It looks like your Linux machine has been compromised through the Apache service.
How do I fix it?
There is no simple fix, as you need to investigate your whole system for potential breach.
Here are some general suggestions:
- Upgrade Apache to its latest version (via
apt-get). - Upgrade all your packages (
sudo apt-get update). - Upgrade all your web CMS/frameworks which are in use (check for any known vulnerabilities).
- Scan your entire system for any existing vulnerabilities (e.g. malware scanners, antiviruses).
- Scan all your websites for any malwares and shellcode files.
If you're using PHP:
- If you're using shared-hosting, contact the hosting company.
- Check your system for any extra unexpected users (
/etc/users) or files (e.g. in/tmp). If you've confirmed the breach:
- Change all the exposed credentials (access keys, passwords, etc.).
- Save all the evidences in case you need them (IP addresses, logs, infected/malware files).
- After patching your systems, keep monitoring your logs for any further suspicious activity.
If you're not confident with above, contact the IT company which specialize in that.
See also:
