Hi Guys,

My server has been hacked and I dont know where to start. Im pretty newbish at the whole linux thing and have been learning as i go. The thing is the server is pretty valuable as the content on it I need running 24/7 as it is a webserver, shoutcast, ventrilo and etc.

Now as I said I dont really know where to start ill give you as much details to start with and any help would be very much appreciated.

First up I ran CHROOT Kit and it picked up this

I ran the chrootkit again and it picked up Checking `bindshell'... INFECTED (PORTS: 465)

But from what I read that is normal if you have plesk installed.

Now I ran TOP and it gave me this (HIGH CPU Load)
CPU states: cpu user nice system irq softirq iowait idle
total 81.0% 0.0% 18.9% 0.0% 0.0% 0.0% 0.0%

PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
3108 apache 18 0 3552 3548 1768 R 9.6 0.1 9:30 0 perl
3119 apache 17 0 3556 3552 2812 R 9.6 0.1 8:50 0 perl
4046 apache 17 0 3552 3308 1764 R 9.6 0.1 11:38 0 perl
5034 apache 17 0 3548 3156 1764 R 9.6 0.1 7:00 0 perl
5221 apache 18 0 3556 3168 1780 R 9.6 0.1 7:38 0 perl
5404 apache 17 0 3556 3184 2456 R 9.6 0.1 8:32 0 perl
6168 apache 17 0 3544 3096 1764 R 9.6 0.1 8:44 0 perl
8338 apache 17 0 3552 3160 1764 R 9.6 0.1 6:23 0 perl
8340 apache 17 0 3548 3152 1764 R 9.6 0.1 6:39 0 perl
6242 apache 17 0 3556 3212 2484 R 9.4 0.1 6:18 0 perl

So apache is going nuts.

Once again all help is appreciated and where do I go from here. As much detail as possible please.