I received this ticket from softlayer's abuse department:
The following is a list of IP addresses on your network which we have good reason to believe may be compromised systems engaging in malicious activity. Please investigate and take appropriate action to stop any malicious activity you verify.
The following is a list of types of activity that may appear in this
BEAGLE BEAGLE3 BLASTER BOTNETS BOTS BRUTEFORCE
DAMEWARE DEFACEMENT DIPNET DNSBOTS MALWAREURL MYDOOM
NACHI PHATBOT PHISHING ROUTERS SCAN445 SCANNERS
SINIT SLAMMER SPAM SPYBOT TOXBOT
Open proxies and open mail relays may also appear in this report.
Open proxies are designated by a two-character identifier (s4, s5, wg, hc, ho, hu, or fu) followed by a colon and a TCP port number. Open mail relays are designated by the word "relay" followed by a colon and a TCP port number.
NOTE: IPs identified as hosting botnet controllers, phishing websites, or malware distribution sites (marked with BOTNETS, PHISHING, or MALWAREURL respectively) may be null routed by Global Crossing following a separately emailed notice. We will make every effort to avoid taking action which will impact legitimate services on your network, and we will now send notices of botnet controllers within one hour of their detection.
This report is sent every day. If you would prefer a weekly report, sent on Mondays, please contact us by replying to this email to request it. We would prefer, however, that you receive and act upon these reports daily.
Unless otherwise indicated, time stamps are in UTC (GMT).
They're telling you that you have a compromised server. Investigate it.
What you need to do is find the source.
If you do not know how to clean out your server(s) and find where this is happening from you might need to check into getting a server administration service.
I know that I have had this same problem, I contacted my administration company and he gave me proof that it was removed to send to the datacenter. I use www.cpadmin.net If you want to try them out it is $50.00/Month.