some unknown scripts

[james@jamesmcdonald.id.au]

> Hi
>
>      Our server is
> Redhat8.0...Today i noticed.. few files/scripts under the following
> directory.. Below i mentioned the path, please check under 'pwd'.
> There is an executable "xinetd" is there and i found it is running
> in our server..
>
>     Do you think our server has been compromised ?  I was checking
> teh "mech.help" file which is here, it is seems it is some IRC
> program... As per i know, none of us installed these programs, in
> our server... moreover it is running with the userid "apache"....
>
do a rpm -qa | grep vbox and find out if you have that installed ...

if so do a rpm -qp <vbox package name.rpm> --list to see if xinetd should
be there.....

otherwise your hacked and need to do a rebuild and make sure you are using
iptables to locked down everything but the needed ports.