Is my web server being compromised? [duplicate]
Solution 1:
yes, you have been hacked. The hacker installed an IRC backdoor and you are connecting to this IRC server:
const int port = 1254;
const char channel[] = "#test";
const char password[]= "pass";
const char server[] = "heathen.cc";
The bot herder can execute any commands on your server. I recommend shutting down the server and reinstalling immediately. The bot has a few DDoS attack features, DNS flood, syn flood and ICMP flood. It also works on windows which is pretty cool. There is a really old spreading module to infect myDoom. This looks like some old malware.
Solution 2:
The answer is in any case yes, your server is being or has been compromised.
You should cut off the Internet connection to the server immediately, make a full backup (bear in mind other files may be compromised, too), and reinstall.
Also, you may want to notify the owners of the IP the bot net (or whatever this is) is run from. Here is the RIPE whois data.
Solution 3:
Never allow root login via SSH.