hello - i received a nasty-gram about my server hacking from a German server that provided me with the following information (below). in order to understand the German stuff, i was forced to watch several episodes of “Hogans Heroes”.
The php5.cgi script is how PHP scripts are executed. That is running the PHP as CGI or FCGID.
That likely means that there is a malicious PHP script within your website that is being used to attack the other server.
My suggestion would be to review the PHP scripts within that domain to make sure you don’t see any that are abnormal.
I would also recommend making sure that any web apps you have installed are fully up to date, as older versions of web apps can contain security vulnerabilities.