apache   apache       4096 Apr 25 06:39 ".."
-rw-r--r--    1 apache   apache        942 Apr  6  2001 "checkmech"
-rw-r--r--    1 apache   apache      22935 Apr  6  2001 "mech.help"
-rw-------    1 root     root        16384 Apr 26 15:01 ".mech.help.swp"
-rw-r--r--    1 apache   apache       1011 Apr 26 12:00 "mech.levels"
-rw-------    1 apache   apache          6 Apr 25 06:39 "mech.pid"
-rw-r--r--    1 apache   apache        850 Apr 26 12:00 "mech.session"
-rw-r--r--    1 apache   apache       1486 Apr  4 03:32 "mech.set"
-rw-r--r--    1 apache   apache         81 Apr 26 12:00 "mh.users"
drwxr-xr-x    2 apache   apache       4096 Apr  6  2001 "randfiles"
-rwxr-xr-x    1 apache   apache     134924 Apr  6  2001 "xinetd"
[root at server man]#
____________________________________________________________________

Thanks
-Swapna


	
		
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash