Have you had a look at what is listening on what ports on the server? Run netstat and see if there is anything you do not recognise.
n = Show numerical addresses instead of trying to determine symbolic host, port or user names
t = Show TCP connections
l = Show only listening sockets. (These are omitted by default.)
p = Show the PID and name of the program to which each socket belongs
u = Show UDP connections...
Are you running any control Panels? ie Plesk, cPanel etc
You can also run
and see what is running.. anything unusual or not recognised?
Let us know the output.